diff --git a/nodeup/pkg/model/BUILD.bazel b/nodeup/pkg/model/BUILD.bazel index b196db7ad9..5ec0e0cc0c 100644 --- a/nodeup/pkg/model/BUILD.bazel +++ b/nodeup/pkg/model/BUILD.bazel @@ -29,6 +29,7 @@ go_library( "ntp.go", "nvidia.go", "packages.go", + "prefix.go", "protokube.go", "secrets.go", "sysctls.go", diff --git a/nodeup/pkg/model/prefix.go b/nodeup/pkg/model/prefix.go new file mode 100644 index 0000000000..142d2664c2 --- /dev/null +++ b/nodeup/pkg/model/prefix.go @@ -0,0 +1,38 @@ +/* +Copyright 2021 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package model + +import ( + "k8s.io/kops/upup/pkg/fi" + "k8s.io/kops/upup/pkg/fi/nodeup/nodetasks" +) + +type PrefixBuilder struct { + *NodeupModelContext +} + +var _ fi.ModelBuilder = &PrefixBuilder{} + +func (b *PrefixBuilder) Build(c *fi.ModelBuilderContext) error { + if !b.Cluster.Spec.PodCIDRFromCloud { + return nil + } + c.AddTask(&nodetasks.Prefix{ + Name: "prefix", + }) + return nil +} diff --git a/pkg/model/iam/iam_builder.go b/pkg/model/iam/iam_builder.go index bb2b577232..8bdf5026d5 100644 --- a/pkg/model/iam/iam_builder.go +++ b/pkg/model/iam/iam_builder.go @@ -766,6 +766,8 @@ func addNodeupPermissions(p *Policy, enableHookSupport bool) { p.unconditionalAction.Insert( "ec2:DescribeInstances", // aws.go "ec2:DescribeInstanceTypes", + "ec2:DescribeNetworkInterfaces", + "ec2:AssignIpv6Addresses", ) } diff --git a/pkg/model/iam/tests/iam_builder_master_strict.json b/pkg/model/iam/tests/iam_builder_master_strict.json index 382db41631..825be92ffa 100644 --- a/pkg/model/iam/tests/iam_builder_master_strict.json +++ b/pkg/model/iam/tests/iam_builder_master_strict.json @@ -83,11 +83,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/pkg/model/iam/tests/iam_builder_master_strict_ecr.json b/pkg/model/iam/tests/iam_builder_master_strict_ecr.json index b11687c50c..694e3a4abe 100644 --- a/pkg/model/iam/tests/iam_builder_master_strict_ecr.json +++ b/pkg/model/iam/tests/iam_builder_master_strict_ecr.json @@ -83,11 +83,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/pkg/model/iam/tests/iam_builder_node_strict.json b/pkg/model/iam/tests/iam_builder_node_strict.json index e763f93ea7..1bd0328ece 100644 --- a/pkg/model/iam/tests/iam_builder_node_strict.json +++ b/pkg/model/iam/tests/iam_builder_node_strict.json @@ -29,8 +29,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/pkg/model/iam/tests/iam_builder_node_strict_ecr.json b/pkg/model/iam/tests/iam_builder_node_strict_ecr.json index 365959c27a..0483b0b398 100644 --- a/pkg/model/iam/tests/iam_builder_node_strict_ecr.json +++ b/pkg/model/iam/tests/iam_builder_node_strict_ecr.json @@ -29,8 +29,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ecr:BatchCheckLayerAvailability", "ecr:BatchGetImage", "ecr:DescribeRepositories", diff --git a/tests/integration/update_cluster/apiservernodes/cloudformation.json b/tests/integration/update_cluster/apiservernodes/cloudformation.json index 838f10459c..86fd3faf07 100644 --- a/tests/integration/update_cluster/apiservernodes/cloudformation.json +++ b/tests/integration/update_cluster/apiservernodes/cloudformation.json @@ -1192,8 +1192,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" @@ -1362,11 +1364,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", @@ -1490,8 +1494,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_masters.minimal.example.com_policy index 11dfd353ed..a5e2fbb5fc 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -115,10 +115,12 @@ "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_nodes.minimal.example.com_policy index a6509b76fc..ac6f8becbf 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_nodes.minimal.example.com_policy +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_nodes.minimal.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_masters.bastionuserdata.example.com_policy b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_masters.bastionuserdata.example.com_policy index f11de8e8b3..30f4827387 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_masters.bastionuserdata.example.com_policy +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_masters.bastionuserdata.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_nodes.bastionuserdata.example.com_policy b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_nodes.bastionuserdata.example.com_policy index cb7e6d27ad..1acab3045b 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_nodes.bastionuserdata.example.com_policy +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_nodes.bastionuserdata.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/complex/cloudformation.json b/tests/integration/update_cluster/complex/cloudformation.json index 383f409982..77c2b7c616 100644 --- a/tests/integration/update_cluster/complex/cloudformation.json +++ b/tests/integration/update_cluster/complex/cloudformation.json @@ -1725,11 +1725,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", @@ -1853,8 +1855,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/complex/data/aws_iam_role_policy_masters.complex.example.com_policy b/tests/integration/update_cluster/complex/data/aws_iam_role_policy_masters.complex.example.com_policy index 7318e749cd..210b024126 100644 --- a/tests/integration/update_cluster/complex/data/aws_iam_role_policy_masters.complex.example.com_policy +++ b/tests/integration/update_cluster/complex/data/aws_iam_role_policy_masters.complex.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/complex/data/aws_iam_role_policy_nodes.complex.example.com_policy b/tests/integration/update_cluster/complex/data/aws_iam_role_policy_nodes.complex.example.com_policy index a2bcc8de92..ef1c2148d2 100644 --- a/tests/integration/update_cluster/complex/data/aws_iam_role_policy_nodes.complex.example.com_policy +++ b/tests/integration/update_cluster/complex/data/aws_iam_role_policy_nodes.complex.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/compress/data/aws_iam_role_policy_masters.compress.example.com_policy b/tests/integration/update_cluster/compress/data/aws_iam_role_policy_masters.compress.example.com_policy index 79e0062f47..1d12239866 100644 --- a/tests/integration/update_cluster/compress/data/aws_iam_role_policy_masters.compress.example.com_policy +++ b/tests/integration/update_cluster/compress/data/aws_iam_role_policy_masters.compress.