From a0c9b87c4c1ad1d2f09a0df55a22a31133a877a0 Mon Sep 17 00:00:00 2001 From: JD Davis Date: Sun, 22 Dec 2024 05:50:37 +0000 Subject: [PATCH 1/2] adding support for us-isof and eu-isoe regions --- go.mod | 26 +- go.sum | 54 +++++ .../testdata/al2-force-false-template.json | 10 + .../testdata/al2-no-force-template.json | 10 + .../testdata/al2-updated-template.json | 10 + .../testdata/br-force-false-template.json | 10 + .../testdata/br-force-true-template.json | 10 + .../testdata/br-updated-template.json | 10 + pkg/apis/eksctl.io/v1alpha5/partitions.go | 44 +++- pkg/apis/eksctl.io/v1alpha5/types.go | 37 ++- pkg/awsapi/outposts.go | 4 +- pkg/cfn/builder/karpenter_test.go | 30 +++ .../testdata/nodegroup_access_entry/1.json | 10 + .../testdata/nodegroup_access_entry/2.json | 10 + .../testdata/nodegroup_access_entry/3.json | 10 + .../testdata/service_details_isob.json | 162 +++++++++++++ .../testdata/service_details_isoe.json | 162 +++++++++++++ .../testdata/service_details_isof.json | 162 +++++++++++++ .../builder/testdata/vpc_private_isob.json | 225 ++++++++++++++++++ .../builder/testdata/vpc_private_isoe.json | 225 ++++++++++++++++++ .../builder/testdata/vpc_private_isof.json | 225 ++++++++++++++++++ pkg/cfn/builder/vpc_endpoint_test.go | 72 ++++++ pkg/connector/arn_test.go | 2 + userdocs/src/getting-started.md | 2 +- userdocs/theme/home.html | 3 +- 25 files changed, 1502 insertions(+), 23 deletions(-) create mode 100644 pkg/cfn/builder/testdata/service_details_isob.json create mode 100644 pkg/cfn/builder/testdata/service_details_isoe.json create mode 100644 pkg/cfn/builder/testdata/service_details_isof.json create mode 100644 pkg/cfn/builder/testdata/vpc_private_isob.json create mode 100644 pkg/cfn/builder/testdata/vpc_private_isoe.json create mode 100644 pkg/cfn/builder/testdata/vpc_private_isof.json diff --git a/go.mod b/go.mod index 984266e1a8..134d89034b 100644 --- a/go.mod +++ b/go.mod @@ -11,22 +11,22 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/aws/amazon-ec2-instance-selector/v2 v2.4.2-0.20230601180523-74e721cb8c1e github.com/aws/aws-sdk-go v1.51.16 - github.com/aws/aws-sdk-go-v2 v1.32.6 + github.com/aws/aws-sdk-go-v2 v1.32.8 github.com/aws/aws-sdk-go-v2/config v1.27.11 github.com/aws/aws-sdk-go-v2/credentials v1.17.11 - github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.1 - github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.1 - github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.46.3 - github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.45.0 + github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.4 + github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.4 + github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.46.6 + github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.45.3 github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.36.3 github.com/aws/aws-sdk-go-v2/service/ec2 v1.166.0 - github.com/aws/aws-sdk-go-v2/service/eks v1.53.0 - github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.28.6 - github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.43.1 - github.com/aws/aws-sdk-go-v2/service/iam v1.38.2 + github.com/aws/aws-sdk-go-v2/service/eks v1.56.2 + github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.28.9 + github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.43.4 + github.com/aws/aws-sdk-go-v2/service/iam v1.38.4 github.com/aws/aws-sdk-go-v2/service/kms v1.27.5 - github.com/aws/aws-sdk-go-v2/service/outposts v1.47.2 - github.com/aws/aws-sdk-go-v2/service/ssm v1.56.1 + github.com/aws/aws-sdk-go-v2/service/outposts v1.48.1 + github.com/aws/aws-sdk-go-v2/service/ssm v1.56.4 github.com/aws/aws-sdk-go-v2/service/sts v1.28.6 github.com/aws/smithy-go v1.22.1 github.com/awslabs/amazon-eks-ami/nodeadm