From d889d61ddb1e7b72a06b463e63ed07c06099a4ab Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Thu, 21 Jan 2021 10:02:10 +0200 Subject: [PATCH] Set default IMDS v2 to "required" for instances in AWS --- k8s/crds/kops.k8s.io_instancegroups.yaml | 2 +- pkg/apis/kops/instancegroup.go | 2 +- pkg/apis/kops/v1alpha2/instancegroup.go | 2 +- pkg/model/awsmodel/autoscalinggroup.go | 2 +- .../bastionadditional_user-data/kubernetes.tf | 6 +++--- .../update_cluster/complex/cloudformation.json | 2 +- tests/integration/update_cluster/complex/kubernetes.tf | 2 +- tests/integration/update_cluster/compress/kubernetes.tf | 4 ++-- .../update_cluster/containerd-custom/cloudformation.json | 4 ++-- .../update_cluster/containerd/cloudformation.json | 4 ++-- .../update_cluster/docker-custom/cloudformation.json | 4 ++-- .../integration/update_cluster/existing_iam/kubernetes.tf | 8 ++++---- .../existing_iam_cloudformation/cloudformation.json | 4 ++-- .../integration/update_cluster/existing_sg/kubernetes.tf | 8 ++++---- .../update_cluster/externallb/cloudformation.json | 4 ++-- tests/integration/update_cluster/externallb/kubernetes.tf | 4 ++-- .../update_cluster/externalpolicies/kubernetes.tf | 4 ++-- tests/integration/update_cluster/ha/kubernetes.tf | 8 ++++---- .../minimal-cloudformation/cloudformation.json | 4 ++-- .../update_cluster/minimal-gp3/cloudformation.json | 4 ++-- .../integration/update_cluster/minimal-gp3/kubernetes.tf | 4 ++-- .../update_cluster/minimal-json/kubernetes.tf.json | 4 ++-- tests/integration/update_cluster/minimal/kubernetes.tf | 4 ++-- .../update_cluster/mixed_instances/cloudformation.json | 8 ++++---- .../update_cluster/mixed_instances/kubernetes.tf | 8 ++++---- .../mixed_instances_spot/cloudformation.json | 8 ++++---- .../update_cluster/mixed_instances_spot/kubernetes.tf | 8 ++++---- .../update_cluster/private-shared-ip/cloudformation.json | 6 +++--- .../update_cluster/private-shared-ip/kubernetes.tf | 6 +++--- .../update_cluster/private-shared-subnet/kubernetes.tf | 6 +++--- .../update_cluster/privatecalico/cloudformation.json | 6 +++--- .../update_cluster/privatecalico/kubernetes.tf | 6 +++--- .../integration/update_cluster/privatecanal/kubernetes.tf | 6 +++--- .../update_cluster/privatecilium/cloudformation.json | 6 +++--- .../update_cluster/privatecilium/kubernetes.tf | 6 +++--- .../update_cluster/privatecilium2/cloudformation.json | 6 +++--- .../update_cluster/privatecilium2/kubernetes.tf | 6 +++--- .../privateciliumadvanced/cloudformation.json | 6 +++--- .../update_cluster/privateciliumadvanced/kubernetes.tf | 6 +++--- .../integration/update_cluster/privatedns1/kubernetes.tf | 6 +++--- .../integration/update_cluster/privatedns2/kubernetes.tf | 6 +++--- .../update_cluster/privateflannel/kubernetes.tf | 6 +++--- .../update_cluster/privatekopeio/kubernetes.tf | 6 +++--- .../integration/update_cluster/privateweave/kubernetes.tf | 6 +++--- .../integration/update_cluster/public-jwks/kubernetes.tf | 4 ++-- .../update_cluster/shared_subnet/kubernetes.tf | 4 ++-- tests/integration/update_cluster/shared_vpc/kubernetes.tf | 4 ++-- tests/integration/update_cluster/unmanaged/kubernetes.tf | 6 +++--- 48 files changed, 123 insertions(+), 123 deletions(-) diff --git a/k8s/crds/kops.k8s.io_instancegroups.yaml b/k8s/crds/kops.k8s.io_instancegroups.yaml index 3d2601c3ad..afd4afe216 100644 --- a/k8s/crds/kops.k8s.io_instancegroups.yaml +++ b/k8s/crds/kops.k8s.io_instancegroups.yaml @@ -239,7 +239,7 @@ spec: httpTokens: description: HTTPTokens is the state of token usage for the instance metadata requests. If the parameter is not specified in the - request, the default state is "optional". + request, the default state is "required". type: string type: object instanceProtection: diff --git a/pkg/apis/kops/instancegroup.go b/pkg/apis/kops/instancegroup.go index ee74c97284..3a8005206d 100644 --- a/pkg/apis/kops/instancegroup.go +++ b/pkg/apis/kops/instancegroup.go @@ -192,7 +192,7 @@ type InstanceMetadataOptions struct { // The larger the number, the further instance metadata requests can travel. The default value is 1. HTTPPutResponseHopLimit *int64 `json:"httpPutResponseHopLimit,omitempty"` // HTTPTokens is the state of token usage for the instance metadata requests. - // If the parameter is not specified in the request, the default state is "optional". + // If the parameter is not specified in the request, the default state is "required". HTTPTokens *string `json:"httpTokens,omitempty"` } diff --git a/pkg/apis/kops/v1alpha2/instancegroup.go b/pkg/apis/kops/v1alpha2/instancegroup.go index 57b36d72a2..fb292322c4 100644 --- a/pkg/apis/kops/v1alpha2/instancegroup.go +++ b/pkg/apis/kops/v1alpha2/instancegroup.go @@ -190,7 +190,7 @@ type InstanceMetadataOptions struct { // The larger the number, the further instance metadata requests can travel. The default value is 1. HTTPPutResponseHopLimit *int64 `json:"httpPutResponseHopLimit,omitempty"` // HTTPTokens is the state of token usage for the instance metadata requests. - // If the parameter is not specified in the request, the default state is "optional". + // If the parameter is not specified in the request, the default state is "required". HTTPTokens *string `json:"httpTokens,omitempty"` } diff --git a/pkg/model/awsmodel/autoscalinggroup.go b/pkg/model/awsmodel/autoscalinggroup.go index b00aca5e68..c92fe34d41 100644 --- a/pkg/model/awsmodel/autoscalinggroup.go +++ b/pkg/model/awsmodel/autoscalinggroup.go @@ -238,7 +238,7 @@ func (b *AutoscalingGroupModelBuilder) buildLaunchConfigurationTask(c *fi.ModelB SecurityGroups: []*awstasks.SecurityGroup{sgLink}, } - t.HTTPTokens = fi.String("optional") + t.HTTPTokens = fi.String(ec2.LaunchTemplateHttpTokensStateRequired) if ig.Spec.InstanceMetadata != nil && ig.Spec.InstanceMetadata.HTTPTokens != nil { t.HTTPTokens = ig.Spec.InstanceMetadata.HTTPTokens } diff --git a/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf b/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf index 0ba4b4e72f..4bb0758aac 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf +++ b/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf @@ -455,7 +455,7 @@ resource "aws_launch_template" "bastion-bastionuserdata-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "bastion.bastionuserdata.example.com" network_interfaces { @@ -527,7 +527,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-bastionuserdata-exampl metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.bastionuserdata.example.com" network_interfaces { @@ -598,7 +598,7 @@ resource "aws_launch_template" "nodes-bastionuserdata-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.bastionuserdata.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/complex/cloudformation.json b/tests/integration/update_cluster/complex/cloudformation.json index dda200223c..431b749969 100644 --- a/tests/integration/update_cluster/complex/cloudformation.json +++ b/tests/integration/update_cluster/complex/cloudformation.json @@ -424,7 +424,7 @@ "InstanceType": "t2.medium", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "Monitoring": { "Enabled": true diff --git a/tests/integration/update_cluster/complex/kubernetes.tf b/tests/integration/update_cluster/complex/kubernetes.tf index 48f903c3bd..06ddad8068 100644 --- a/tests/integration/update_cluster/complex/kubernetes.tf +++ b/tests/integration/update_cluster/complex/kubernetes.tf @@ -408,7 +408,7 @@ resource "aws_launch_template" "nodes-complex-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = true diff --git a/tests/integration/update_cluster/compress/kubernetes.tf b/tests/integration/update_cluster/compress/kubernetes.tf index 046f02fb92..3f0e69c2f6 100644 --- a/tests/integration/update_cluster/compress/kubernetes.tf +++ b/tests/integration/update_cluster/compress/kubernetes.tf @@ -287,7 +287,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-compress-example-com" metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.compress.example.com" network_interfaces { @@ -357,7 +357,7 @@ resource "aws_launch_template" "nodes-compress-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.compress.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/containerd-custom/cloudformation.json b/tests/integration/update_cluster/containerd-custom/cloudformation.json index 63f4d725ec..6624a33e7a 100644 --- a/tests/integration/update_cluster/containerd-custom/cloudformation.json +++ b/tests/integration/update_cluster/containerd-custom/cloudformation.json @@ -231,7 +231,7 @@ "KeyName": "kubernetes.containerd.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -353,7 +353,7 @@ "KeyName": "kubernetes.containerd.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { diff --git a/tests/integration/update_cluster/containerd/cloudformation.json b/tests/integration/update_cluster/containerd/cloudformation.json index 63f4d725ec..6624a33e7a 100644 --- a/tests/integration/update_cluster/containerd/cloudformation.json +++ b/tests/integration/update_cluster/containerd/cloudformation.json @@ -231,7 +231,7 @@ "KeyName": "kubernetes.containerd.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -353,7 +353,7 @@ "KeyName": "kubernetes.containerd.