diff --git a/tests/integration/update_cluster/additionalobjects/data/aws_iam_role_policy_masters.additionalobjects.example.com_policy b/tests/integration/update_cluster/additionalobjects/data/aws_iam_role_policy_masters.additionalobjects.example.com_policy index 2e696b33d1..712d6efc2e 100644 --- a/tests/integration/update_cluster/additionalobjects/data/aws_iam_role_policy_masters.additionalobjects.example.com_policy +++ b/tests/integration/update_cluster/additionalobjects/data/aws_iam_role_policy_masters.additionalobjects.example.com_policy @@ -198,8 +198,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/apiservernodes/data/aws_iam_role_policy_apiservers.minimal.example.com_policy b/tests/integration/update_cluster/apiservernodes/data/aws_iam_role_policy_apiservers.minimal.example.com_policy index 15d271c055..32fcf4364b 100644 --- a/tests/integration/update_cluster/apiservernodes/data/aws_iam_role_policy_apiservers.minimal.example.com_policy +++ b/tests/integration/update_cluster/apiservernodes/data/aws_iam_role_policy_apiservers.minimal.example.com_policy @@ -27,7 +27,13 @@ "ec2:DescribeRegions", "iam:GetServerCertificate", "iam:ListServerCertificates", - "kms:GenerateRandom" + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:GenerateRandom", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/apiservernodes/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/apiservernodes/data/aws_iam_role_policy_masters.minimal.example.com_policy index 0f08d3e513..e5df29987d 100644 --- a/tests/integration/update_cluster/apiservernodes/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/apiservernodes/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy index bf357c57d8..8e56f264a5 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy @@ -42,7 +42,13 @@ "ec2:DescribeInstances", "ec2:DescribeTags", "ec2:DescribeVolumes", - "ec2:DescribeVolumesModifications" + "ec2:DescribeVolumesModifications", + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_masters.minimal.example.com_policy index 1c48ca7b58..a43ed7ee51 100644 --- a/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -103,7 +103,13 @@ "ec2:DescribeVolumes", "iam:GetServerCertificate", "iam:ListServerCertificates", - "kms:GenerateRandom" + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:GenerateRandom", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_masters.bastionuserdata.example.com_policy b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_masters.bastionuserdata.example.com_policy index d9cbd5bd78..5f9d727cbc 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_masters.bastionuserdata.example.com_policy +++ b/tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_masters.bastionuserdata.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_iam_role_policy_masters.cas-priority-expander-custom.example.com_policy b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_iam_role_policy_masters.cas-priority-expander-custom.example.com_policy index 975b89b2a6..b74e888f9b 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_iam_role_policy_masters.cas-priority-expander-custom.example.com_policy +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander-custom/data/aws_iam_role_policy_masters.cas-priority-expander-custom.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_iam_role_policy_masters.cas-priority-expander.example.com_policy b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_iam_role_policy_masters.cas-priority-expander.example.com_policy index ee4a6d4064..f32b71ed7b 100644 --- a/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_iam_role_policy_masters.cas-priority-expander.example.com_policy +++ b/tests/integration/update_cluster/cluster-autoscaler-priority-expander/data/aws_iam_role_policy_masters.cas-priority-expander.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/complex/data/aws_iam_role_policy_masters.complex.example.com_policy b/tests/integration/update_cluster/complex/data/aws_iam_role_policy_masters.complex.example.com_policy index ff4ebb140c..c45dcc957c 100644 --- a/tests/integration/update_cluster/complex/data/aws_iam_role_policy_masters.complex.example.com_policy +++ b/tests/integration/update_cluster/complex/data/aws_iam_role_policy_masters.complex.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/compress/data/aws_iam_role_policy_masters.compress.example.com_policy b/tests/integration/update_cluster/compress/data/aws_iam_role_policy_masters.compress.example.com_policy index a9c8631b49..1987dd0477 100644 --- a/tests/integration/update_cluster/compress/data/aws_iam_role_policy_masters.compress.example.com_policy +++ b/tests/integration/update_cluster/compress/data/aws_iam_role_policy_masters.compress.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/containerd-custom/data/aws_iam_role_policy_masters.containerd.example.com_policy b/tests/integration/update_cluster/containerd-custom/data/aws_iam_role_policy_masters.containerd.example.com_policy index c7543f55d0..d4f5c3e31f 100644 --- a/tests/integration/update_cluster/containerd-custom/data/aws_iam_role_policy_masters.containerd.example.com_policy +++ b/tests/integration/update_cluster/containerd-custom/data/aws_iam_role_policy_masters.containerd.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/containerd/data/aws_iam_role_policy_masters.containerd.example.com_policy b/tests/integration/update_cluster/containerd/data/aws_iam_role_policy_masters.containerd.example.com_policy index c7543f55d0..d4f5c3e31f 100644 --- a/tests/integration/update_cluster/containerd/data/aws_iam_role_policy_masters.containerd.example.com_policy +++ b/tests/integration/update_cluster/containerd/data/aws_iam_role_policy_masters.containerd.