mirror of https://github.com/kubernetes/kops.git
Update IAM builder tests to use external CCM
This commit is contained in:
John Gardiner Myers
parent
965712d22b
commit
daf3d0808c
|
|
@ -209,6 +209,7 @@ func TestPolicyGeneration(t *testing.T) {
|
|||
},
|
||||
},
|
||||
},
|
||||
ExternalCloudControllerManager: &kops.CloudControllerManagerConfig{},
|
||||
Networking: kops.NetworkingSpec{
|
||||
Kubenet: &kops.KubenetNetworkingSpec{},
|
||||
},
|
||||
|
|
|
|||
|
|
@ -32,39 +32,6 @@
|
|||
"arn:aws-test:s3:::kops-tests"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": "ec2:CreateTags",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"aws:RequestTag/KubernetesCluster": "iam-builder-test.k8s.local",
|
||||
"ec2:CreateAction": [
|
||||
"CreateSecurityGroup"
|
||||
]
|
||||
}
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Resource": [
|
||||
"arn:aws-test:ec2:*:*:security-group/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/KubernetesCluster": "true"
|
||||
},
|
||||
"StringEquals": {
|
||||
"aws:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
|
||||
}
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Resource": [
|
||||
"arn:aws-test:ec2:*:*:security-group/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": "ec2:CreateTags",
|
||||
"Condition": {
|
||||
|
|
@ -101,6 +68,39 @@
|
|||
"arn:aws-test:ec2:*:*:snapshot/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": "ec2:CreateTags",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"aws:RequestTag/KubernetesCluster": "iam-builder-test.k8s.local",
|
||||
"ec2:CreateAction": [
|
||||
"CreateSecurityGroup"
|
||||
]
|
||||
}
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Resource": [
|
||||
"arn:aws-test:ec2:*:*:security-group/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/KubernetesCluster": "true"
|
||||
},
|
||||
"StringEquals": {
|
||||
"aws:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
|
||||
}
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Resource": [
|
||||
"arn:aws-test:ec2:*:*:security-group/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": [
|
||||
"autoscaling:DescribeAutoScalingGroups",
|
||||
|
|
@ -108,13 +108,6 @@
|
|||
"autoscaling:DescribeLaunchConfigurations",
|
||||
"autoscaling:DescribeScalingActivities",
|
||||
"autoscaling:DescribeTags",
|
||||
"ec2:AttachVolume",
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:CreateSecurityGroup",
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteRoute",
|
||||
"ec2:DeleteSecurityGroup",
|
||||
"ec2:DeleteVolume",
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInstanceTypes",
|
||||
|
|
@ -128,21 +121,12 @@
|
|||
"ec2:DescribeVolumes",
|
||||
"ec2:DescribeVolumesModifications",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DetachVolume",
|
||||
"ec2:ModifyInstanceAttribute",
|
||||
"ec2:ModifyVolume",
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:CreateTargetGroup",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeLoadBalancerPolicies",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"iam:GetServerCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"kms:CreateGrant",
|
||||
|
|
|
|||
|
|
@ -32,39 +32,6 @@
|
|||
"arn:aws-test:s3:::kops-tests"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": "ec2:CreateTags",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"aws:RequestTag/KubernetesCluster": "iam-builder-test.k8s.local",
|
||||
"ec2:CreateAction": [
|
||||
"CreateSecurityGroup"
|
||||
]
|
||||
}
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Resource": [
|
||||
"arn:aws-test:ec2:*:*:security-group/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/KubernetesCluster": "true"
|
||||
},
|
||||
"StringEquals": {
|
||||
"aws:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
|
||||
}
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Resource": [
|
||||
"arn:aws-test:ec2:*:*:security-group/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": "ec2:CreateTags",
|
||||
"Condition": {
|
||||
|
|
@ -101,6 +68,39 @@
|
|||