v0.0.0-20240508073157-fbfa1bc129f5 @@ -127,8 +127,8 @@ require ( github.com/atotto/clipboard v0.1.4 // indirect github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.27 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 // indirect diff --git a/go.sum b/go.sum index e77165d7e5..2c8bcfb387 100644 --- a/go.sum +++ b/go.sum @@ -718,6 +718,10 @@ github.com/aws/aws-sdk-go v1.51.16/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3Tj github.com/aws/aws-sdk-go-v2 v1.16.15/go.mod h1:SwiyXi/1zTUZ6KIAmLK5V5ll8SiURNUYOqTerZPaF9k= github.com/aws/aws-sdk-go-v2 v1.32.6 h1:7BokKRgRPuGmKkFMhEg/jSul+tB9VvXhcViILtfG8b4= github.com/aws/aws-sdk-go-v2 v1.32.6/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/aws/aws-sdk-go-v2 v1.32.7 h1:ky5o35oENWi0JYWUZkB7WYvVPP+bcRF5/Iq7JWSb5Rw= +github.com/aws/aws-sdk-go-v2 v1.32.7/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= +github.com/aws/aws-sdk-go-v2 v1.32.8 h1:cZV+NUS/eGxKXMtmyhtYPJ7Z4YLoI/V8bkTdRZfYhGo= +github.com/aws/aws-sdk-go-v2 v1.32.8/go.mod h1:P5WJBrYqqbWVaOxgH0X/FYYD47/nooaPOZPlQdmiN2U= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7 h1:lL7IfaFzngfx0ZwUGOZdsFFnQ5uLvR0hWqqhyE7Q9M8= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.7/go.mod h1:QraP0UcVlQJsmHfioCrveWOC1nbiWUl3ej08h4mXWoc= github.com/aws/aws-sdk-go-v2/config v1.27.11 h1:f47rANd2LQEYHda2ddSCKYId18/8BhSRM4BULGmfgNA= @@ -729,33 +733,75 @@ github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.1/go.mod h1:zusuAeqezXzAB24L github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.22/go.mod h1:/vNv5Al0bpiF8YdX2Ov6Xy05VTiXsql94yUqJMYaj0w= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25 h1:s/fF4+yDQDoElYhfIVvSNyeCydfbuTKzhxSXDXCPasU= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.25/go.mod h1:IgPfDv5jqFIzQSNbUEMoitNooSMXjRSDkhXv8jiROvU= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.26 h1:I/5wmGMffY4happ8NOCuIUEWGUvvFp5NSeQcXl9RHcI= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.26/go.mod h1:FR8f4turZtNy6baO0KJ5FJUmXH/cSkI9fOngs0yl6mA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27 h1:jSJjSBzw8VDIbWv+mmvBSP8ezsztMYJGH+eKqi9AmNs= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.27/go.mod h1:/DAhLbFRgwhmvJdOfSm+WwikZrCuUJiA4WgJG0fTNSw= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.16/go.mod h1:62dsXI0BqTIGomDl8Hpm33dv0OntGaVblri3ZRParVQ= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25 h1:ZntTCl5EsYnhN/IygQEUugpdwbhdkom9uHcbCftiGgA= github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.25/go.mod h1:DBdPrgeocww+CSl1C8cEV8PN1mHMBhuCDLpXezyvWkE= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.26 h1:zXFLuEuMMUOvEARXFUVJdfqZ4bvvSgdGRq/ATcrQxzM= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.26/go.mod h1:3o2Wpy0bogG1kyOPrgkXA8pgIfEEv0+m19O9D5+W8y8= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.27 h1:l+X4K77Dui85pIj5foXDhPlnqcNRG2QUyvca300lXh8= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.27/go.mod h1:KvZXSFEXm6x84yE8qffKvT3x8J5clWnVFXphpohhzJ8= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.1 h1:XFZsqNpwwi/D8nFI/tdUQn1QW1BTVcuQH382RNUXojE= github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.1/go.mod h1:r+eOyjSMo2zY+j6zEEaHjb7nU74oyva1r2/wFqDkPg4= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.2 h1:MSSstL6YXAw2K68L1kph02WTQHKeb/lwmbsMhswpjuY= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.2/go.mod h1:t5bdAowh8MWq51TuDmltU+wtxMl/VaegNwSBaznkUYc= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.4 h1:w4Tdy9sQlJdcF5dZ9H5uRxradA9Mi2Hp4eOHQmxUJhA= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.51.4/go.mod h1:6klY3glv/b/phmA0CUj38SWNBior8rKtVvAJrAXljis= github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.1 h1:EqRhsrEoXFFyzcNuqQCF1g9rG9EA8K2EiUj6/eWClgk= github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.1/go.mod