kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add s3 policies to integration tests

This commit is contained in:
Ole Markus With 2021-07-01 09:20:52 +02:00
parent 9885714957
commit c7bd1c1529
89 changed files with 4188 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
pkg/model/iam/iam_builder.go
View File

@ -490,38 +490,28 @@ func (b *PolicyBuilder) AddS3Permissions(p *Policy) (*Policy, error) {
return nil, fmt.Errorf("cannot parse VFS path %q: %v", root, err)
}
if s3Path, ok := vfsPath.(*vfs.S3Path); ok {
iamS3Path := s3Path.Bucket() + "/" + s3Path.Key()
switch path := vfsPath.(type) {
case *vfs.S3Path:
iamS3Path := path.Bucket() + "/" + path.Key()
iamS3Path = strings.TrimSuffix(iamS3Path, "/")
s3Buckets.Insert(s3Path.Bucket())
s3Buckets.Insert(path.Bucket())
resources, err := ReadableStatePaths(b.Cluster, b.Role)
if err != nil {
if err := b.buildS3GetStatements(p, iamS3Path); err != nil {
return nil, err
}
if len(resources) != 0 {
sort.Strings(resources)
// Add the prefix for IAM
for i, r := range resources {
resources[i] = b.IAMPrefix() + ":s3:::" + iamS3Path + r
}
p.Statement = append(p.Statement, &Statement{
Effect: StatementEffectAllow,
Action: stringorslice.Slice([]string{"s3:Get*"}),
Resource: stringorslice.Of(resources...),
})
}
} else if _, ok := vfsPath.(*vfs.MemFSPath); ok {
// Tests -ignore - nothing we can do in terms of IAM policy
case *vfs.MemFSPath:
// Tests - we emulate the s3 permissions so that we can get an idea of the full policy
klog.Warningf("ignoring memfs path %q for IAM policy builder", vfsPath)
} else if _, ok := vfsPath.(*vfs.VaultPath); ok {
iamS3Path := "placeholder-read-bucket/" + path.Location()
b.buildS3GetStatements(p, iamS3Path)
s3Buckets.Insert("placeholder-read-bucket")
case *vfs.VaultPath:
// Vault access needs to come from somewhere else
klog.Warningf("ignoring valult path %q for IAM policy builder", vfsPath)
} else {
default:
// We could implement this approach, but it seems better to
// get all clouds using cluster-readable storage
return nil, fmt.Errorf("path is not cluster readable: %v", root)
@ -534,26 +524,19 @@ func (b *PolicyBuilder) AddS3Permissions(p *Policy) (*Policy, error) {
}
for _, vfsPath := range writeablePaths {
if s3Path, ok := vfsPath.(*vfs.S3Path); ok {
iamS3Path := s3Path.Bucket() + "/" + s3Path.Key()
switch path := vfsPath.(type) {
case *vfs.S3Path:
iamS3Path := path.Bucket() + "/" + path.Key()
iamS3Path = strings.TrimSuffix(iamS3Path, "/")
p.Statement = append(p.Statement, &Statement{
Effect: StatementEffectAllow,
Action: stringorslice.Slice([]string{
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject",
}),
Resource: stringorslice.Of(
strings.Join([]string{b.IAMPrefix(), ":s3:::", iamS3Path, "/*"}, ""),
),
})
s3Buckets.Insert(s3Path.Bucket())
} else {
klog.Warningf("unknown writeable path, can't apply IAM policy: %q", vfsPath)
b.buildS3WriteStatements(p, iamS3Path)
s3Buckets.Insert(path.Bucket())
case *vfs.MemFSPath:
iamS3Path := "placeholder-write-bucket/" + path.Location()
b.buildS3WriteStatements(p, iamS3Path)
s3Buckets.Insert("placeholder-write-bucket")
default:
return nil, fmt.Errorf("unknown writeable path, can't apply IAM policy: %q", vfsPath)
}
}
@ -576,6 +559,46 @@ func (b *PolicyBuilder) AddS3Permissions(p *Policy) (*Policy, error) {
return p, nil
}
func (b *PolicyBuilder) buildS3WriteStatements(p *Policy, iamS3Path string) {
p.Statement = append(p.Statement, &Statement{
Effect: StatementEffectAllow,
Action: stringorslice.Slice([]string{
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject",
}),
Resource: stringorslice.Of(
strings.Join([]string{b.IAMPrefix(), ":s3:::", iamS3Path, "/*"}, ""),
),
})
}
func (b *PolicyBuilder) buildS3GetStatements(p *Policy, iamS3Path string) error {
resources, err := ReadableStatePaths(b.Cluster, b.Role)
if err != nil {
return err
}
if len(resources) != 0 {
sort.Strings(resources)
// Add the prefix for IAM
for i, r := range resources {
resources[i] = b.IAMPrefix() + ":s3:::" + iamS3Path + r
}
p.Statement = append(p.Statement, &Statement{
Effect: StatementEffectAllow,
Action: stringorslice.Slice([]string{"s3:Get*"}),
Resource: stringorslice.Of(resources...),
})
}
return nil
}
func WriteableVFSPaths(cluster *kops.Cluster, role Subject) ([]vfs.Path, error) {
var paths []vfs.Path