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { diff --git a/tests/integration/update_cluster/docker-custom/cloudformation.json b/tests/integration/update_cluster/docker-custom/cloudformation.json index 610ec1f7c3..61bea052c8 100644 --- a/tests/integration/update_cluster/docker-custom/cloudformation.json +++ b/tests/integration/update_cluster/docker-custom/cloudformation.json @@ -231,7 +231,7 @@ "KeyName": "kubernetes.docker.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -353,7 +353,7 @@ "KeyName": "kubernetes.docker.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { diff --git a/tests/integration/update_cluster/existing_iam/kubernetes.tf b/tests/integration/update_cluster/existing_iam/kubernetes.tf index 17e81c433f..6ee46c8c69 100644 --- a/tests/integration/update_cluster/existing_iam/kubernetes.tf +++ b/tests/integration/update_cluster/existing_iam/kubernetes.tf @@ -408,7 +408,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-existing-iam-example-c metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.existing-iam.example.com" network_interfaces { @@ -483,7 +483,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-existing-iam-example-c metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1b.masters.existing-iam.example.com" network_interfaces { @@ -558,7 +558,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-existing-iam-example-c metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1c.masters.existing-iam.example.com" network_interfaces { @@ -629,7 +629,7 @@ resource "aws_launch_template" "nodes-existing-iam-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.existing-iam.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json b/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json index 7b24422101..9389e14418 100644 --- a/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json +++ b/tests/integration/update_cluster/existing_iam_cloudformation/cloudformation.json @@ -229,7 +229,7 @@ "KeyName": "kubernetes.minimal.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -349,7 +349,7 @@ "KeyName": "kubernetes.minimal.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { diff --git a/tests/integration/update_cluster/existing_sg/kubernetes.tf b/tests/integration/update_cluster/existing_sg/kubernetes.tf index 0a49189bca..ea151ccf5f 100644 --- a/tests/integration/update_cluster/existing_sg/kubernetes.tf +++ b/tests/integration/update_cluster/existing_sg/kubernetes.tf @@ -499,7 +499,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-existingsg-example-com metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.existingsg.example.com" network_interfaces { @@ -574,7 +574,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-existingsg-example-com metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1b.masters.existingsg.example.com" network_interfaces { @@ -649,7 +649,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-existingsg-example-com metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1c.masters.existingsg.example.com" network_interfaces { @@ -720,7 +720,7 @@ resource "aws_launch_template" "nodes-existingsg-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.existingsg.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/externallb/cloudformation.json b/tests/integration/update_cluster/externallb/cloudformation.json index 0972c04c17..5c821180d2 100644 --- a/tests/integration/update_cluster/externallb/cloudformation.json +++ b/tests/integration/update_cluster/externallb/cloudformation.json @@ -246,7 +246,7 @@ "KeyName": "kubernetes.externallb.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -368,7 +368,7 @@ "KeyName": "kubernetes.externallb.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { diff --git a/tests/integration/update_cluster/externallb/kubernetes.tf b/tests/integration/update_cluster/externallb/kubernetes.tf index a04becfe39..2c12e61fdc 100644 --- a/tests/integration/update_cluster/externallb/kubernetes.tf +++ b/tests/integration/update_cluster/externallb/kubernetes.tf @@ -302,7 +302,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-externallb-example-com metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.externallb.example.com" network_interfaces { @@ -373,7 +373,7 @@ resource "aws_launch_template" "nodes-externallb-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.externallb.