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/compress/data/aws_iam_role_policy_nodes.compress.example.com_policy b/tests/integration/update_cluster/compress/data/aws_iam_role_policy_nodes.compress.example.com_policy index d3fcb2dd44..d10bae8418 100644 --- a/tests/integration/update_cluster/compress/data/aws_iam_role_policy_nodes.compress.example.com_policy +++ b/tests/integration/update_cluster/compress/data/aws_iam_role_policy_nodes.compress.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/containerd-custom/cloudformation.json b/tests/integration/update_cluster/containerd-custom/cloudformation.json index 6a5aced189..e3e29be546 100644 --- a/tests/integration/update_cluster/containerd-custom/cloudformation.json +++ b/tests/integration/update_cluster/containerd-custom/cloudformation.json @@ -1097,11 +1097,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", @@ -1225,8 +1227,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/containerd/cloudformation.json b/tests/integration/update_cluster/containerd/cloudformation.json index 6a5aced189..e3e29be546 100644 --- a/tests/integration/update_cluster/containerd/cloudformation.json +++ b/tests/integration/update_cluster/containerd/cloudformation.json @@ -1097,11 +1097,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", @@ -1225,8 +1227,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/digit/data/aws_iam_role_policy_masters.123.example.com_policy b/tests/integration/update_cluster/digit/data/aws_iam_role_policy_masters.123.example.com_policy index cf1c14d88a..5c17735588 100644 --- a/tests/integration/update_cluster/digit/data/aws_iam_role_policy_masters.123.example.com_policy +++ b/tests/integration/update_cluster/digit/data/aws_iam_role_policy_masters.123.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/digit/data/aws_iam_role_policy_nodes.123.example.com_policy b/tests/integration/update_cluster/digit/data/aws_iam_role_policy_nodes.123.example.com_policy index 0295a854e1..b5eb4f670d 100644 --- a/tests/integration/update_cluster/digit/data/aws_iam_role_policy_nodes.123.example.com_policy +++ b/tests/integration/update_cluster/digit/data/aws_iam_role_policy_nodes.123.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/docker-custom/cloudformation.json b/tests/integration/update_cluster/docker-custom/cloudformation.json index dfd96c9156..27858418a3 100644 --- a/tests/integration/update_cluster/docker-custom/cloudformation.json +++ b/tests/integration/update_cluster/docker-custom/cloudformation.json @@ -1097,11 +1097,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", @@ -1225,8 +1227,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_masters.existingsg.example.com_policy b/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_masters.existingsg.example.com_policy index 1f17382238..aaba06a234 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_masters.existingsg.example.com_policy +++ b/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_masters.existingsg.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_nodes.existingsg.example.com_policy b/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_nodes.existingsg.example.com_policy index 1ca1b0364d..15e30833b0 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_nodes.existingsg.example.com_policy +++ b/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_nodes.existingsg.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/external_dns/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/external_dns/data/aws_iam_role_policy_masters.minimal.example.com_policy index e98684d489..779d90686c 100644 --- a/tests/integration/update_cluster/external_dns/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/external_dns/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/external_dns/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/external_dns/data/aws_iam_role_policy_nodes.minimal.example.com_policy index a6509b76fc..ac6f8becbf 100644 --- a/tests/integration/update_cluster/external_dns/data/aws_iam_role_policy_nodes.minimal.example.com_policy +++ b/tests/integration/update_cluster/external_dns/data/aws_iam_role_policy_nodes.minimal.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/external_dns_irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/external_dns_irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy index 11dfd353ed..a5e2fbb5fc 100644 --- a/tests/integration/update_cluster/external_dns_irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/external_dns_irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -115,10 +115,12 @@ "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/external_dns_irsa/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/external_dns_irsa/data/aws_iam_role_policy_nodes.minimal.example.com_policy index a6509b76fc..ac6f8becbf 100644 --- a/tests/integration/update_cluster/external_dns_irsa/data/aws_iam_role_policy_nodes.minimal.example.com_policy +++ b/tests/integration/update_cluster/external_dns_irsa/data/aws_iam_role_policy_nodes.minimal.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/externallb/cloudformation.json b/tests/integration/update_cluster/externallb/cloudformation.json index 4fe0a2a4fd..aa43ccb25b 100644 --- a/tests/integration/update_cluster/externallb/cloudformation.json +++ b/tests/integration/update_cluster/externallb/cloudformation.json @@ -1113,11 +1113,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", @@ -1241,8 +1243,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_masters.externallb.example.com_policy b/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_masters.externallb.example.com_policy index 13e2cd075a..7226aac6e0 100644 --- a/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_masters.externallb.example.com_policy +++ b/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_masters.externallb.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_nodes.externallb.example.com_policy b/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_nodes.externallb.example.com_policy index 9c50a7d481..1ef1e339f9 100644 --- a/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_nodes.externallb.example.com_policy +++ b/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_nodes.externallb.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_masters.externalpolicies.example.com_policy b/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_masters.externalpolicies.example.com_policy index 39efce2999..3f8a2875a1 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_masters.externalpolicies.example.com_policy +++ b/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_masters.externalpolicies.