96
tests/integration/update_cluster/apiservernodes/cloudformation.json
View File

@ -1239,6 +1239,25 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"
@ -1410,6 +1429,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",
@ -1572,6 +1642,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/aws-lb-controller/data/aws_iam_role_policy_nodes.minimal.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_masters.bastionuserdata.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/bastionuserdata.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/bastionuserdata.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/bastionuserdata.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/bastionadditional_user-data/data/aws_iam_role_policy_nodes.bastionuserdata.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/bastionuserdata.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/bastionuserdata.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/bastionuserdata.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/bastionuserdata.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/bastionuserdata.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/bastionuserdata.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

77
tests/integration/update_cluster/complex/cloudformation.json
View File

@ -1720,6 +1720,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/complex.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/complex.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/complex.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",
@ -1882,6 +1933,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/complex.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/complex.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/complex.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/complex.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/complex.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/complex.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/complex/data/aws_iam_role_policy_masters.complex.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/complex.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/complex.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/complex.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/complex/data/aws_iam_role_policy_nodes.complex.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/complex.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/complex.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/complex.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/complex.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/complex.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/complex.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/compress/data/aws_iam_role_policy_masters.compress.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/compress.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/compress.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/compress.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/compress/data/aws_iam_role_policy_nodes.compress.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/compress.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/compress.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/compress.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/compress.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/compress.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/compress.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

77
tests/integration/update_cluster/containerd-custom/cloudformation.json
View File

@ -1106,6 +1106,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/containerd.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/containerd.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/containerd.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",
@ -1268,6 +1319,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/containerd.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/containerd.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/containerd.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/containerd.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/containerd.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/containerd.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

77
tests/integration/update_cluster/containerd/cloudformation.json
View File

@ -1106,6 +1106,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/containerd.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/containerd.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/containerd.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",
@ -1268,6 +1319,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/containerd.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/containerd.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/containerd.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/containerd.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/containerd.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/containerd.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

77
tests/integration/update_cluster/docker-custom/cloudformation.json
View File

@ -1106,6 +1106,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/docker.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/docker.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/docker.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",
@ -1268,6 +1319,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/docker.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/docker.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/docker.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/docker.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/docker.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/docker.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_masters.existingsg.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/existingsg.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/existingsg.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/existingsg.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/existing_sg/data/aws_iam_role_policy_nodes.existingsg.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/existingsg.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/existingsg.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/existingsg.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/existingsg.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/existingsg.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/existingsg.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