h1:75rrfzgrN4Ol0m9Xo4+8S09KBoGAd1t6eafFHMt5wDI= +github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.2 h1:6USen+lDo8xYQutfnzhSeNLKEykNmBPfrcBmYKhLP38= +github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.2/go.mod h1:10A7sHyxlTZSB7419K2wq/1tn0x/K9/drbD2j8VRZVc= +github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.4 h1:uH6So7Ee+2JQf+TKbfifXKUDNN0JfaJ6CgJ6Bh/u1sc= +github.com/aws/aws-sdk-go-v2/service/cloudformation v1.56.4/go.mod h1:GdDLBO8SzD4wvQ6fhqU1QCmvG1waj1MPHL4cBtuSgdQ= github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.46.2 h1:DrN2vg75JseLCepYjMVav43e+v7+AhArtWlm2F0OJ6Y= github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.46.2/go.mod h1:WcTfALKgqv+VCMRCLtG4155sAwcfdYhFADc/yDJgSlc= github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.46.3 h1:DfrEQMWCfk0wkuv/r0zwcGoykCuYWCLoGolbax6O3sw= github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.46.3/go.mod h1:WcTfALKgqv+VCMRCLtG4155sAwcfdYhFADc/yDJgSlc= +github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.46.4 h1:ZE5iFAPF6FnBHTkkiuC60+U1wqTyj0fJ0F2ZRu/4bhg= +github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.46.4/go.mod h1:2lQF0aEQAXkUf/Td7RqGIuylJlJO6wSv/onvNdShVyA= +github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.46.6 h1:fMIPTKNUEtU0JCBtKEDH0mvhyDBYZ6dEgqpBOYB5hOU= +github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.46.6/go.mod h1:a2KI7mJ3kF1AdkW4Cyu0fl/6G9H+x7J7KD7BZdvLwYg= github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.45.0 h1:j9rGKWaYglZpf9KbJCQVM/L85Y4UdGMgK80A1OddR24= github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.45.0/go.mod h1:LZafBHU62ByizrdhNLMnzWGsUX+abAW4q35PN+FOj+A= +github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.45.1 h1:f6jhr4U8osQQrJrzKsWcbTZwK4xA0wUF52sN0zvLKUY= +github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.45.1/go.mod h1:u8Bi6DG9tLOVIS9MNqtE3vh9T6I/U/8RBpYvy/VyMjc= +github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.45.3 h1:va7zt8/kkg5zR0TX2r7wCXssdZ4+blRxbsA6IS9XXYI= +github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.45.3/go.mod h1:CijDCaRp5sH8QM0LqImyzy5roG8cOtgp2Abj0V/4luk= github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.36.3 h1:JNWpkjImTP2e308bv7ihfwgOawf640BY/pyZWrBb9rw= github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.36.3/go.mod h1:TiLZ2/+WAEyG2PnuAYj/un46UJ7qBf5BWWTAKgaHP8I= github.com/aws/aws-sdk-go-v2/service/ec2 v1.166.0 h1:FDZVMxzXB13cRmHs3t3tH9gme8GhvmjsQXeXFI37OHU= github.com/aws/aws-sdk-go-v2/service/ec2 v1.166.0/go.mod h1:Wv7N3iFOKVsZNIaw9MOBUmwCkX6VMmQQRFhMrHtNGno= github.com/aws/aws-sdk-go-v2/service/eks v1.53.0 h1:ACTxnLwL6YNmuYbxtp/VR3HGL9SWXU6VZkXPjWST9ZQ= github.com/aws/aws-sdk-go-v2/service/eks v1.53.0/go.mod h1:ZzOjZXGGUQxOq+T3xmfPLKCZe4OaB5vm1LdGaC8IPn4= +github.com/aws/aws-sdk-go-v2/service/eks v1.55.0 h1:EahmhEaZE/xuD/X9GhgfSkLhcxMAl+mnSZCxmCmHrfE= +github.com/aws/aws-sdk-go-v2/service/eks v1.55.0/go.mod h1:kNUWaiotRWCnfQlprrxSMg8ALqbZyA9xLCwKXuLumSk= +github.com/aws/aws-sdk-go-v2/service/eks v1.56.0 h1:x31cGGE/t/QkrHVh5m2uWvYwDiaDXpj88nh6OdnI5r0= +github.com/aws/aws-sdk-go-v2/service/eks v1.56.0/go.mod h1:kNUWaiotRWCnfQlprrxSMg8ALqbZyA9xLCwKXuLumSk= +github.com/aws/aws-sdk-go-v2/service/eks v1.56.2 h1:NXxglcZhHubtK2SgqavDGkbArM4NYI7QvLr+FpOL3Oo= +github.com/aws/aws-sdk-go-v2/service/eks v1.56.2/go.mod h1:KkH+D6VJmtIVGD9KTxB9yZu4hQP7s9kxWn8lLb7tmVg= github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.28.6 h1:uQFPQNvc9hIaF7SyHQyg2vRtTcWONaa1LUUy+8LEzT8= github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.28.6/go.mod h1:KkaWcwL6GJtS/TNn1+fVJPAR+6G7Bs7kEm8E3MlgbhQ= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.28.7 h1:FekiHlcqv3F1BtEF1kcuUQRckVQWQQi9d0s2UvbvwvE= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.28.7/go.mod