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_nodes.externalpolicies.example.com_policy b/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_nodes.externalpolicies.example.com_policy index 800f361577..25ae4f73a3 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_nodes.externalpolicies.example.com_policy +++ b/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_nodes.externalpolicies.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/ha/data/aws_iam_role_policy_masters.ha.example.com_policy b/tests/integration/update_cluster/ha/data/aws_iam_role_policy_masters.ha.example.com_policy index a0020c4fb8..7c721f53b1 100644 --- a/tests/integration/update_cluster/ha/data/aws_iam_role_policy_masters.ha.example.com_policy +++ b/tests/integration/update_cluster/ha/data/aws_iam_role_policy_masters.ha.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/ha/data/aws_iam_role_policy_nodes.ha.example.com_policy b/tests/integration/update_cluster/ha/data/aws_iam_role_policy_nodes.ha.example.com_policy index 0cbd8f3aba..b0a325f373 100644 --- a/tests/integration/update_cluster/ha/data/aws_iam_role_policy_nodes.ha.example.com_policy +++ b/tests/integration/update_cluster/ha/data/aws_iam_role_policy_nodes.ha.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/ipv6-cloudipam/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy b/tests/integration/update_cluster/ipv6-cloudipam/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy index fde387089c..081fe7cafb 100644 --- a/tests/integration/update_cluster/ipv6-cloudipam/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy +++ b/tests/integration/update_cluster/ipv6-cloudipam/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/ipv6-cloudipam/data/aws_iam_role_policy_nodes.minimal-ipv6.example.com_policy b/tests/integration/update_cluster/ipv6-cloudipam/data/aws_iam_role_policy_nodes.minimal-ipv6.example.com_policy index 7fe36a6c7c..4b1d3e9b54 100644 --- a/tests/integration/update_cluster/ipv6-cloudipam/data/aws_iam_role_policy_nodes.minimal-ipv6.example.com_policy +++ b/tests/integration/update_cluster/ipv6-cloudipam/data/aws_iam_role_policy_nodes.minimal-ipv6.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy index e98684d489..779d90686c 100644 --- a/tests/integration/update_cluster/irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/irsa/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/irsa/data/aws_iam_role_policy_nodes.minimal.example.com_policy index a6509b76fc..ac6f8becbf 100644 --- a/tests/integration/update_cluster/irsa/data/aws_iam_role_policy_nodes.minimal.example.com_policy +++ b/tests/integration/update_cluster/irsa/data/aws_iam_role_policy_nodes.minimal.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy index 487d37558b..48fffc745c 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -106,6 +106,7 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AttachNetworkInterface", "ec2:CreateNetworkInterface", diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_iam_role_policy_nodes.minimal.example.com_policy index 56e2219ac0..a8e286dba8 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_iam_role_policy_nodes.minimal.example.com_policy +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_iam_role_policy_nodes.minimal.example.com_policy @@ -36,6 +36,7 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AttachNetworkInterface", "ec2:CreateNetworkInterface", diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm/data/aws_iam_role_policy_masters.minimal.example.com_policy index d73cc4746c..451ab48165 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -173,6 +173,7 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AttachNetworkInterface", "ec2:CreateNetworkInterface", diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm/data/aws_iam_role_policy_nodes.minimal.example.com_policy index 56e2219ac0..a8e286dba8 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_iam_role_policy_nodes.minimal.example.com_policy +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_iam_role_policy_nodes.minimal.example.com_policy @@ -36,6 +36,7 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AttachNetworkInterface", "ec2:CreateNetworkInterface", diff --git a/tests/integration/update_cluster/many-addons/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/many-addons/data/aws_iam_role_policy_masters.minimal.example.com_policy index fd4e509ad0..d04525d144 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/many-addons/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -173,6 +173,7 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AttachNetworkInterface", "ec2:CreateNetworkInterface", diff --git a/tests/integration/update_cluster/many-addons/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/many-addons/data/aws_iam_role_policy_nodes.minimal.example.com_policy index 56e2219ac0..a8e286dba8 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_iam_role_policy_nodes.minimal.example.com_policy +++ b/tests/integration/update_cluster/many-addons/data/aws_iam_role_policy_nodes.minimal.example.com_policy @@ -36,6 +36,7 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AttachNetworkInterface", "ec2:CreateNetworkInterface", diff --git a/tests/integration/update_cluster/minimal-etcd/cloudformation.json b/tests/integration/update_cluster/minimal-etcd/cloudformation.json index b6baa9a979..7682084d3a 100644 --- a/tests/integration/update_cluster/minimal-etcd/cloudformation.json +++ b/tests/integration/update_cluster/minimal-etcd/cloudformation.json @@ -1097,11 +1097,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", @@ -1225,8 +1227,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/minimal-gp3/cloudformation.json b/tests/integration/update_cluster/minimal-gp3/cloudformation.json index 11a9c0c7b1..a6a9f08898 100644 --- a/tests/integration/update_cluster/minimal-gp3/cloudformation.json +++ b/tests/integration/update_cluster/minimal-gp3/cloudformation.json @@ -1093,11 +1093,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", @@ -1221,8 +1223,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_masters.minimal.example.com_policy index e98684d489..779d90686c 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_nodes.minimal.example.com_policy index a6509b76fc..ac6f8becbf 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_nodes.minimal.example.com_policy +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_nodes.minimal.