"arn:aws-test:ec2:*:*:snapshot/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": "ec2:CreateTags",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"aws:RequestTag/KubernetesCluster": "iam-builder-test.k8s.local",
|
||||
"ec2:CreateAction": [
|
||||
"CreateSecurityGroup"
|
||||
]
|
||||
}
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Resource": [
|
||||
"arn:aws-test:ec2:*:*:security-group/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/KubernetesCluster": "true"
|
||||
},
|
||||
"StringEquals": {
|
||||
"aws:ResourceTag/KubernetesCluster": "iam-builder-test.k8s.local"
|
||||
}
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Resource": [
|
||||
"arn:aws-test:ec2:*:*:security-group/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": [
|
||||
"autoscaling:DescribeAutoScalingGroups",
|
||||
|
|
@ -108,13 +108,6 @@
|
|||
"autoscaling:DescribeLaunchConfigurations",
|
||||
"autoscaling:DescribeScalingActivities",
|
||||
"autoscaling:DescribeTags",
|
||||
"ec2:AttachVolume",
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:CreateSecurityGroup",
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteRoute",
|
||||
"ec2:DeleteSecurityGroup",
|
||||
"ec2:DeleteVolume",
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInstanceTypes",
|
||||
|
|
@ -128,9 +121,6 @@
|
|||
"ec2:DescribeVolumes",
|
||||
"ec2:DescribeVolumesModifications",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DetachVolume",
|
||||
"ec2:ModifyInstanceAttribute",
|
||||
"ec2:ModifyVolume",
|
||||
"ecr:BatchCheckLayerAvailability",
|
||||
"ecr:BatchGetImage",
|
||||
"ecr:DescribeRepositories",
|
||||
|
|
@ -138,18 +128,12 @@
|
|||
"ecr:GetDownloadUrlForLayer",
|
||||
"ecr:GetRepositoryPolicy",
|
||||
"ecr:ListImages",
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:CreateTargetGroup",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeLoadBalancerPolicies",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"iam:GetServerCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"kms:CreateGrant",
|
||||
|
|
|
|||
|
|
@ -32,39 +32,6 @@
|
|||
"arn:aws-test:s3:::kops-tests"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": "ec2:CreateTags",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"aws:RequestTag/KubernetesCluster": "iam-builder-test.nonexistant",
|
||||
"ec2:CreateAction": [
|
||||
"CreateSecurityGroup"
|
||||
]
|
||||
}
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Resource": [
|
||||
"arn:aws-test:ec2:*:*:security-group/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/KubernetesCluster": "true"
|
||||
},
|
||||
"StringEquals": {
|
||||
"aws:ResourceTag/KubernetesCluster": "iam-builder-test.nonexistant"
|
||||
}
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Resource": [
|
||||
"arn:aws-test:ec2:*:*:security-group/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": "ec2:CreateTags",
|
||||
"Condition": {
|
||||
|
|
@ -101,6 +68,39 @@
|
|||
"arn:aws-test:ec2:*:*:snapshot/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": "ec2:CreateTags",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"aws:RequestTag/KubernetesCluster": "iam-builder-test.nonexistant",
|
||||
"ec2:CreateAction": [
|
||||
"CreateSecurityGroup"
|
||||
]
|
||||
}
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Resource": [
|
||||
"arn:aws-test:ec2:*:*:security-group/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/KubernetesCluster": "true"
|
||||
},
|
||||
"StringEquals": {
|
||||
"aws:ResourceTag/KubernetesCluster": "iam-builder-test.nonexistant"
|
||||
}
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Resource": [
|
||||
"arn:aws-test:ec2:*:*:security-group/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": [
|
||||
"autoscaling:DescribeAutoScalingGroups",
|
||||
|
|
@ -108,13 +108,6 @@
|
|||
"autoscaling:DescribeLaunchConfigurations",
|
||||
"autoscaling:DescribeScalingActivities",
|
||||
"autoscaling:DescribeTags",
|
||||
"ec2:AttachVolume",
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:CreateSecurityGroup",
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteRoute",
|
||||
"ec2:DeleteSecurityGroup",
|
||||
"ec2:DeleteVolume",
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInstanceTypes",