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/digit/data/aws_iam_role_policy_masters.123.example.com_policy b/tests/integration/update_cluster/digit/data/aws_iam_role_policy_masters.123.example.com_policy index 6a859b7f07..0b34fdc86f 100644 --- a/tests/integration/update_cluster/digit/data/aws_iam_role_policy_masters.123.example.com_policy +++ b/tests/integration/update_cluster/digit/data/aws_iam_role_policy_masters.123.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_masters.existingsg.example.com_policy b/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_masters.existingsg.example.com_policy index 4277915eab..08fe00e065 100644 --- a/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_masters.existingsg.example.com_policy +++ b/tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_masters.existingsg.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/external_dns/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/external_dns/data/aws_iam_role_policy_masters.minimal.example.com_policy index 0f08d3e513..e5df29987d 100644 --- a/tests/integration/update_cluster/external_dns/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/external_dns/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/external_dns_irsa/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/external_dns_irsa/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy index bf357c57d8..8e56f264a5 100644 --- a/tests/integration/update_cluster/external_dns_irsa/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy +++ b/tests/integration/update_cluster/external_dns_irsa/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy @@ -42,7 +42,13 @@ "ec2:DescribeInstances", "ec2:DescribeTags", "ec2:DescribeVolumes", - "ec2:DescribeVolumesModifications" + "ec2:DescribeVolumesModifications", + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/external_dns_irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/external_dns_irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy index 1c48ca7b58..a43ed7ee51 100644 --- a/tests/integration/update_cluster/external_dns_irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/external_dns_irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -103,7 +103,13 @@ "ec2:DescribeVolumes", "iam:GetServerCertificate", "iam:ListServerCertificates", - "kms:GenerateRandom" + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:GenerateRandom", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_masters.externallb.example.com_policy b/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_masters.externallb.example.com_policy index 1d2846b766..34d0d3808e 100644 --- a/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_masters.externallb.example.com_policy +++ b/tests/integration/update_cluster/externallb/data/aws_iam_role_policy_masters.externallb.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_masters.externalpolicies.example.com_policy b/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_masters.externalpolicies.example.com_policy index 1ee030689b..cccd07872b 100644 --- a/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_masters.externalpolicies.example.com_policy +++ b/tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_masters.externalpolicies.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/ha/data/aws_iam_role_policy_masters.ha.example.com_policy b/tests/integration/update_cluster/ha/data/aws_iam_role_policy_masters.ha.example.com_policy index 6354b7ceb4..c25ed53962 100644 --- a/tests/integration/update_cluster/ha/data/aws_iam_role_policy_masters.ha.example.com_policy +++ b/tests/integration/update_cluster/ha/data/aws_iam_role_policy_masters.ha.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy index 0f08d3e513..e5df29987d 100644 --- a/tests/integration/update_cluster/irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/karpenter/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/karpenter/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy index bf357c57d8..8e56f264a5 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy +++ b/tests/integration/update_cluster/karpenter/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy @@ -42,7 +42,13 @@ "ec2:DescribeInstances", "ec2:DescribeTags", "ec2:DescribeVolumes", - "ec2:DescribeVolumesModifications" + "ec2:DescribeVolumesModifications", + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/karpenter/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/karpenter/data/aws_iam_role_policy_masters.minimal.example.com_policy index 1c48ca7b58..a43ed7ee51 100644 --- a/tests/integration/update_cluster/karpenter/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/karpenter/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -103,7 +103,13 @@ "ec2:DescribeVolumes", "iam:GetServerCertificate", "iam:ListServerCertificates", - "kms:GenerateRandom" + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:GenerateRandom", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy index 874f968968..7bcafd5a03 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy @@ -45,7 +45,13 @@ "ec2:DescribeSnapshots", "ec2:DescribeTags", "ec2:DescribeVolumes", - "ec2:DescribeVolumesModifications" + "ec2:DescribeVolumesModifications", + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy index 4a17e7cc78..14a365abd2 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/many-addons-ccm-irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -121,7 +121,13 @@ "ec2:UnassignPrivateIpAddresses", "iam:GetServerCertificate", "iam:ListServerCertificates", - "kms:GenerateRandom" + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:GenerateRandom", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy index 874f968968..7bcafd5a03 