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/externalpolicies/kubernetes.tf b/tests/integration/update_cluster/externalpolicies/kubernetes.tf index 9ce37e5ea6..a6a13288a6 100644 --- a/tests/integration/update_cluster/externalpolicies/kubernetes.tf +++ b/tests/integration/update_cluster/externalpolicies/kubernetes.tf @@ -370,7 +370,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-externalpolicies-examp metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.externalpolicies.example.com" network_interfaces { @@ -447,7 +447,7 @@ resource "aws_launch_template" "nodes-externalpolicies-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } monitoring { enabled = true diff --git a/tests/integration/update_cluster/ha/kubernetes.tf b/tests/integration/update_cluster/ha/kubernetes.tf index 10cf3c8750..958b52080a 100644 --- a/tests/integration/update_cluster/ha/kubernetes.tf +++ b/tests/integration/update_cluster/ha/kubernetes.tf @@ -470,7 +470,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-ha-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.ha.example.com" network_interfaces { @@ -545,7 +545,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-ha-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1b.masters.ha.example.com" network_interfaces { @@ -620,7 +620,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-ha-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1c.masters.ha.example.com" network_interfaces { @@ -691,7 +691,7 @@ resource "aws_launch_template" "nodes-ha-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.ha.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json b/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json index f43526409d..d1beb492e5 100644 --- a/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json +++ b/tests/integration/update_cluster/minimal-cloudformation/cloudformation.json @@ -231,7 +231,7 @@ "KeyName": "kubernetes.minimal.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -353,7 +353,7 @@ "KeyName": "kubernetes.minimal.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { diff --git a/tests/integration/update_cluster/minimal-gp3/cloudformation.json b/tests/integration/update_cluster/minimal-gp3/cloudformation.json index 0cbe9c8292..df40e50185 100644 --- a/tests/integration/update_cluster/minimal-gp3/cloudformation.json +++ b/tests/integration/update_cluster/minimal-gp3/cloudformation.json @@ -227,7 +227,7 @@ "KeyName": "kubernetes.minimal.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -349,7 +349,7 @@ "KeyName": "kubernetes.minimal.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { diff --git a/tests/integration/update_cluster/minimal-gp3/kubernetes.tf b/tests/integration/update_cluster/minimal-gp3/kubernetes.tf index e8539dbda7..119b50d361 100644 --- a/tests/integration/update_cluster/minimal-gp3/kubernetes.tf +++ b/tests/integration/update_cluster/minimal-gp3/kubernetes.tf @@ -296,7 +296,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.minimal.example.com" network_interfaces { @@ -367,7 +367,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.minimal.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/minimal-json/kubernetes.tf.json b/tests/integration/update_cluster/minimal-json/kubernetes.tf.json index ed6df109d5..32809abfd0 100644 --- a/tests/integration/update_cluster/minimal-json/kubernetes.tf.json +++ b/tests/integration/update_cluster/minimal-json/kubernetes.tf.json @@ -343,7 +343,7 @@ "metadata_options": { "http_endpoint": "enabled", "http_put_response_hop_limit": 1, - "http_tokens": "optional" + "http_tokens": "required" }, "network_interfaces": [ { @@ -425,7 +425,7 @@ "metadata_options": { "http_endpoint": "enabled", "http_put_response_hop_limit": 1, - "http_tokens": "optional" + "http_tokens": "required" }, "network_interfaces": [ { diff --git a/tests/integration/update_cluster/minimal/kubernetes.tf b/tests/integration/update_cluster/minimal/kubernetes.tf index b6a308c6c4..9c59357706 100644 --- a/tests/integration/update_cluster/minimal/kubernetes.tf +++ b/tests/integration/update_cluster/minimal/kubernetes.tf @@ -298,7 +298,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.minimal.example.com" network_interfaces { @@ -369,7 +369,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.minimal.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/mixed_instances/cloudformation.json b/tests/integration/update_cluster/mixed_instances/cloudformation.json index d5532f0bcf..e7f9949279 100644 --- a/tests/integration/update_cluster/mixed_instances/cloudformation.json +++ b/tests/integration/update_cluster/mixed_instances/cloudformation.json @@ -412,7 +412,7 @@ "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -538,7 +538,7 @@ "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -664,7 +664,7 @@ "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -786,7 +786,7 @@ "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { diff --git a/tests/integration/update_cluster/mixed_instances/kubernetes.tf b/tests/integration/update_cluster/mixed_instances/kubernetes.tf index 5a70d8f65d..2f83e1aa72 100644 --- a/tests/integration/update_cluster/mixed_instances/kubernetes.tf +++ b/tests/integration/update_cluster/mixed_instances/kubernetes.tf @@ -488,7 +488,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-mixedinstances-example metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.mixedinstances.example.com" network_interfaces { @@ -563,7 +563,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-mixedinstances-example metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1b.masters.mixedinstances.example.com" network_interfaces { @@ -638,7 +638,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-mixedinstances-example metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1c.masters.mixedinstances.example.com" network_interfaces { @@ -709,7 +709,7 @@ resource "aws_launch_template" "nodes-mixedinstances-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.mixedinstances.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json b/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json index 2fa20922c0..55186fd963 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json +++ b/tests/integration/update_cluster/mixed_instances_spot/cloudformation.json @@ -413,7 +413,7 @@ "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -539,7 +539,7 @@ "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -665,7 +665,7 @@ "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -787,7 +787,7 @@ "KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { diff --git a/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf b/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf index ca30a2a113..559dd928bb 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf +++ b/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf @@ -488,7 +488,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-mixedinstances-example metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.mixedinstances.example.com" network_interfaces { @@ -563,7 +563,7 @@ resource "aws_launch_template" "master-us-test-1b-masters-mixedinstances-example metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1b.masters.mixedinstances.example.com" network_interfaces { @@ -638,7 +638,7 @@ resource "aws_launch_template" "master-us-test-1c-masters-mixedinstances-example metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1c.masters.mixedinstances.example.com" network_interfaces { @@ -709,7 +709,7 @@ resource "aws_launch_template" "nodes-mixedinstances-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.mixedinstances.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/private-shared-ip/cloudformation.json b/tests/integration/update_cluster/private-shared-ip/cloudformation.json index b2532d8dc9..becc34997b 100644 --- a/tests/integration/update_cluster/private-shared-ip/cloudformation.json +++ b/tests/integration/update_cluster/private-shared-ip/cloudformation.json @@ -271,7 +271,7 @@ "KeyName": "kubernetes.private-shared-ip.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -389,7 +389,7 @@ "KeyName": "kubernetes.private-shared-ip.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -511,7 +511,7 @@ "KeyName": "kubernetes.private-shared-ip.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { diff --git a/tests/integration/update_cluster/private-shared-ip/kubernetes.tf b/tests/integration/update_cluster/private-shared-ip/kubernetes.tf index a10232275b..13da2ef8cc 100644 --- a/tests/integration/update_cluster/private-shared-ip/kubernetes.tf +++ b/tests/integration/update_cluster/private-shared-ip/kubernetes.tf @@ -432,7 +432,7 @@ resource "aws_launch_template" "bastion-private-shared-ip-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "bastion.private-shared-ip.example.com" network_interfaces { @@ -503,7 +503,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-private-shared-ip-exam metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.private-shared-ip.example.com" network_interfaces { @@ -574,7 +574,7 @@ resource "aws_launch_template" "nodes-private-shared-ip-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.private-shared-ip.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf b/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf index c3dd2ec401..3180433697 100644 --- a/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf +++ b/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf @@ -427,7 +427,7 @@ resource "aws_launch_template" "bastion-private-shared-subnet-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "bastion.private-shared-subnet.example.com" network_interfaces { @@ -498,7 +498,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-private-shared-subnet- metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.private-shared-subnet.example.com" network_interfaces { @@ -569,7 +569,7 @@ resource "aws_launch_template" "nodes-private-shared-subnet-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.private-shared-subnet.