h1:NhhK29UDwO8PSPb85Lt9bPuZaWTOCXdGP+8LK6Y8D/4= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.28.9 h1:phUmuRbBmJKpPBbGx34uZJuV1PPg4u0/RMzIecVVR0E= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.28.9/go.mod h1:EH2+vt500M2IewoiYVo4rP0gfRhIXzh6BDFZ5KbidUI= github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.43.1 h1:L9Wt9zgtoYKIlaeFTy+EztGjL4oaXBBGtVXA+jaeYko= github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.43.1/go.mod h1:yxzLdxt7bVGvIOPYIKFtiaJCJnx2ChlIIvlhW4QgI6M= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.43.2 h1:cbbM8HdENk64Vm8vrgk962p2CRzrZj2bybsWJwinM6E= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.43.2/go.mod h1:vaGBfWQyju9wbTBd3k0ujKFKKE/UfscXZwS8f+j55QM= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.43.4 h1:tC9S2BkqlMWP3N2t4UasxIhIJSNY5g7EINjz94VK+3U= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.43.4/go.mod h1:OhWF5Dd6Ge4VW/RcFQKOO0eEv1JInQJoo6/tkCjlvrM= github.com/aws/aws-sdk-go-v2/service/iam v1.38.2 h1:8iFKuRj/FJipy/aDZ2lbq0DYuEHdrxp0qVsdi+ZEwnE= github.com/aws/aws-sdk-go-v2/service/iam v1.38.2/go.mod h1:UBe4z0VZnbXGp6xaCW1ulE9pndjfpsnrU206rWZcR0Y= +github.com/aws/aws-sdk-go-v2/service/iam v1.38.3 h1:2sFIoFzU1IEL9epJWubJm9Dhrn45aTNEJuwsesaCGnk= +github.com/aws/aws-sdk-go-v2/service/iam v1.38.3/go.mod h1:KzlNINwfr/47tKkEhgk0r10/OZq3rjtyWy0txL3lM+I= +github.com/aws/aws-sdk-go-v2/service/iam v1.38.4 h1:440YtmP8Cn6Qp7WHYfvz2/Xzmu1v1Vox/FJnzUDDQGM= +github.com/aws/aws-sdk-go-v2/service/iam v1.38.4/go.mod h1:oXqc4hmGhZpj06Zu8z+ahXhdbjq4Uw8pjN9flty0Ync= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 h1:zSDPny/pVnkqABXYRicYuPf9z2bTqfH13HT3v6UheIk= @@ -764,10 +810,18 @@ github.com/aws/aws-sdk-go-v2/service/kms v1.27.5 h1:7lKTr8zJ2nVaVgyII+7hUayTi7xW github.com/aws/aws-sdk-go-v2/service/kms v1.27.5/go.mod h1:D9FVDkZjkZnnFHymJ3fPVz0zOUlNSd0xcIIVmmrAac8= github.com/aws/aws-sdk-go-v2/service/outposts v1.47.2 h1:OpS3l/leIv8pbK1zaeoZ5WzzTojbLN8zdK8inc37bMM= github.com/aws/aws-sdk-go-v2/service/outposts v1.47.2/go.mod h1:5X4a801ISjSwj+2Wq5FVicytit172Cdy7Clwia8l3Q0= +github.com/aws/aws-sdk-go-v2/service/outposts v1.48.0 h1:Km42d7UMgQRnkrI5R7vsfaYRqEmu1nbT56UdhFuR8as= +github.com/aws/aws-sdk-go-v2/service/outposts v1.48.0/go.mod h1:W4/z6UyMkYcZ9wXH+K9NuAgORXhSSOeSf9Jy/tcnoGM= +github.com/aws/aws-sdk-go-v2/service/outposts v1.48.1 h1:UpEOfSzEsykGrXBc90elNcE6eGX//z0n4W4+gaxE8Bs= +github.com/aws/aws-sdk-go-v2/service/outposts v1.48.1/go.mod h1:g0Txg8E+JL0CZT5l5kYqQQLBcwYu2SWPs8Tkzi6lMuk= github.com/aws/aws-sdk-go-v2/service/pricing v1.17.0 h1:RQOMvPwte2H4ZqsiZmrla1crhBWDFnW8bZynkec5cGU= github.com/aws/aws-sdk-go-v2/service/pricing v1.17.0/go.mod h1:LJyh9figH3ZpSiVjR5umzbl6V3EpQdZR4Se1ayoUtfI= github.com/aws/aws-sdk-go-v2/service/ssm v1.56.1 h1:cfVjoEwOMOJOI6VoRQua0nI0KjZV9EAnR8bKaMeSppE= github.com/aws/aws-sdk-go-v2/service/ssm v1.56.1/go.mod h1:fGHwAnTdNrLKhgl+UEeq9uEL4n3Ng4MJucA+7Xi3sC4= +github.com/aws/aws-sdk-go-v2/service/ssm v1.56.2 h1:MOxvXH2kRP5exvqJxAZ0/H9Ar51VmADJh95SgZE8u60= +github.com/aws/aws-sdk-go-v2/service/ssm v1.56.2/go.mod h1:RKWoqC9FlgMCkrfVOtgfqfwdaUIaq8H93UAt4xNaR0A= +github.com/aws/aws-sdk-go-v2/service/ssm v1.56.4 h1:oXh/PjaKtStu7RkaUtuKX6+h/OxXriMa9WyQQhylKG0= +github.com/aws/aws-sdk-go-v2/service/ssm v1.56.4/go.mod h1:IiHGbiFg4wVdEKrvFi/zxVZbjfEpgSe21N9RwyQFXCU= github.com/aws/aws-sdk-go-v2/service/sso v1.20.5 h1:vN8hEbpRnL7+Hopy9dzmRle1xmDc7o8tmY0klsr175w= github.com/aws/aws-sdk-go-v2/service/sso v1.20.5/go.mod h1:qGzynb/msuZIE8I75DVRCUXw3o3ZyBmUvMwQ2t/BrGM= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.4 h1:Jux+gDDyi1Lruk+KHF91tK2KCuY61kzoCpvtvJJBtOE= diff --git a/pkg/actions/nodegroup/testdata/al2-force-false-template.json b/pkg/actions/nodegroup/testdata/al2-force-false-template.json