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy +++ b/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy @@ -45,7 +45,13 @@ "ec2:DescribeSnapshots", "ec2:DescribeTags", "ec2:DescribeVolumes", - "ec2:DescribeVolumesModifications" + "ec2:DescribeVolumesModifications", + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_iam_role_policy_masters.minimal.example.com_policy index 4a17e7cc78..14a365abd2 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/many-addons-ccm-irsa24/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -121,7 +121,13 @@ "ec2:UnassignPrivateIpAddresses", "iam:GetServerCertificate", "iam:ListServerCertificates", - "kms:GenerateRandom" + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:GenerateRandom", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy index 874f968968..7bcafd5a03 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy +++ b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy @@ -45,7 +45,13 @@ "ec2:DescribeSnapshots", "ec2:DescribeTags", "ec2:DescribeVolumes", - "ec2:DescribeVolumesModifications" + "ec2:DescribeVolumesModifications", + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_masters.minimal.example.com_policy index 4a17e7cc78..14a365abd2 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/many-addons-ccm-irsa25/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -121,7 +121,13 @@ "ec2:UnassignPrivateIpAddresses", "iam:GetServerCertificate", "iam:ListServerCertificates", - "kms:GenerateRandom" + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:GenerateRandom", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy index 874f968968..7bcafd5a03 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy +++ b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy @@ -45,7 +45,13 @@ "ec2:DescribeSnapshots", "ec2:DescribeTags", "ec2:DescribeVolumes", - "ec2:DescribeVolumesModifications" + "ec2:DescribeVolumesModifications", + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_masters.minimal.example.com_policy index 4a17e7cc78..14a365abd2 100644 --- a/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/many-addons-ccm-irsa26/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -121,7 +121,13 @@ "ec2:UnassignPrivateIpAddresses", "iam:GetServerCertificate", "iam:ListServerCertificates", - "kms:GenerateRandom" + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:GenerateRandom", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/many-addons-ccm/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/many-addons-ccm/data/aws_iam_role_policy_masters.minimal.example.com_policy index 8d8f55d974..4aa44b6981 100644 --- a/tests/integration/update_cluster/many-addons-ccm/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/many-addons-ccm/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -252,8 +252,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/many-addons/data/aws_iam_role_policy_masters.many-addons.example.com_policy b/tests/integration/update_cluster/many-addons/data/aws_iam_role_policy_masters.many-addons.example.com_policy index 8617cd009c..dd1823a40f 100644 --- a/tests/integration/update_cluster/many-addons/data/aws_iam_role_policy_masters.many-addons.example.com_policy +++ b/tests/integration/update_cluster/many-addons/data/aws_iam_role_policy_masters.many-addons.example.com_policy @@ -252,8 +252,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/minimal-1.24/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.24/data/aws_iam_role_policy_masters.minimal.example.com_policy index fc1659c2d9..f2c6932f7e 100644 --- a/tests/integration/update_cluster/minimal-1.24/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/minimal-1.24/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -198,8 +198,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_policy_masters.minimal.example.com_policy index fc1659c2d9..f2c6932f7e 100644 --- a/tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/minimal-1.25/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -198,8 +198,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_policy_masters.minimal.example.com_policy index fc1659c2d9..f2c6932f7e 100644 --- a/tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/minimal-1.26/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -198,8 +198,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/minimal-1.27/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.27/data/aws_iam_role_policy_masters.minimal.example.com_policy index fc1659c2d9..f2c6932f7e 100644 --- a/tests/integration/update_cluster/minimal-1.27/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/minimal-1.27/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -198,8 +198,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/minimal-1.28/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.28/data/aws_iam_role_policy_masters.minimal.example.com_policy index fc1659c2d9..f2c6932f7e 100644 --- a/tests/integration/update_cluster/minimal-1.28/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/minimal-1.28/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -198,8 +198,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/minimal-1.29/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-1.29/data/aws_iam_role_policy_masters.minimal.example.com_policy index fc1659c2d9..f2c6932f7e 100644 --- a/tests/integration/update_cluster/minimal-1.29/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/minimal-1.29/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -198,8 +198,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/minimal-aws/data/aws_iam_role_policy_masters.minimal-aws.example.com_policy b/tests/integration/update_cluster/minimal-aws/data/aws_iam_role_policy_masters.minimal-aws.example.com_policy index 45325835a5..ec03ebe998 100644 --- a/tests/integration/update_cluster/minimal-aws/data/aws_iam_role_policy_masters.minimal-aws.example.com_policy +++ b/tests/integration/update_cluster/minimal-aws/data/aws_iam_role_policy_masters.minimal-aws.