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/privatecalico/cloudformation.json b/tests/integration/update_cluster/privatecalico/cloudformation.json index 011fbbf3c2..9b773a1173 100644 --- a/tests/integration/update_cluster/privatecalico/cloudformation.json +++ b/tests/integration/update_cluster/privatecalico/cloudformation.json @@ -333,7 +333,7 @@ "KeyName": "kubernetes.privatecalico.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -451,7 +451,7 @@ "KeyName": "kubernetes.privatecalico.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -573,7 +573,7 @@ "KeyName": "kubernetes.privatecalico.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { diff --git a/tests/integration/update_cluster/privatecalico/kubernetes.tf b/tests/integration/update_cluster/privatecalico/kubernetes.tf index b121e54c26..4663ea0584 100644 --- a/tests/integration/update_cluster/privatecalico/kubernetes.tf +++ b/tests/integration/update_cluster/privatecalico/kubernetes.tf @@ -455,7 +455,7 @@ resource "aws_launch_template" "bastion-privatecalico-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "bastion.privatecalico.example.com" network_interfaces { @@ -526,7 +526,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecalico-example- metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.privatecalico.example.com" network_interfaces { @@ -597,7 +597,7 @@ resource "aws_launch_template" "nodes-privatecalico-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.privatecalico.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/privatecanal/kubernetes.tf b/tests/integration/update_cluster/privatecanal/kubernetes.tf index 782d8f6d22..87d76b38ba 100644 --- a/tests/integration/update_cluster/privatecanal/kubernetes.tf +++ b/tests/integration/update_cluster/privatecanal/kubernetes.tf @@ -455,7 +455,7 @@ resource "aws_launch_template" "bastion-privatecanal-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "bastion.privatecanal.example.com" network_interfaces { @@ -526,7 +526,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecanal-example-c metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.privatecanal.example.com" network_interfaces { @@ -597,7 +597,7 @@ resource "aws_launch_template" "nodes-privatecanal-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.privatecanal.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/privatecilium/cloudformation.json b/tests/integration/update_cluster/privatecilium/cloudformation.json index 9052067cac..e334e86d42 100644 --- a/tests/integration/update_cluster/privatecilium/cloudformation.json +++ b/tests/integration/update_cluster/privatecilium/cloudformation.json @@ -333,7 +333,7 @@ "KeyName": "kubernetes.privatecilium.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -451,7 +451,7 @@ "KeyName": "kubernetes.privatecilium.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -573,7 +573,7 @@ "KeyName": "kubernetes.privatecilium.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { diff --git a/tests/integration/update_cluster/privatecilium/kubernetes.tf b/tests/integration/update_cluster/privatecilium/kubernetes.tf index 4b653370c2..f6ffa8e808 100644 --- a/tests/integration/update_cluster/privatecilium/kubernetes.tf +++ b/tests/integration/update_cluster/privatecilium/kubernetes.tf @@ -455,7 +455,7 @@ resource "aws_launch_template" "bastion-privatecilium-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "bastion.privatecilium.example.com" network_interfaces { @@ -526,7 +526,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecilium-example- metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.privatecilium.example.com" network_interfaces { @@ -597,7 +597,7 @@ resource "aws_launch_template" "nodes-privatecilium-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.privatecilium.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/privatecilium2/cloudformation.json b/tests/integration/update_cluster/privatecilium2/cloudformation.json index 9052067cac..e334e86d42 100644 --- a/tests/integration/update_cluster/privatecilium2/cloudformation.json +++ b/tests/integration/update_cluster/privatecilium2/cloudformation.json @@ -333,7 +333,7 @@ "KeyName": "kubernetes.privatecilium.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -451,7 +451,7 @@ "KeyName": "kubernetes.privatecilium.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -573,7 +573,7 @@ "KeyName": "kubernetes.privatecilium.