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/minimal-ipv6/cloudformation.json b/tests/integration/update_cluster/minimal-ipv6/cloudformation.json index 03590c2ff5..da600f30f0 100644 --- a/tests/integration/update_cluster/minimal-ipv6/cloudformation.json +++ b/tests/integration/update_cluster/minimal-ipv6/cloudformation.json @@ -1274,11 +1274,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", @@ -1402,8 +1404,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/minimal-ipv6/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy b/tests/integration/update_cluster/minimal-ipv6/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy index fde387089c..081fe7cafb 100644 --- a/tests/integration/update_cluster/minimal-ipv6/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy +++ b/tests/integration/update_cluster/minimal-ipv6/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/minimal-ipv6/data/aws_iam_role_policy_nodes.minimal-ipv6.example.com_policy b/tests/integration/update_cluster/minimal-ipv6/data/aws_iam_role_policy_nodes.minimal-ipv6.example.com_policy index 7fe36a6c7c..4b1d3e9b54 100644 --- a/tests/integration/update_cluster/minimal-ipv6/data/aws_iam_role_policy_nodes.minimal-ipv6.example.com_policy +++ b/tests/integration/update_cluster/minimal-ipv6/data/aws_iam_role_policy_nodes.minimal-ipv6.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_masters.minimal-json.example.com_policy b/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_masters.minimal-json.example.com_policy index ad1bdf5579..3c5e5638b6 100644 --- a/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_masters.minimal-json.example.com_policy +++ b/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_masters.minimal-json.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_nodes.minimal-json.example.com_policy b/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_nodes.minimal-json.example.com_policy index 262c7e07a7..fa166ef2e0 100644 --- a/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_nodes.minimal-json.example.com_policy +++ b/tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_nodes.minimal-json.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_iam_role_policy_masters.minimal-warmpool.example.com_policy b/tests/integration/update_cluster/minimal-warmpool/data/aws_iam_role_policy_masters.minimal-warmpool.example.com_policy index e5a991cc42..005ed41202 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_iam_role_policy_masters.minimal-warmpool.example.com_policy +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_iam_role_policy_masters.minimal-warmpool.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_iam_role_policy_nodes.minimal-warmpool.example.com_policy b/tests/integration/update_cluster/minimal-warmpool/data/aws_iam_role_policy_nodes.minimal-warmpool.example.com_policy index a55e916d05..292c1d10da 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_iam_role_policy_nodes.minimal-warmpool.example.com_policy +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_iam_role_policy_nodes.minimal-warmpool.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/minimal/cloudformation.json b/tests/integration/update_cluster/minimal/cloudformation.json index 4128d3890a..c998307586 100644 --- a/tests/integration/update_cluster/minimal/cloudformation.json +++ b/tests/integration/update_cluster/minimal/cloudformation.json @@ -1097,11 +1097,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", @@ -1225,8 +1227,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/minimal/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal/data/aws_iam_role_policy_masters.minimal.example.com_policy index e98684d489..779d90686c 100644 --- a/tests/integration/update_cluster/minimal/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/minimal/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/minimal/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/minimal/data/aws_iam_role_policy_nodes.minimal.example.com_policy index a6509b76fc..ac6f8becbf 100644 --- a/tests/integration/update_cluster/minimal/data/aws_iam_role_policy_nodes.minimal.example.com_policy +++ b/tests/integration/update_cluster/minimal/data/aws_iam_role_policy_nodes.minimal.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/minimal_gossip/data/aws_iam_role_policy_masters.minimal.k8s.local_policy b/tests/integration/update_cluster/minimal_gossip/data/aws_iam_role_policy_masters.minimal.k8s.local_policy index bce1e4d82d..2359fc8bfc 100644 --- a/tests/integration/update_cluster/minimal_gossip/data/aws_iam_role_policy_masters.minimal.k8s.local_policy +++ b/tests/integration/update_cluster/minimal_gossip/data/aws_iam_role_policy_masters.minimal.k8s.local_policy @@ -115,11 +115,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/minimal_gossip/data/aws_iam_role_policy_nodes.minimal.k8s.local_policy b/tests/integration/update_cluster/minimal_gossip/data/aws_iam_role_policy_nodes.minimal.k8s.local_policy index 066d59c3b1..f01419a531 100644 --- a/tests/integration/update_cluster/minimal_gossip/data/aws_iam_role_policy_nodes.minimal.k8s.local_policy +++ b/tests/integration/update_cluster/minimal_gossip/data/aws_iam_role_policy_nodes.minimal.k8s.local_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/mixed_instances/cloudformation.json b/tests/integration/update_cluster/mixed_instances/cloudformation.json index 370bdcbee9..ba580cc990 100644 --- a/tests/integration/update_cluster/mixed_instances/cloudformation.json +++ b/tests/integration/update_cluster/mixed_instances/cloudformation.json @@ -1816,11 +1816,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", @@ -1944,8 +1946,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy b/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy index afd12e1306..4fac3cbdaa 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy +++ b/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_nodes.mixedinstances.example.com_policy b/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_nodes.mixedinstances.example.com_policy index 9d3f5d298c..fa3805a500 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_nodes.mixedinstances.example.com_policy +++ b/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_nodes.mixedinstances.