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/minimal-dns-none/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-dns-none/data/aws_iam_role_policy_masters.minimal.example.com_policy index 5bd27a2be4..58ecc5624e 100644 --- a/tests/integration/update_cluster/minimal-dns-none/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/minimal-dns-none/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -168,8 +168,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/minimal-etcd/data/aws_iam_role_policy_masters.minimal-etcd.example.com_policy b/tests/integration/update_cluster/minimal-etcd/data/aws_iam_role_policy_masters.minimal-etcd.example.com_policy index 60bb72397d..b1a526b316 100644 --- a/tests/integration/update_cluster/minimal-etcd/data/aws_iam_role_policy_masters.minimal-etcd.example.com_policy +++ b/tests/integration/update_cluster/minimal-etcd/data/aws_iam_role_policy_masters.minimal-etcd.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_masters.minimal.example.com_policy index 0f08d3e513..e5df29987d 100644 --- a/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy index 45b234240f..c46e4f527e 100644 --- a/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy +++ b/tests/integration/update_cluster/minimal-ipv6-calico/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy @@ -193,8 +193,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy index 45b234240f..c46e4f527e 100644 --- a/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy +++ b/tests/integration/update_cluster/minimal-ipv6-cilium/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy @@ -193,8 +193,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy index 45b234240f..c46e4f527e 100644 --- a/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy +++ b/tests/integration/update_cluster/minimal-ipv6-no-subnet-prefix/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy @@ -193,8 +193,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/minimal-ipv6/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy b/tests/integration/update_cluster/minimal-ipv6/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy index 45b234240f..c46e4f527e 100644 --- a/tests/integration/update_cluster/minimal-ipv6/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy +++ b/tests/integration/update_cluster/minimal-ipv6/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy @@ -193,8 +193,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/minimal-longclustername/data/aws_iam_role_policy_masters.this.is.truly.a.really.really.long.cluster-name.m-kaamp9_policy b/tests/integration/update_cluster/minimal-longclustername/data/aws_iam_role_policy_masters.this.is.truly.a.really.really.long.cluster-name.m-kaamp9_policy index f096ce2957..1c14639ae8 100644 --- a/tests/integration/update_cluster/minimal-longclustername/data/aws_iam_role_policy_masters.this.is.truly.a.really.really.long.cluster-name.m-kaamp9_policy +++ b/tests/integration/update_cluster/minimal-longclustername/data/aws_iam_role_policy_masters.this.is.truly.a.really.really.long.cluster-name.m-kaamp9_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/minimal-warmpool/data/aws_iam_role_policy_masters.minimal-warmpool.example.com_policy b/tests/integration/update_cluster/minimal-warmpool/data/aws_iam_role_policy_masters.minimal-warmpool.example.com_policy index 56c1d39ebf..47a7af21b9 100644 --- a/tests/integration/update_cluster/minimal-warmpool/data/aws_iam_role_policy_masters.minimal-warmpool.example.com_policy +++ b/tests/integration/update_cluster/minimal-warmpool/data/aws_iam_role_policy_masters.minimal-warmpool.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/minimal_gossip/data/aws_iam_role_policy_masters.minimal.k8s.local_policy b/tests/integration/update_cluster/minimal_gossip/data/aws_iam_role_policy_masters.minimal.k8s.local_policy index 76611dc6bf..fd94b9213b 100644 --- a/tests/integration/update_cluster/minimal_gossip/data/aws_iam_role_policy_masters.minimal.k8s.local_policy +++ b/tests/integration/update_cluster/minimal_gossip/data/aws_iam_role_policy_masters.minimal.k8s.local_policy @@ -161,8 +161,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.k8s.local_policy b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.k8s.local_policy index 0a288d3e04..b435b7dad4 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.k8s.local_policy +++ b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.k8s.local_policy @@ -42,7 +42,13 @@ "ec2:DescribeInstances", "ec2:DescribeTags", "ec2:DescribeVolumes", - "ec2:DescribeVolumesModifications" + "ec2:DescribeVolumesModifications", + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_iam_role_policy_masters.minimal.k8s.local_policy b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_iam_role_policy_masters.minimal.k8s.local_policy index 4f2cf5d165..2e42da7e75 100644 --- a/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_iam_role_policy_masters.minimal.k8s.local_policy +++ b/tests/integration/update_cluster/minimal_gossip_irsa/data/aws_iam_role_policy_masters.minimal.k8s.local_policy @@ -73,7 +73,13 @@ "ec2:DescribeVolumes", "iam:GetServerCertificate", "iam:ListServerCertificates", - "kms:GenerateRandom" + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:GenerateRandom", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy b/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy index 5b02acd975..ce7cb20032 100644 --- a/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy +++ b/tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy b/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy index 5b02acd975..ce7cb20032 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy +++ b/tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.nthimdsprocessor.lon-kfj86l_policy b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.nthimdsprocessor.lon-kfj86l_policy index 707fc8387d..30e89eee83 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.nthimdsprocessor.lon-kfj86l_policy +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.nthimdsprocessor.lon-kfj86l_policy @@ -42,7 +42,13 @@ "ec2:DescribeInstances", "ec2:DescribeTags", "ec2:DescribeVolumes", - "ec2:DescribeVolumesModifications" + "ec2:DescribeVolumesModifications", + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_iam_role_policy_masters.nthimdsprocessor.longclustername.example.com_policy b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_iam_role_policy_masters.nthimdsprocessor.longclustername.example.com_policy index cb8fd9ae72..d8cbfbcd80 100644 --- a/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_iam_role_policy_masters.nthimdsprocessor.longclustername.example.com_policy +++ b/tests/integration/update_cluster/nth-imds-processor-irsa/data/aws_iam_role_policy_masters.nthimdsprocessor.longclustername.example.com_policy @@ -103,7 +103,13 @@ "ec2:DescribeVolumes", "iam:GetServerCertificate", "iam:ListServerCertificates", - "kms:GenerateRandom" + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:GenerateRandom", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/nth-imds-processor/data/aws_iam_role_policy_masters.nthimdsprocessor.longclustername.example.com_policy b/tests/integration/update_cluster/nth-imds-processor/data/aws_iam_role_policy_masters.nthimdsprocessor.longclustername.example.com_policy index af08550d01..b41f9bfc7d 100644 --- a/tests/integration/update_cluster/nth-imds-processor/data/aws_iam_role_policy_masters.nthimdsprocessor.longclustername.example.com_policy +++ b/tests/integration/update_cluster/nth-imds-processor/data/aws_iam_role_policy_masters.nthimdsprocessor.longclustername.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", - "kms:GenerateRandom" + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:GenerateRandom", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/nvidia/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/nvidia/data/aws_iam_role_policy_masters.minimal.example.com_policy index 0f08d3e513..e5df29987d 100644 --- a/tests/integration/update_cluster/nvidia/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/nvidia/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_masters.private-shared-ip.example.com_policy b/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_masters.private-shared-ip.example.com_policy index 874bf0eda8..f70be4c447 100644 --- a/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_masters.private-shared-ip.example.com_policy +++ b/tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_masters.private-shared-ip.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_masters.private-shared-subnet.example.com_policy b/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_masters.private-shared-subnet.example.com_policy index 26d06a280f..54172b66a6 100644 --- a/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_masters.private-shared-subnet.example.com_policy +++ b/tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_masters.private-shared-subnet.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy b/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy index 83ac3eafc1..342e867a01 100644 --- a/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy +++ b/tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy @@ -199,8 +199,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_masters.privatecanal.example.com_policy b/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_masters.privatecanal.example.com_policy index 11c2866899..0fec755916 100644 --- a/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_masters.privatecanal.example.com_policy +++ b/tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_masters.privatecanal.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/privatecilium-eni/data/aws_iam_role_policy_masters.privatecilium.example.com_policy b/tests/integration/update_cluster/privatecilium-eni/data/aws_iam_role_policy_masters.privatecilium.example.com_policy index 3fe8216941..8d5203083f 100644 --- a/tests/integration/update_cluster/privatecilium-eni/data/aws_iam_role_policy_masters.privatecilium.example.com_policy +++ b/tests/integration/update_cluster/privatecilium-eni/data/aws_iam_role_policy_masters.privatecilium.example.com_policy @@ -201,8 +201,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_masters.privatecilium.example.com_policy b/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_masters.privatecilium.example.com_policy index 6461c3b570..07dafdfe36 100644 --- a/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_masters.privatecilium.example.com_policy +++ b/tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_masters.privatecilium.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_masters.privatecilium.example.com_policy b/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_masters.privatecilium.example.com_policy index 6461c3b570..07dafdfe36 100644 --- a/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_masters.privatecilium.example.com_policy +++ b/tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_masters.privatecilium.