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { diff --git a/tests/integration/update_cluster/privatecilium2/kubernetes.tf b/tests/integration/update_cluster/privatecilium2/kubernetes.tf index 4b653370c2..f6ffa8e808 100644 --- a/tests/integration/update_cluster/privatecilium2/kubernetes.tf +++ b/tests/integration/update_cluster/privatecilium2/kubernetes.tf @@ -455,7 +455,7 @@ resource "aws_launch_template" "bastion-privatecilium-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "bastion.privatecilium.example.com" network_interfaces { @@ -526,7 +526,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatecilium-example- metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.privatecilium.example.com" network_interfaces { @@ -597,7 +597,7 @@ resource "aws_launch_template" "nodes-privatecilium-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.privatecilium.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json b/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json index 27e24daf40..571b96044c 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json +++ b/tests/integration/update_cluster/privateciliumadvanced/cloudformation.json @@ -333,7 +333,7 @@ "KeyName": "kubernetes.privateciliumadvanced.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -451,7 +451,7 @@ "KeyName": "kubernetes.privateciliumadvanced.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { @@ -573,7 +573,7 @@ "KeyName": "kubernetes.privateciliumadvanced.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "MetadataOptions": { "HttpPutResponseHopLimit": 1, - "HttpTokens": "optional" + "HttpTokens": "required" }, "NetworkInterfaces": [ { diff --git a/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf b/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf index f3e99993af..1053635a92 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf +++ b/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf @@ -469,7 +469,7 @@ resource "aws_launch_template" "bastion-privateciliumadvanced-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "bastion.privateciliumadvanced.example.com" network_interfaces { @@ -540,7 +540,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privateciliumadvanced- metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.privateciliumadvanced.example.com" network_interfaces { @@ -611,7 +611,7 @@ resource "aws_launch_template" "nodes-privateciliumadvanced-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.privateciliumadvanced.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/privatedns1/kubernetes.tf b/tests/integration/update_cluster/privatedns1/kubernetes.tf index 5fdf2c8842..9cb26c5bec 100644 --- a/tests/integration/update_cluster/privatedns1/kubernetes.tf +++ b/tests/integration/update_cluster/privatedns1/kubernetes.tf @@ -505,7 +505,7 @@ resource "aws_launch_template" "bastion-privatedns1-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "bastion.privatedns1.example.com" network_interfaces { @@ -582,7 +582,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatedns1-example-co metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.privatedns1.example.com" network_interfaces { @@ -659,7 +659,7 @@ resource "aws_launch_template" "nodes-privatedns1-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.privatedns1.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/privatedns2/kubernetes.tf b/tests/integration/update_cluster/privatedns2/kubernetes.tf index 195211543a..3e6880da36 100644 --- a/tests/integration/update_cluster/privatedns2/kubernetes.tf +++ b/tests/integration/update_cluster/privatedns2/kubernetes.tf @@ -441,7 +441,7 @@ resource "aws_launch_template" "bastion-privatedns2-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "bastion.privatedns2.example.com" network_interfaces { @@ -512,7 +512,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatedns2-example-co metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.privatedns2.example.com" network_interfaces { @@ -583,7 +583,7 @@ resource "aws_launch_template" "nodes-privatedns2-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.privatedns2.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/privateflannel/kubernetes.tf b/tests/integration/update_cluster/privateflannel/kubernetes.tf index f62f393ad1..86bc479e83 100644 --- a/tests/integration/update_cluster/privateflannel/kubernetes.tf +++ b/tests/integration/update_cluster/privateflannel/kubernetes.tf @@ -455,7 +455,7 @@ resource "aws_launch_template" "bastion-privateflannel-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "bastion.privateflannel.example.com" network_interfaces { @@ -526,7 +526,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privateflannel-example metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.privateflannel.example.com" network_interfaces { @@ -597,7 +597,7 @@ resource "aws_launch_template" "nodes-privateflannel-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.privateflannel.