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json b/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json index 05cb4fe0bc..80de9bb0d9 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json +++ b/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json @@ -1817,11 +1817,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", @@ -1945,8 +1947,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy b/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy index afd12e1306..4fac3cbdaa 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_nodes.mixedinstances.example.com_policy b/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_nodes.mixedinstances.example.com_policy index 9d3f5d298c..fa3805a500 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_nodes.mixedinstances.example.com_policy +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_nodes.mixedinstances.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/nth_sqs_resources/cloudformation.json b/tests/integration/update_cluster/nth_sqs_resources/cloudformation.json index f4fcc1fece..42b88904f2 100644 --- a/tests/integration/update_cluster/nth_sqs_resources/cloudformation.json +++ b/tests/integration/update_cluster/nth_sqs_resources/cloudformation.json @@ -1227,11 +1227,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", @@ -1358,8 +1360,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/nth_sqs_resources/data/aws_iam_role_policy_masters.nthsqsresources.example.com_policy b/tests/integration/update_cluster/nth_sqs_resources/data/aws_iam_role_policy_masters.nthsqsresources.example.com_policy index fa4a2d6227..20ac443967 100644 --- a/tests/integration/update_cluster/nth_sqs_resources/data/aws_iam_role_policy_masters.nthsqsresources.example.com_policy +++ b/tests/integration/update_cluster/nth_sqs_resources/data/aws_iam_role_policy_masters.nthsqsresources.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/nth_sqs_resources/data/aws_iam_role_policy_nodes.nthsqsresources.example.com_policy b/tests/integration/update_cluster/nth_sqs_resources/data/aws_iam_role_policy_nodes.nthsqsresources.example.com_policy index 78781c8221..9f03542a32 100644 --- a/tests/integration/update_cluster/nth_sqs_resources/data/aws_iam_role_policy_nodes.nthsqsresources.example.com_policy +++ b/tests/integration/update_cluster/nth_sqs_resources/data/aws_iam_role_policy_nodes.nthsqsresources.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/nvidia/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/nvidia/data/aws_iam_role_policy_masters.minimal.example.com_policy index e98684d489..779d90686c 100644 --- a/tests/integration/update_cluster/nvidia/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/nvidia/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/nvidia/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/nvidia/data/aws_iam_role_policy_nodes.minimal.example.com_policy index a6509b76fc..ac6f8becbf 100644 --- a/tests/integration/update_cluster/nvidia/data/aws_iam_role_policy_nodes.minimal.example.com_policy +++ b/tests/integration/update_cluster/nvidia/data/aws_iam_role_policy_nodes.minimal.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/private-shared-ip/cloudformation.json b/tests/integration/update_cluster/private-shared-ip/cloudformation.json index 670c2c1790..f54db79b1b 100644 --- a/tests/integration/update_cluster/private-shared-ip/cloudformation.json +++ b/tests/integration/update_cluster/private-shared-ip/cloudformation.json @@ -1613,11 +1613,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", @@ -1741,8 +1743,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_masters.private-shared-ip.example.com_policy b/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_masters.private-shared-ip.example.com_policy index 601970be1b..58bd17f881 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_masters.private-shared-ip.example.com_policy +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_masters.private-shared-ip.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_nodes.private-shared-ip.example.com_policy b/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_nodes.private-shared-ip.example.com_policy index 3cb0bba753..2b6a91db27 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_nodes.private-shared-ip.example.com_policy +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_nodes.private-shared-ip.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_masters.private-shared-subnet.example.com_policy b/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_masters.private-shared-subnet.example.com_policy index f067205f17..d70a59584e 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_masters.private-shared-subnet.example.com_policy +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_masters.private-shared-subnet.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_nodes.private-shared-subnet.example.com_policy b/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_nodes.private-shared-subnet.example.com_policy index a3e8eedaa8..8c79d3b3bc 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_nodes.private-shared-subnet.example.com_policy +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_nodes.private-shared-subnet.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/privatecalico/cloudformation.json b/tests/integration/update_cluster/privatecalico/cloudformation.json index 39c942386e..1d48d3ab05 100644 --- a/tests/integration/update_cluster/privatecalico/cloudformation.json +++ b/tests/integration/update_cluster/privatecalico/cloudformation.json @@ -1769,11 +1769,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", @@ -1898,8 +1900,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:ModifyNetworkInterfaceAttribute", "iam:GetServerCertificate", "iam:ListServerCertificates", diff --git a/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy b/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy index 2882e71933..4ace58088a 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy +++ b/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_nodes.privatecalico.example.com_policy b/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_nodes.privatecalico.example.com_policy index 5a781a4566..fab8f93952 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_nodes.privatecalico.example.com_policy +++ b/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_nodes.privatecalico.