index e9347a2e4d..cd74d86f78 100644 --- a/pkg/actions/nodegroup/testdata/al2-force-false-template.json +++ b/pkg/actions/nodegroup/testdata/al2-force-false-template.json @@ -25,6 +25,16 @@ "EKS": "eks.amazonaws.com", "EKSFargatePods": "eks-fargate-pods.amazonaws.com" }, + "aws-iso-e": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, + "aws-iso-f": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, "aws-us-gov": { "EC2": "ec2.amazonaws.com", "EKS": "eks.amazonaws.com", diff --git a/pkg/actions/nodegroup/testdata/al2-no-force-template.json b/pkg/actions/nodegroup/testdata/al2-no-force-template.json index e9bdcd179c..a407e462e9 100644 --- a/pkg/actions/nodegroup/testdata/al2-no-force-template.json +++ b/pkg/actions/nodegroup/testdata/al2-no-force-template.json @@ -25,6 +25,16 @@ "EKS": "eks.amazonaws.com", "EKSFargatePods": "eks-fargate-pods.amazonaws.com" }, + "aws-iso-e": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, + "aws-iso-f": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, "aws-us-gov": { "EC2": "ec2.amazonaws.com", "EKS": "eks.amazonaws.com", diff --git a/pkg/actions/nodegroup/testdata/al2-updated-template.json b/pkg/actions/nodegroup/testdata/al2-updated-template.json index dadbec71d4..d478be859c 100644 --- a/pkg/actions/nodegroup/testdata/al2-updated-template.json +++ b/pkg/actions/nodegroup/testdata/al2-updated-template.json @@ -25,6 +25,16 @@ "EKS": "eks.amazonaws.com", "EKSFargatePods": "eks-fargate-pods.amazonaws.com" }, + "aws-iso-e": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, + "aws-iso-f": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, "aws-us-gov": { "EC2": "ec2.amazonaws.com", "EKS": "eks.amazonaws.com", diff --git a/pkg/actions/nodegroup/testdata/br-force-false-template.json b/pkg/actions/nodegroup/testdata/br-force-false-template.json index a5f3002ca0..95686943f7 100644 --- a/pkg/actions/nodegroup/testdata/br-force-false-template.json +++ b/pkg/actions/nodegroup/testdata/br-force-false-template.json @@ -26,6 +26,16 @@ "EKS": "eks.amazonaws.com", "EKSFargatePods": "eks-fargate-pods.amazonaws.com" }, + "aws-iso-e": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, + "aws-iso-f": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, "aws-us-gov": { "EC2": "ec2.amazonaws.com", "EKS": "eks.amazonaws.com", diff --git a/pkg/actions/nodegroup/testdata/br-force-true-template.json b/pkg/actions/nodegroup/testdata/br-force-true-template.json index 7bc00c1e18..57fb48b9bb 100644 --- a/pkg/actions/nodegroup/testdata/br-force-true-template.json +++ b/pkg/actions/nodegroup/testdata/br-force-true-template.json @@ -26,6 +26,16 @@ "EKS": "eks.amazonaws.com", "EKSFargatePods": "eks-fargate-pods.amazonaws.com" }, + "aws-iso-e": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, + "aws-iso-f": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, "aws-us-gov": { "EC2": "ec2.amazonaws.com", "EKS": "eks.amazonaws.com", diff --git a/pkg/actions/nodegroup/testdata/br-updated-template.json b/pkg/actions/nodegroup/testdata/br-updated-template.json index 9683d2c334..6d4492cfad 100644 --- a/pkg/actions/nodegroup/testdata/br-updated-template.json +++ b/pkg/actions/nodegroup/testdata/br-updated-template.json @@ -25,6 +25,16 @@ "EKS": "eks.amazonaws.com", "EKSFargatePods": "eks-fargate-pods.amazonaws.com" }, + "aws-iso-e": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, + "aws-iso-f": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, "aws-us-gov": { "EC2": "ec2.amazonaws.com", "EKS": "eks.amazonaws.com", diff --git a/pkg/apis/eksctl.io/v1alpha5/partitions.go b/pkg/apis/eksctl.io/v1alpha5/partitions.go index d074e1a9a9..7f61ebf481 100644 --- a/pkg/apis/eksctl.io/v1alpha5/partitions.go +++ b/pkg/apis/eksctl.io/v1alpha5/partitions.go @@ -9,14 +9,17 @@ const ( PartitionUSGov = "aws-us-gov" PartitionISO = "aws-iso" PartitionISOB = "aws-iso-b" + PartitionISOF = "aws-iso-f" + PartitionISOE = "aws-iso-e" ) // partition is an AWS partition. type partition struct { - name string - serviceMappings map[string]string - regions []string - endpointServiceDomainPrefix string + name string + serviceMappings map[string]string + regions []string + endpointServiceDomainPrefix string + endpointServiceDomainPrefixAlt string } type partitions []partition @@ -76,6 +79,28 @@ var Partitions = partitions{ regions: []string{RegionUSISOBEast1}, endpointServiceDomainPrefix: "gov.sgov.sc2s", }, + { + name: PartitionISOE, + serviceMappings: map[string]string{ + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com", + }, + regions: []string{RegionEUISOEWest1}, + endpointServiceDomainPrefix: standardPartitionServiceDomainPrefix, + endpointServiceDomainPrefixAlt: "uk.adc-e.cloud", + }, + { + name: PartitionISOF, + serviceMappings: map[string]string{ + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com", + }, + regions: []string{RegionUSISOFSouth1, RegionUSISOFEast1}, + endpointServiceDomainPrefix: standardPartitionServiceDomainPrefix, + endpointServiceDomainPrefixAlt: "gov.ic.hci.csp", + }, } // ForRegion returns the partition a region belongs to. @@ -106,6 +131,17 @@ func (p partitions) GetEndpointServiceDomainPrefix(endpointService EndpointServi return pt.endpointServiceDomainPrefix } return standardPartitionServiceDomainPrefix + case PartitionISOE, PartitionISOF: + if endpointService.RequiresISOPrefix { + //in these partitions four endpoints have an alternate domain prefix + switch endpointService.Name { + case "ebs", "ecr.api", "ecr.dkr", "execute-api": + return pt.endpointServiceDomainPrefixAlt + default: + return pt.endpointServiceDomainPrefix + } + } + return standardPartitionServiceDomainPrefix default: return pt.endpointServiceDomainPrefix } diff --git a/pkg/apis/eksctl.io/v1alpha5/types.go b/pkg/apis/eksctl.io/v1alpha5/types.go index d88fd7f22d..902fe6289f 100644 --- a/pkg/apis/eksctl.io/v1alpha5/types.go +++ b/pkg/apis/eksctl.io/v1alpha5/types.go @@ -175,6 +175,9 @@ const ( // RegionAPSouthEast5 represents the Asia-Pacific South East Region Kuala Lumpur RegionAPSouthEast5 = "ap-southeast-5" + // RegionAPSouthEast7 represents the Asia-Pacific South East Region Bangkok + RegionAPSouthEast7 = "ap-southeast-7" + // RegionAPSouth1 represents the Asia-Pacific South Region Mumbai RegionAPSouth1 = "ap-south-1" @@ -217,9 +220,21 @@ const ( // RegionUSISOBEast1 represents the region US ISOB East (Ohio). RegionUSISOBEast1 = "us-isob-east-1" - // RegionUSISOWest1 represents the region US ISOB West. + // RegionUSISOWest1 represents the region US ISO West. RegionUSISOWest1 = "us-iso-west-1" + // RegionMXCentral1 represents the region of central Mexico + RegionMXCentral1 = "mx-central-1" + + // RegionUSISOFSouth1 represents the region US ISOF South. + RegionUSISOFSouth1 = "us-isof-south-1" + + // RegionUSISOFSouth1 represents the region US ISOF East. + RegionUSISOFEast1 = "us-isof-east-1" + + // Region represents the region EU ISOE West. + RegionEUISOEWest1 = "eu-isoe-west-1" + // DefaultRegion defines the default region, where to deploy the EKS cluster DefaultRegion = RegionUSWest2 ) @@ -401,6 +416,15 @@ const ( // eksResourceAccountUSISOWest1 defines the AWS EKS account ID that provides node resources in us-iso-west-1 eksResourceAccountUSISOWest1 = "608367168043" + + // eksResourceAccountUSISOFSouth1 defines the AWS EKS account ID that provides node resources in us-isof-south-1 + eksResourceAccountUSISOFSouth1 = "676585237158" + + // eksResourceAccountUSISOFEast1 defines the AWS EKS account ID that provides node resources in us-isof-east-1 + eksResourceAccountUSISOFEast1 = "171035529773" + + // eksResourceAccountEUISOEWest1 