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/privatekopeio/kubernetes.tf b/tests/integration/update_cluster/privatekopeio/kubernetes.tf index f9924c3413..55e6535f9b 100644 --- a/tests/integration/update_cluster/privatekopeio/kubernetes.tf +++ b/tests/integration/update_cluster/privatekopeio/kubernetes.tf @@ -461,7 +461,7 @@ resource "aws_launch_template" "bastion-privatekopeio-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "bastion.privatekopeio.example.com" network_interfaces { @@ -532,7 +532,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privatekopeio-example- metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.privatekopeio.example.com" network_interfaces { @@ -603,7 +603,7 @@ resource "aws_launch_template" "nodes-privatekopeio-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.privatekopeio.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/privateweave/kubernetes.tf b/tests/integration/update_cluster/privateweave/kubernetes.tf index c00c081bc1..3a7f98c189 100644 --- a/tests/integration/update_cluster/privateweave/kubernetes.tf +++ b/tests/integration/update_cluster/privateweave/kubernetes.tf @@ -455,7 +455,7 @@ resource "aws_launch_template" "bastion-privateweave-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "bastion.privateweave.example.com" network_interfaces { @@ -526,7 +526,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-privateweave-example-c metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.privateweave.example.com" network_interfaces { @@ -597,7 +597,7 @@ resource "aws_launch_template" "nodes-privateweave-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.privateweave.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/public-jwks/kubernetes.tf b/tests/integration/update_cluster/public-jwks/kubernetes.tf index f4ddba6359..7c67354283 100644 --- a/tests/integration/update_cluster/public-jwks/kubernetes.tf +++ b/tests/integration/update_cluster/public-jwks/kubernetes.tf @@ -330,7 +330,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-minimal-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.minimal.example.com" network_interfaces { @@ -401,7 +401,7 @@ resource "aws_launch_template" "nodes-minimal-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.minimal.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/shared_subnet/kubernetes.tf b/tests/integration/update_cluster/shared_subnet/kubernetes.tf index f694bb05fb..0a7ad94679 100644 --- a/tests/integration/update_cluster/shared_subnet/kubernetes.tf +++ b/tests/integration/update_cluster/shared_subnet/kubernetes.tf @@ -284,7 +284,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-sharedsubnet-example-c metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.sharedsubnet.example.com" network_interfaces { @@ -355,7 +355,7 @@ resource "aws_launch_template" "nodes-sharedsubnet-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.sharedsubnet.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/shared_vpc/kubernetes.tf b/tests/integration/update_cluster/shared_vpc/kubernetes.tf index d40b065a44..46578cc632 100644 --- a/tests/integration/update_cluster/shared_vpc/kubernetes.tf +++ b/tests/integration/update_cluster/shared_vpc/kubernetes.tf @@ -284,7 +284,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-sharedvpc-example-com" metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.sharedvpc.example.com" network_interfaces { @@ -355,7 +355,7 @@ resource "aws_launch_template" "nodes-sharedvpc-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.sharedvpc.example.com" network_interfaces { diff --git a/tests/integration/update_cluster/unmanaged/kubernetes.tf b/tests/integration/update_cluster/unmanaged/kubernetes.tf index 620dd321f8..46c5bf1d4d 100644 --- a/tests/integration/update_cluster/unmanaged/kubernetes.tf +++ b/tests/integration/update_cluster/unmanaged/kubernetes.tf @@ -432,7 +432,7 @@ resource "aws_launch_template" "bastion-unmanaged-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "bastion.unmanaged.example.com" network_interfaces { @@ -503,7 +503,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-unmanaged-example-com" metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "master-us-test-1a.masters.unmanaged.example.com" network_interfaces { @@ -574,7 +574,7 @@ resource "aws_launch_template" "nodes-unmanaged-example-com" { metadata_options { http_endpoint = "enabled" http_put_response_hop_limit = 1 - http_tokens = "optional" + http_tokens = "required" } name = "nodes.unmanaged.example.com" network_interfaces {