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:ModifyNetworkInterfaceAttribute", "iam:GetServerCertificate", "iam:ListServerCertificates", diff --git a/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_masters.privatecanal.example.com_policy b/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_masters.privatecanal.example.com_policy index 3612181320..79365911a3 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_masters.privatecanal.example.com_policy +++ b/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_masters.privatecanal.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_nodes.privatecanal.example.com_policy b/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_nodes.privatecanal.example.com_policy index 53d94770e1..32133cbb73 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_nodes.privatecanal.example.com_policy +++ b/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_nodes.privatecanal.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/privatecilium/cloudformation.json b/tests/integration/update_cluster/privatecilium/cloudformation.json index 99183f8610..cf06f83ae5 100644 --- a/tests/integration/update_cluster/privatecilium/cloudformation.json +++ b/tests/integration/update_cluster/privatecilium/cloudformation.json @@ -1755,11 +1755,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", @@ -1883,8 +1885,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_masters.privatecilium.example.com_policy b/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_masters.privatecilium.example.com_policy index ed331f635c..6cbb155939 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_masters.privatecilium.example.com_policy +++ b/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_masters.privatecilium.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_nodes.privatecilium.example.com_policy b/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_nodes.privatecilium.example.com_policy index 3a7da19f68..723ffa0e3a 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_nodes.privatecilium.example.com_policy +++ b/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_nodes.privatecilium.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/privatecilium2/cloudformation.json b/tests/integration/update_cluster/privatecilium2/cloudformation.json index b80649eb79..fc9bd77d30 100644 --- a/tests/integration/update_cluster/privatecilium2/cloudformation.json +++ b/tests/integration/update_cluster/privatecilium2/cloudformation.json @@ -1755,11 +1755,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", @@ -1885,8 +1887,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_masters.privatecilium.example.com_policy b/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_masters.privatecilium.example.com_policy index ed331f635c..6cbb155939 100644 --- a/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_masters.privatecilium.example.com_policy +++ b/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_masters.privatecilium.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_nodes.privatecilium.example.com_policy b/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_nodes.privatecilium.example.com_policy index 90edfb0e3f..bda1faeab8 100644 --- a/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_nodes.privatecilium.example.com_policy +++ b/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_nodes.privatecilium.example.com_policy @@ -29,8 +29,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json b/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json index ad8d78930a..701a11aba3 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json +++ b/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json @@ -1798,6 +1798,7 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AttachNetworkInterface", "ec2:CreateNetworkInterface", @@ -1935,8 +1936,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_masters.privateciliumadvanced.example.com_policy b/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_masters.privateciliumadvanced.example.com_policy index 562c467a06..5dd4f7cc5d 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_masters.privateciliumadvanced.example.com_policy +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_masters.privateciliumadvanced.example.com_policy @@ -155,6 +155,7 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:AssignPrivateIpAddresses", "ec2:AttachNetworkInterface", "ec2:CreateNetworkInterface", diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_nodes.privateciliumadvanced.example.com_policy b/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_nodes.privateciliumadvanced.example.com_policy index bc610dc68c..c481be1482 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_nodes.privateciliumadvanced.example.com_policy +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_nodes.privateciliumadvanced.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_masters.privatedns1.example.com_policy b/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_masters.privatedns1.example.com_policy index 38858a4efa..81220ebbd8 100644 --- a/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_masters.privatedns1.example.com_policy +++ b/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_masters.privatedns1.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_nodes.privatedns1.example.com_policy b/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_nodes.privatedns1.example.com_policy index 03f31f66cc..46e8d95231 100644 --- a/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_nodes.privatedns1.example.com_policy +++ b/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_nodes.privatedns1.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_masters.privatedns2.example.com_policy b/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_masters.privatedns2.example.com_policy index 4b0e196ccd..019070070d 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_masters.privatedns2.example.com_policy +++ b/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_masters.privatedns2.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_nodes.privatedns2.example.com_policy b/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_nodes.privatedns2.example.com_policy index bc6c6649e4..3586f3f32e 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_nodes.privatedns2.example.com_policy +++ b/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_nodes.privatedns2.