77
tests/integration/update_cluster/externallb/cloudformation.json
View File

@ -1122,6 +1122,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/externallb.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/externallb.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/externallb.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",
@ -1284,6 +1335,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/externallb.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/externallb.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/externallb.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/externallb.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/externallb.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/externallb.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/externallb/data/aws_iam_role_policy_masters.externallb.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/externallb.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/externallb.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/externallb.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/externallb/data/aws_iam_role_policy_nodes.externallb.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/externallb.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/externallb.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/externallb.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/externallb.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/externallb.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/externallb.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_masters.externalpolicies.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/externalpolicies.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/externalpolicies.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/externalpolicies.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/externalpolicies/data/aws_iam_role_policy_nodes.externalpolicies.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/externalpolicies.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/externalpolicies.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/externalpolicies.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/externalpolicies.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/externalpolicies.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/externalpolicies.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/ha/data/aws_iam_role_policy_masters.ha.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/tests/ha.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/tests/ha.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/tests/ha.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/ha/data/aws_iam_role_policy_nodes.ha.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/tests/ha.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/tests/ha.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/tests/ha.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/tests/ha.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/tests/ha.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/tests/ha.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/irsa/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/irsa/data/aws_iam_role_policy_nodes.minimal.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

77
tests/integration/update_cluster/minimal-etcd/cloudformation.json
View File

@ -1106,6 +1106,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-etcd.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal-etcd.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal-etcd.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",
@ -1268,6 +1319,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-etcd.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-etcd.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-etcd.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-etcd.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-etcd.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-etcd.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

77
tests/integration/update_cluster/minimal-gp3/cloudformation.json
View File

@ -1102,6 +1102,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",
@ -1264,6 +1315,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/minimal-gp3/data/aws_iam_role_policy_nodes.minimal.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

77
tests/integration/update_cluster/minimal-ipv6/cloudformation.json
View File

@ -1283,6 +1283,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-ipv6.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal-ipv6.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal-ipv6.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",
@ -1445,6 +1496,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-ipv6.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-ipv6.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-ipv6.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-ipv6.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-ipv6.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-ipv6.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/minimal-ipv6/data/aws_iam_role_policy_masters.minimal-ipv6.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-ipv6.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal-ipv6.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal-ipv6.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/minimal-ipv6/data/aws_iam_role_policy_nodes.minimal-ipv6.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-ipv6.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-ipv6.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-ipv6.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-ipv6.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-ipv6.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-ipv6.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_masters.minimal-json.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-json.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal-json.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal-json.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/minimal-json/data/aws_iam_role_policy_nodes.minimal-json.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-json.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-json.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-json.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-json.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-json.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-json.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/minimal-warmpool/data/aws_iam_role_policy_masters.minimal-warmpool.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-warmpool.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal-warmpool.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal-warmpool.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/minimal-warmpool/data/aws_iam_role_policy_nodes.minimal-warmpool.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-warmpool.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-warmpool.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-warmpool.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-warmpool.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-warmpool.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal-warmpool.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

77
tests/integration/update_cluster/minimal/cloudformation.json
View File

@ -1106,6 +1106,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",
@ -1268,6 +1319,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/minimal/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/minimal/data/aws_iam_role_policy_nodes.minimal.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/minimal_gossip/data/aws_iam_role_policy_masters.minimal.k8s.local_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.k8s.local/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal.k8s.local/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal.k8s.local/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"ec2:CreateVolume"

26
tests/integration/update_cluster/minimal_gossip/data/aws_iam_role_policy_nodes.minimal.k8s.local_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.k8s.local/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.k8s.local/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.k8s.local/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.k8s.local/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.k8s.local/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.k8s.local/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

77
tests/integration/update_cluster/mixed_instances/cloudformation.json
View File

@ -1825,6 +1825,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/mixedinstances.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/mixedinstances.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",
@ -1987,6 +2038,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/mixedinstances.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/mixedinstances.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/mixed_instances/data/aws_iam_role_policy_nodes.mixedinstances.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

77
tests/integration/update_cluster/mixed_instances_spot/cloudformation.json
View File