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_masters.privateciliumadvanced.example.com_policy b/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_masters.privateciliumadvanced.example.com_policy index 17d315887a..f74a5ba2db 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_masters.privateciliumadvanced.example.com_policy +++ b/tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_masters.privateciliumadvanced.example.com_policy @@ -211,8 +211,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_masters.privatedns1.example.com_policy b/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_masters.privatedns1.example.com_policy index 035636e998..13bcd67e19 100644 --- a/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_masters.privatedns1.example.com_policy +++ b/tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_masters.privatedns1.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_masters.privatedns2.example.com_policy b/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_masters.privatedns2.example.com_policy index 9e8c97dee1..da1fa594cd 100644 --- a/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_masters.privatedns2.example.com_policy +++ b/tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_masters.privatedns2.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_masters.privateflannel.example.com_policy b/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_masters.privateflannel.example.com_policy index a883e6c7f9..1275361a13 100644 --- a/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_masters.privateflannel.example.com_policy +++ b/tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_masters.privateflannel.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_masters.privatekopeio.example.com_policy b/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_masters.privatekopeio.example.com_policy index 8fe2bae058..85f984ada8 100644 --- a/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_masters.privatekopeio.example.com_policy +++ b/tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_masters.privatekopeio.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/public-jwks-apiserver/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy b/tests/integration/update_cluster/public-jwks-apiserver/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy index bf357c57d8..8e56f264a5 100644 --- a/tests/integration/update_cluster/public-jwks-apiserver/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy +++ b/tests/integration/update_cluster/public-jwks-apiserver/data/aws_iam_role_policy_ebs-csi-controller-sa.kube-system.sa.minimal.example.com_policy @@ -42,7 +42,13 @@ "ec2:DescribeInstances", "ec2:DescribeTags", "ec2:DescribeVolumes", - "ec2:DescribeVolumesModifications" + "ec2:DescribeVolumesModifications", + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/public-jwks-apiserver/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/public-jwks-apiserver/data/aws_iam_role_policy_masters.minimal.example.com_policy index 1c48ca7b58..a43ed7ee51 100644 --- a/tests/integration/update_cluster/public-jwks-apiserver/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/public-jwks-apiserver/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -103,7 +103,13 @@ "ec2:DescribeVolumes", "iam:GetServerCertificate", "iam:ListServerCertificates", - "kms:GenerateRandom" + "kms:CreateGrant", + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:GenerateRandom", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": "*" diff --git a/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_masters.sharedsubnet.example.com_policy b/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_masters.sharedsubnet.example.com_policy index ee045f62c5..c50a5361d6 100644 --- a/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_masters.sharedsubnet.example.com_policy +++ b/tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_masters.sharedsubnet.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_masters.sharedvpc.example.com_policy b/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_masters.sharedvpc.example.com_policy index 3bb8bbc368..0bb97dfd56 100644 --- a/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_masters.sharedvpc.example.com_policy +++ b/tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_masters.sharedvpc.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy index 45b234240f..c46e4f527e 100644 --- a/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy +++ b/tests/integration/update_cluster/shared_vpc_ipv6/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy @@ -193,8 +193,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_masters.unmanaged.example.com_policy b/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_masters.unmanaged.example.com_policy index 91bc3f5004..cf5b3ffb1f 100644 --- a/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_masters.unmanaged.example.com_policy +++ b/tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_masters.unmanaged.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ], diff --git a/tests/integration/update_cluster/vfs-said/data/aws_iam_role_policy_masters.minimal.example.com_policy b/tests/integration/update_cluster/vfs-said/data/aws_iam_role_policy_masters.minimal.example.com_policy index 0f08d3e513..e5df29987d 100644 --- a/tests/integration/update_cluster/vfs-said/data/aws_iam_role_policy_masters.minimal.example.com_policy +++ b/tests/integration/update_cluster/vfs-said/data/aws_iam_role_policy_masters.minimal.example.com_policy @@ -191,8 +191,13 @@ "elasticloadbalancing:DescribeTargetHealth", "iam:GetServerCertificate", "iam:ListServerCertificates", + "kms:CreateGrant", + "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", "kms:GenerateRandom", + "kms:ReEncrypt*", "sqs:DeleteMessage", "sqs:ReceiveMessage" ],