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_masters.privateflannel.example.com_policy b/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_masters.privateflannel.example.com_policy index d494209677..e786c57018 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_masters.privateflannel.example.com_policy +++ b/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_masters.privateflannel.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_nodes.privateflannel.example.com_policy b/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_nodes.privateflannel.example.com_policy index 32cf20752f..14b404a7ed 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_nodes.privateflannel.example.com_policy +++ b/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_nodes.privateflannel.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_masters.privatekopeio.example.com_policy b/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_masters.privatekopeio.example.com_policy index 1e490d5900..af28d59cbb 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_masters.privatekopeio.example.com_policy +++ b/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_masters.privatekopeio.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_nodes.privatekopeio.example.com_policy b/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_nodes.privatekopeio.example.com_policy index ce605e0a19..230c0d99be 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_nodes.privatekopeio.example.com_policy +++ b/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_nodes.privatekopeio.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_masters.privateweave.example.com_policy b/tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_masters.privateweave.example.com_policy index 6d5b8e9eba..c0f8a05326 100644 --- a/tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_masters.privateweave.example.com_policy +++ b/tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_masters.privateweave.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_nodes.privateweave.example.com_policy b/tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_nodes.privateweave.example.com_policy index fae6b8f7fc..3e6d7d2d6c 100644 --- a/tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_nodes.privateweave.example.com_policy +++ b/tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_nodes.privateweave.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/public-jwks-apiserver/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/public-jwks-apiserver/data/aws_iam_role_policy_masters.minimal.example.com_policy index 11dfd353ed..a5e2fbb5fc 100644 --- a/tests/integration/update_cluster/public-jwks-apiserver/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/public-jwks-apiserver/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -115,10 +115,12 @@ "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/public-jwks-apiserver/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/public-jwks-apiserver/data/aws_iam_role_policy_nodes.minimal.example.com_policy index a6509b76fc..ac6f8becbf 100644 --- a/tests/integration/update_cluster/public-jwks-apiserver/data/aws_iam_role_policy_nodes.minimal.example.com_policy +++ b/tests/integration/update_cluster/public-jwks-apiserver/data/aws_iam_role_policy_nodes.minimal.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_masters.sharedsubnet.example.com_policy b/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_masters.sharedsubnet.example.com_policy index 4a80365910..ebda1db0f6 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_masters.sharedsubnet.example.com_policy +++ b/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_masters.sharedsubnet.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_nodes.sharedsubnet.example.com_policy b/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_nodes.sharedsubnet.example.com_policy index ab35926f34..95b26dec29 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_nodes.sharedsubnet.example.com_policy +++ b/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_nodes.sharedsubnet.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_masters.sharedvpc.example.com_policy b/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_masters.sharedvpc.example.com_policy index 07b25edb21..691b679524 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_masters.sharedvpc.example.com_policy +++ b/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_masters.sharedvpc.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_nodes.sharedvpc.example.com_policy b/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_nodes.sharedvpc.example.com_policy index 9e9c4b9271..4ccf8b5bdb 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_nodes.sharedvpc.example.com_policy +++ b/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_nodes.sharedvpc.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_masters.unmanaged.example.com_policy b/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_masters.unmanaged.example.com_policy index d87c0c9624..b458471af6 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_masters.unmanaged.example.com_policy +++ b/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_masters.unmanaged.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_nodes.unmanaged.example.com_policy b/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_nodes.unmanaged.example.com_policy index 7621c4cfa2..b85a3677b1 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_nodes.unmanaged.example.com_policy +++ b/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_nodes.unmanaged.