@ -1826,6 +1826,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/mixedinstances.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/mixedinstances.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",
@ -1988,6 +2039,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_masters.mixedinstances.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/mixedinstances.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/mixedinstances.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/mixed_instances_spot/data/aws_iam_role_policy_nodes.mixedinstances.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

77
tests/integration/update_cluster/nth_sqs_resources/cloudformation.json
View File

@ -1216,6 +1216,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/nthsqsresources.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/nthsqsresources.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/nthsqsresources.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",
@ -1390,6 +1441,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/nthsqsresources.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/nthsqsresources.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/nthsqsresources.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/nthsqsresources.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/nthsqsresources.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/nthsqsresources.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/nth_sqs_resources/data/aws_iam_role_policy_masters.nthsqsresources.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/nthsqsresources.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/nthsqsresources.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/nthsqsresources.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/nth_sqs_resources/data/aws_iam_role_policy_nodes.nthsqsresources.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/nthsqsresources.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/nthsqsresources.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/nthsqsresources.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/nthsqsresources.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/nthsqsresources.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/nthsqsresources.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

77
tests/integration/update_cluster/private-shared-ip/cloudformation.json
View File

@ -1622,6 +1622,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/private-shared-ip.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/private-shared-ip.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/private-shared-ip.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",
@ -1784,6 +1835,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/private-shared-ip.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/private-shared-ip.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/private-shared-ip.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/private-shared-ip.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/private-shared-ip.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/private-shared-ip.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_masters.private-shared-ip.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/private-shared-ip.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/private-shared-ip.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/private-shared-ip.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/private-shared-ip/data/aws_iam_role_policy_nodes.private-shared-ip.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/private-shared-ip.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/private-shared-ip.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/private-shared-ip.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/private-shared-ip.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/private-shared-ip.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/private-shared-ip.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_masters.private-shared-subnet.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/private-shared-subnet.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/private-shared-subnet.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/private-shared-subnet.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/private-shared-subnet/data/aws_iam_role_policy_nodes.private-shared-subnet.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/private-shared-subnet.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/private-shared-subnet.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/private-shared-subnet.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/private-shared-subnet.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/private-shared-subnet.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/private-shared-subnet.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

77
tests/integration/update_cluster/privatecalico/cloudformation.json
View File

@ -1778,6 +1778,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecalico.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privatecalico.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privatecalico.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",
@ -1951,6 +2002,32 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecalico.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecalico.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecalico.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecalico.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecalico.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecalico.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"ec2:DescribeInstances",

51
tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_masters.privatecalico.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecalico.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privatecalico.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privatecalico.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/privatecalico/data/aws_iam_role_policy_nodes.privatecalico.example.com_policy
View File

@ -24,6 +24,32 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecalico.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecalico.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecalico.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecalico.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecalico.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecalico.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"ec2:DescribeInstances",

51
tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_masters.privatecanal.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecanal.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privatecanal.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privatecanal.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/privatecanal/data/aws_iam_role_policy_nodes.privatecanal.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecanal.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecanal.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecanal.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecanal.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecanal.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecanal.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

77
tests/integration/update_cluster/privatecilium/cloudformation.json
View File

@ -1764,6 +1764,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privatecilium.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privatecilium.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",
@ -1926,6 +1977,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_masters.privatecilium.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privatecilium.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privatecilium.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/privatecilium/data/aws_iam_role_policy_nodes.privatecilium.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

79
tests/integration/update_cluster/privatecilium2/cloudformation.json
View File

@ -1764,6 +1764,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privatecilium.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privatecilium.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",
@ -1926,6 +1977,34 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/pki/private/kube-proxy/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/pki/private/kubelet/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_masters.privatecilium.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privatecilium.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privatecilium.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

28
tests/integration/update_cluster/privatecilium2/data/aws_iam_role_policy_nodes.privatecilium.example.com_policy
View File

@ -23,6 +23,34 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/pki/private/kube-proxy/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/pki/private/kubelet/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatecilium.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