|
||||
|
|
@ -128,21 +121,12 @@
|
|||
"ec2:DescribeVolumes",
|
||||
"ec2:DescribeVolumesModifications",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DetachVolume",
|
||||
"ec2:ModifyInstanceAttribute",
|
||||
"ec2:ModifyVolume",
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:CreateTargetGroup",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeLoadBalancerPolicies",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"iam:GetServerCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"kms:CreateGrant",
|
||||
|
|
|
|||
|
|
@ -32,39 +32,6 @@
|
|||
"arn:aws-test:s3:::kops-tests"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": "ec2:CreateTags",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"aws:RequestTag/KubernetesCluster": "iam-builder-test.nonexistant",
|
||||
"ec2:CreateAction": [
|
||||
"CreateSecurityGroup"
|
||||
]
|
||||
}
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Resource": [
|
||||
"arn:aws-test:ec2:*:*:security-group/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/KubernetesCluster": "true"
|
||||
},
|
||||
"StringEquals": {
|
||||
"aws:ResourceTag/KubernetesCluster": "iam-builder-test.nonexistant"
|
||||
}
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Resource": [
|
||||
"arn:aws-test:ec2:*:*:security-group/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": "ec2:CreateTags",
|
||||
"Condition": {
|
||||
|
|
@ -101,6 +68,39 @@
|
|||
"arn:aws-test:ec2:*:*:snapshot/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": "ec2:CreateTags",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"aws:RequestTag/KubernetesCluster": "iam-builder-test.nonexistant",
|
||||
"ec2:CreateAction": [
|
||||
"CreateSecurityGroup"
|
||||
]
|
||||
}
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Resource": [
|
||||
"arn:aws-test:ec2:*:*:security-group/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": [
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteTags"
|
||||
],
|
||||
"Condition": {
|
||||
"Null": {
|
||||
"aws:RequestTag/KubernetesCluster": "true"
|
||||
},
|
||||
"StringEquals": {
|
||||
"aws:ResourceTag/KubernetesCluster": "iam-builder-test.nonexistant"
|
||||
}
|
||||
},
|
||||
"Effect": "Allow",
|
||||
"Resource": [
|
||||
"arn:aws-test:ec2:*:*:security-group/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Action": [
|
||||
"autoscaling:DescribeAutoScalingGroups",
|
||||
|
|
@ -108,13 +108,6 @@
|
|||
"autoscaling:DescribeLaunchConfigurations",
|
||||
"autoscaling:DescribeScalingActivities",
|
||||
"autoscaling:DescribeTags",
|
||||
"ec2:AttachVolume",
|
||||
"ec2:AuthorizeSecurityGroupIngress",
|
||||
"ec2:CreateSecurityGroup",
|
||||
"ec2:CreateTags",
|
||||
"ec2:DeleteRoute",
|
||||
"ec2:DeleteSecurityGroup",
|
||||
"ec2:DeleteVolume",
|
||||
"ec2:DescribeAccountAttributes",
|
||||
"ec2:DescribeAvailabilityZones",
|
||||
"ec2:DescribeInstanceTypes",
|
||||
|
|
@ -128,9 +121,6 @@
|
|||
"ec2:DescribeVolumes",
|
||||
"ec2:DescribeVolumesModifications",
|
||||
"ec2:DescribeVpcs",
|
||||
"ec2:DetachVolume",
|
||||
"ec2:ModifyInstanceAttribute",
|
||||
"ec2:ModifyVolume",
|
||||
"ecr:BatchCheckLayerAvailability",
|
||||
"ecr:BatchGetImage",
|
||||
"ecr:DescribeRepositories",
|
||||
|
|
@ -138,18 +128,12 @@
|
|||
"ecr:GetDownloadUrlForLayer",
|
||||
"ecr:GetRepositoryPolicy",
|
||||
"ecr:ListImages",
|
||||
"elasticloadbalancing:AddTags",
|
||||
"elasticloadbalancing:CreateListener",
|
||||
"elasticloadbalancing:CreateTargetGroup",
|
||||
"elasticloadbalancing:DeleteListener",
|
||||
"elasticloadbalancing:DescribeListeners",
|
||||
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
||||
"elasticloadbalancing:DescribeLoadBalancerPolicies",
|
||||
"elasticloadbalancing:DescribeLoadBalancers",
|
||||
"elasticloadbalancing:DescribeTargetGroups",
|
||||
"elasticloadbalancing:DescribeTargetHealth",
|
||||
"elasticloadbalancing:ModifyListener",
|
||||
"elasticloadbalancing:RegisterTargets",
|
||||
"iam:GetServerCertificate",
|
||||
"iam:ListServerCertificates",
|
||||
"kms:CreateGrant",
|
||||
|
|
|
|||
Loading…
Reference in New Issue