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/tests/integration/update_cluster/vfs-said/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/vfs-said/data/aws_iam_role_policy_masters.minimal.example.com_policy index e98684d489..779d90686c 100644 --- a/tests/integration/update_cluster/vfs-said/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/vfs-said/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -145,11 +145,13 @@ "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", + "ec2:AssignIpv6Addresses", "ec2:CreateSecurityGroup", "ec2:CreateTags", "ec2:DescribeAccountAttributes", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "ec2:DescribeRegions", "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", diff --git a/tests/integration/update_cluster/vfs-said/data/aws_iam_role_policy_nodes.minimal.example.com_policy b/tests/integration/update_cluster/vfs-said/data/aws_iam_role_policy_nodes.minimal.example.com_policy index a6509b76fc..ac6f8becbf 100644 --- a/tests/integration/update_cluster/vfs-said/data/aws_iam_role_policy_nodes.minimal.example.com_policy +++ b/tests/integration/update_cluster/vfs-said/data/aws_iam_role_policy_nodes.minimal.example.com_policy @@ -27,8 +27,10 @@ { "Action": [ "autoscaling:DescribeAutoScalingInstances", + "ec2:AssignIpv6Addresses", "ec2:DescribeInstanceTypes", "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", "iam:GetServerCertificate", "iam:ListServerCertificates", "kms:GenerateRandom" diff --git a/upup/pkg/fi/nodeup/command.go b/upup/pkg/fi/nodeup/command.go index 9984c288e6..4d5f16003e 100644 --- a/upup/pkg/fi/nodeup/command.go +++ b/upup/pkg/fi/nodeup/command.go @@ -326,6 +326,7 @@ func (c *NodeUpCommand) Run(out io.Writer) error { loader.Builders = append(loader.Builders, &model.KubeProxyBuilder{NodeupModelContext: modelContext}) loader.Builders = append(loader.Builders, &model.KopsControllerBuilder{NodeupModelContext: modelContext}) loader.Builders = append(loader.Builders, &model.WarmPoolBuilder{NodeupModelContext: modelContext}) + loader.Builders = append(loader.Builders, &model.PrefixBuilder{NodeupModelContext: modelContext}) loader.Builders = append(loader.Builders, &networking.CommonBuilder{NodeupModelContext: modelContext}) loader.Builders = append(loader.Builders, &networking.CalicoBuilder{NodeupModelContext: modelContext}) @@ -353,7 +354,10 @@ func (c *NodeUpCommand) Run(out io.Writer) error { switch c.Target { case "direct": target = &local.LocalTarget{ - CacheDir: c.CacheDir, + CacheDir: c.CacheDir, + Cloud: cloud, + InstanceID: modelContext.InstanceID, + Cluster: c.cluster, } case "dryrun": assetBuilder := assets.NewAssetBuilder(c.cluster, false) diff --git a/upup/pkg/fi/nodeup/local/BUILD.bazel b/upup/pkg/fi/nodeup/local/BUILD.bazel index 00eef0dcff..bde68b183a 100644 --- a/upup/pkg/fi/nodeup/local/BUILD.bazel +++ b/upup/pkg/fi/nodeup/local/BUILD.bazel @@ -5,5 +5,8 @@ go_library( srcs = ["local_target.go"], importpath = "k8s.io/kops/upup/pkg/fi/nodeup/local", visibility = ["//visibility:public"], - deps = ["//upup/pkg/fi:go_default_library"], + deps = [ + "//pkg/apis/kops:go_default_library", + "//upup/pkg/fi:go_default_library", + ], ) diff --git a/upup/pkg/fi/nodeup/local/local_target.go b/upup/pkg/fi/nodeup/local/local_target.go index 6b9555cf73..d7a13d84c4 100644 --- a/upup/pkg/fi/nodeup/local/local_target.go +++ b/upup/pkg/fi/nodeup/local/local_target.go @@ -19,11 +19,15 @@ package local import ( "os/exec" + "k8s.io/kops/pkg/apis/kops" "k8s.io/kops/upup/pkg/fi" ) type LocalTarget struct { - CacheDir string + CacheDir string + Cloud fi.Cloud + InstanceID string + Cluster *kops.Cluster } var _ fi.Target = &LocalTarget{} diff --git a/upup/pkg/fi/nodeup/nodetasks/BUILD.bazel b/upup/pkg/fi/nodeup/nodetasks/BUILD.bazel index c933827e4c..216f5da658 100644 --- a/upup/pkg/fi/nodeup/nodetasks/BUILD.bazel +++ b/upup/pkg/fi/nodeup/nodetasks/BUILD.bazel @@ -15,6 +15,7 @@ go_library( "kubeconfig.go", "load_image.go", "package.go", + "prefix.go", "pull_image.go", "service.go", "update_packages.go", @@ -30,11 +31,13 @@ go_library( "//pkg/pki:go_default_library", "//upup/pkg/fi:go_default_library", "//upup/pkg/fi/cloudup:go_default_library", + "//upup/pkg/fi/cloudup/awsup:go_default_library", "//upup/pkg/fi/nodeup/cloudinit:go_default_library", "//upup/pkg/fi/nodeup/local:go_default_library", "//upup/pkg/fi/utils:go_default_library", "//util/pkg/distributions:go_default_library", "//util/pkg/hashing:go_default_library", + "//vendor/github.com/aws/aws-sdk-go/service/ec2:go_default_library", "//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library", "//vendor/k8s.io/klog/v2:go_default_library", ], diff --git a/upup/pkg/fi/nodeup/nodetasks/prefix.go b/upup/pkg/fi/nodeup/nodetasks/prefix.go new file mode 100644 index 0000000000..1ab054b1a0 --- /dev/null +++ b/upup/pkg/fi/nodeup/nodetasks/prefix.go @@ -0,0 +1,83 @@ +/* +Copyright 2021 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package nodetasks + +import ( + "fmt" + + "github.com/aws/aws-sdk-go/service/ec2" + "k8s.io/kops/upup/pkg/fi" + "k8s.io/kops/upup/pkg/fi/cloudup/awsup" + "k8s.io/kops/upup/pkg/fi/nodeup/local" +) + +type Prefix struct { + Name string +} + +var _ fi.HasName = &Prefix{} + +func (f *Prefix) GetName() *string { + return &f.Name +} + +// String returns a string representation, implementing the Stringer interface +func (p *Prefix) String() string { + return fmt.Sprintf("Prefix: %s", p.Name) +} + +func (e *Prefix) Find(c *fi.Context) (*Prefix, error) { + return nil, nil +} +func (e *Prefix) Run(c *fi.Context) error { + return fi.DefaultDeltaRunMethod(e, c) +} + +func (_ *Prefix) CheckChanges(a, e, changes *Prefix) error { + return nil +} + +func (_ *Prefix) RenderLocal(t *local.LocalTarget, a, e, changes *Prefix) error { + + awsCloud := t.Cloud.(awsup.AWSCloud) + + netifs, err := awsCloud.EC2().DescribeNetworkInterfaces(&ec2.DescribeNetworkInterfacesInput{ + Filters: []*ec2.Filter{ + { + Name: fi.String("attachment.instance-id"), + Values: []*string{ + &t.InstanceID, + }, + }, + }, + }) + if err != nil { + return fmt.Errorf("failed to get interface: %w", err) + } + + netif := netifs.NetworkInterfaces[0] + + _, err = awsCloud.EC2().AssignIpv6Addresses(&ec2.AssignIpv6AddressesInput{ + Ipv6PrefixCount: fi.Int64(1), + NetworkInterfaceId: netif.NetworkInterfaceId, + }) + if err != nil { + return fmt.Errorf("failed to assign ip address: %w", err) + } + + return nil +} diff --git a/upup/pkg/fi/nodeup/nodetasks/service.go b/upup/pkg/fi/nodeup/nodetasks/service.go index f02770bb4e..3b3d689284 100644 --- a/upup/pkg/fi/nodeup/nodetasks/service.go +++ b/upup/pkg/fi/nodeup/nodetasks/service.go @@ -73,7 +73,7 @@ func (p *Service) GetDependencies(tasks map[string]fi.Task) []fi.Task { // launching a custom Kubernetes build), they all depend on // the "docker.service" Service task. switch v := v.(type) { - case *Package, *UpdatePackages, *UserTask, *GroupTask, *Chattr, *BindMount, *Archive: + case *Package, *UpdatePackages, *UserTask, *GroupTask, *Chattr, *BindMount, *Archive, *Prefix: deps = append(deps, v) case *Service, *LoadImageTask, *PullImageTask, *IssueCert, *BootstrapClientTask, *KubeConfig: // ignore