87
tests/integration/update_cluster/privateciliumadvanced/cloudformation.json
View File

@ -1797,6 +1797,67 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateciliumadvanced.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privateciliumadvanced.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privateciliumadvanced.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privateciliumadvanced.example.com/backups/etcd/cilium/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",
@ -1979,6 +2040,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateciliumadvanced.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateciliumadvanced.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateciliumadvanced.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateciliumadvanced.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateciliumadvanced.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateciliumadvanced.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

61
tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_masters.privateciliumadvanced.example.com_policy
View File

@ -154,6 +154,67 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateciliumadvanced.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privateciliumadvanced.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privateciliumadvanced.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privateciliumadvanced.example.com/backups/etcd/cilium/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/privateciliumadvanced/data/aws_iam_role_policy_nodes.privateciliumadvanced.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateciliumadvanced.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateciliumadvanced.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateciliumadvanced.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateciliumadvanced.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateciliumadvanced.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateciliumadvanced.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_masters.privatedns1.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatedns1.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privatedns1.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privatedns1.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/privatedns1/data/aws_iam_role_policy_nodes.privatedns1.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatedns1.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatedns1.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatedns1.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatedns1.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatedns1.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatedns1.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_masters.privatedns2.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatedns2.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privatedns2.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privatedns2.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/privatedns2/data/aws_iam_role_policy_nodes.privatedns2.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatedns2.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatedns2.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatedns2.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatedns2.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatedns2.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatedns2.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_masters.privateflannel.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateflannel.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privateflannel.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privateflannel.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/privateflannel/data/aws_iam_role_policy_nodes.privateflannel.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateflannel.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateflannel.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateflannel.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateflannel.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateflannel.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateflannel.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_masters.privatekopeio.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatekopeio.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privatekopeio.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privatekopeio.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/privatekopeio/data/aws_iam_role_policy_nodes.privatekopeio.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatekopeio.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatekopeio.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatekopeio.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatekopeio.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatekopeio.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privatekopeio.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_masters.privateweave.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateweave.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privateweave.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/privateweave.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/privateweave/data/aws_iam_role_policy_nodes.privateweave.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateweave.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateweave.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateweave.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateweave.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateweave.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/privateweave.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/public-jwks-apiserver/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/public-jwks-apiserver/data/aws_iam_role_policy_nodes.minimal.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_masters.sharedsubnet.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/sharedsubnet.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/sharedsubnet.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/sharedsubnet.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/shared_subnet/data/aws_iam_role_policy_nodes.sharedsubnet.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/sharedsubnet.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/sharedsubnet.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/sharedsubnet.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/sharedsubnet.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/sharedsubnet.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/sharedsubnet.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_masters.sharedvpc.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/sharedvpc.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/sharedvpc.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/sharedvpc.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/shared_vpc/data/aws_iam_role_policy_nodes.sharedvpc.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/sharedvpc.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/sharedvpc.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/sharedvpc.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/sharedvpc.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/sharedvpc.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/sharedvpc.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_masters.unmanaged.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/unmanaged.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/unmanaged.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/unmanaged.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/unmanaged/data/aws_iam_role_policy_nodes.unmanaged.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/unmanaged.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/unmanaged.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/unmanaged.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/unmanaged.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/unmanaged.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/unmanaged.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"

51
tests/integration/update_cluster/vfs-said/data/aws_iam_role_policy_masters.minimal.example.com_policy
View File

@ -154,6 +154,57 @@
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/minimal.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",

26
tests/integration/update_cluster/vfs-said/data/aws_iam_role_policy_nodes.minimal.example.com_policy
View File

@ -23,6 +23,32 @@
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/addons/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/cluster-completed.spec",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/igconfig/node/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/pki/issued/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/pki/ssh/*",
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/minimal.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::placeholder-read-bucket"
]
}
],
"Version": "2012-10-17"