defines the AWS EKS account ID that provides node resources in eu-isoe-west-1 + eksResourceAccountEUISOEWest1 = "249663109785" ) // Values for `VolumeType` @@ -540,6 +564,9 @@ func SupportedRegions() []string { RegionUSISOEast1, RegionUSISOBEast1, RegionUSISOWest1, + RegionUSISOFSouth1, + RegionUSISOFEast1, + RegionEUISOEWest1, } } @@ -682,6 +709,12 @@ func EKSResourceAccountID(region string) string { return eksResourceAccountUSISOBEast1 case RegionUSISOWest1: return eksResourceAccountUSISOWest1 + case RegionUSISOFSouth1: + return eksResourceAccountUSISOFSouth1 + case RegionUSISOFEast1: + return eksResourceAccountUSISOFEast1 + case RegionEUISOEWest1: + return eksResourceAccountEUISOEWest1 default: return eksResourceAccountStandard } @@ -792,7 +825,7 @@ func (r *RemoteNetworkConfig) ToRemoteNetworksPool() []string { } func (r *RemoteNetworkConfig) HasRemoteNodesEnabled() bool { - return r.RemoteNodeNetworks != nil && len(r.RemoteNodeNetworks) > 0 + return len(r.RemoteNodeNetworks) > 0 } func (c *ClusterConfig) HasRemoteNetworkingConfigured() bool { diff --git a/pkg/awsapi/outposts.go b/pkg/awsapi/outposts.go index 10ed223251..7222906803 100644 --- a/pkg/awsapi/outposts.go +++ b/pkg/awsapi/outposts.go @@ -109,8 +109,8 @@ type Outposts interface { ListSites(ctx context.Context, params *ListSitesInput, optFns ...func(*Options)) (*ListSitesOutput, error) // Lists the tags for the specified resource. ListTagsForResource(ctx context.Context, params *ListTagsForResourceInput, optFns ...func(*Options)) (*ListTagsForResourceOutput, error) - // Starts the specified capacity task. You can have one active capacity task per - // order or Outpost. + // Starts the specified capacity task. You can have one active capacity task for + // each order and each Outpost. StartCapacityTask(ctx context.Context, params *StartCapacityTaskInput, optFns ...func(*Options)) (*StartCapacityTaskOutput, error) // Amazon Web Services uses this action to install Outpost servers. // diff --git a/pkg/cfn/builder/karpenter_test.go b/pkg/cfn/builder/karpenter_test.go index 00d876b794..63d8ba3b21 100644 --- a/pkg/cfn/builder/karpenter_test.go +++ b/pkg/cfn/builder/karpenter_test.go @@ -94,6 +94,16 @@ var expectedTemplate = `{ "EKS": "eks.amazonaws.com", "EKSFargatePods": "eks-fargate-pods.amazonaws.com" }, + "aws-iso-e": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, + "aws-iso-f": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, "aws-us-gov": { "EC2": "ec2.amazonaws.com", "EKS": "eks.amazonaws.com", @@ -240,6 +250,16 @@ var expectedTemplateWithPermissionBoundary = `{ "EKS": "eks.amazonaws.com", "EKSFargatePods": "eks-fargate-pods.amazonaws.com" }, + "aws-iso-e": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, + "aws-iso-f": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, "aws-us-gov": { "EC2": "ec2.amazonaws.com", "EKS": "eks.amazonaws.com", @@ -387,6 +407,16 @@ var expectedTemplateWithSpotInterruptionQueue = `{ "EKS": "eks.amazonaws.com", "EKSFargatePods": "eks-fargate-pods.amazonaws.com" }, + "aws-iso-e": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, + "aws-iso-f": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, "aws-us-gov": { "EC2": "ec2.amazonaws.com", "EKS": "eks.amazonaws.com", diff --git a/pkg/cfn/builder/testdata/nodegroup_access_entry/1.json b/pkg/cfn/builder/testdata/nodegroup_access_entry/1.json index d6b612e00f..5cb0039843 100644 --- a/pkg/cfn/builder/testdata/nodegroup_access_entry/1.json +++ b/pkg/cfn/builder/testdata/nodegroup_access_entry/1.json @@ -25,6 +25,16 @@ "EKS": "eks.amazonaws.com", "EKSFargatePods": "eks-fargate-pods.amazonaws.com" }, + "aws-iso-f": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, + "aws-iso-e": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, "aws-us-gov": { "EC2": "ec2.amazonaws.com", "EKS": "eks.amazonaws.com", diff --git a/pkg/cfn/builder/testdata/nodegroup_access_entry/2.json b/pkg/cfn/builder/testdata/nodegroup_access_entry/2.json index 01bf3728f0..ede2423b90 100644 --- a/pkg/cfn/builder/testdata/nodegroup_access_entry/2.json +++ b/pkg/cfn/builder/testdata/nodegroup_access_entry/2.json @@ -25,6 +25,16 @@ "EKS": "eks.amazonaws.com", "EKSFargatePods": "eks-fargate-pods.amazonaws.com" }, + "aws-iso-f": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, + "aws-iso-e": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, "aws-us-gov": { "EC2": "ec2.amazonaws.com", "EKS": "eks.amazonaws.com", diff --git a/pkg/cfn/builder/testdata/nodegroup_access_entry/3.json b/pkg/cfn/builder/testdata/nodegroup_access_entry/3.json index 79ff343817..a0891d52fb 100644 --- a/pkg/cfn/builder/testdata/nodegroup_access_entry/3.json +++ b/pkg/cfn/builder/testdata/nodegroup_access_entry/3.json @@ -25,6 +25,16 @@ "EKS": "eks.amazonaws.com", "EKSFargatePods": "eks-fargate-pods.amazonaws.com" }, + "aws-iso-f": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, + "aws-iso-e": { + "EC2": "ec2.amazonaws.com", + "EKS": "eks.amazonaws.com", + "EKSFargatePods": "eks-fargate-pods.amazonaws.com" + }, "aws-us-gov": { "EC2": "ec2.amazonaws.com", "EKS": "eks.amazonaws.com", diff --git a/pkg/cfn/builder/testdata/service_details_isob.json b/pkg/cfn/builder/testdata/service_details_isob.json new file mode 100644 index 0000000000..e5b5add3e2 --- /dev/null +++ b/pkg/cfn/builder/testdata/service_details_isob.json @@ -0,0 +1,162 @@ +{ + "ServiceNames": [ + "gov.sgov.sc2s.us-isob-east-1.ec2", + "gov.sgov.sc2s.us-isob-east-1.ecr.api", + "gov.sgov.sc2s.us-isob-east-1.ecr.dkr", + "com.amazonaws.us-isob-east-1.s3", + "com.amazonaws.us-isob-east-1.sts" + ], + "ServiceDetails": [ + { + "ServiceType": [ + { + "ServiceType": "Interface" + } + ], + "Tags": [], + "ManagesVpcEndpoints": false, + "PrivateDnsName": "ec2.us-isob-east-1.amazonaws.com", + "ServiceName": "gov.sgov.sc2s.us-isob-east-1.ec2", + "VpcEndpointPolicySupported": true, + "ServiceId": "vpce-svc-1", + "Owner": "amazon", + "AvailabilityZones": [ + "us-isob-east-1a", + "us-isob-east-1b" + ], + "AcceptanceRequired": false, + "BaseEndpointDnsNames": [ + "ec2.us-isob-east-1.vpce.amazonaws.com" + ] + }, + { + "ServiceType": [ + { + "ServiceType": "Interface" + } + ], + "Tags": [], + "ManagesVpcEndpoints": false, + "PrivateDnsName": "api.ecr.us-isob-east-1.amazonaws.com", + "ServiceName": "gov.sgov.sc2s.us-isob-east-1.ecr.api", + "VpcEndpointPolicySupported": true, + "ServiceId": "vpce-svc-2", + "Owner": "amazon", + "AvailabilityZones": [ + "us-isob-east-1a", + "us-isob-east-1b" + ], + "AcceptanceRequired": false, + "BaseEndpointDnsNames": [ + "api.ecr.us-isob-east-1.vpce.amazonaws.com" + ] + }, + { + "ServiceType": [ + { + "ServiceType": "Interface" + } + ], + "Tags": [], + "ManagesVpcEndpoints": false, + "PrivateDnsName": "*.dkr.ecr.us-isob-east-1.amazonaws.com", + "ServiceName": "gov.sgov.sc2s.us-isob-east-1.ecr.dkr", + "VpcEndpointPolicySupported": true, + "ServiceId": "vpce-svc-3", + "Owner": "amazon", + "AvailabilityZones": [ + "us-isob-east-1a", + "us-isob-east-1b" + ], + "AcceptanceRequired": false, + "BaseEndpointDnsNames": [ + "dkr.ecr.us-isob-east-1.vpce.amazonaws.com" + ] + }, + { + "ServiceType": [ + { + "ServiceType": "Gateway" + } + ], + "Tags": [], + "ManagesVpcEndpoints": false, + "AcceptanceRequired": false, + "ServiceName": "com.amazonaws.us-isob-east-1.s3", + "VpcEndpointPolicySupported": true, + "ServiceId": "vpce-svc-4", + "Owner": "amazon", + "AvailabilityZones": [ + "us-isob-east-1a", + "us-isob-east-1b" + ], + "BaseEndpointDnsNames": [ + "s3.us-isob-east-1.amazonaws.com" + ] + }, + { + "ServiceType": [ + { + "ServiceType": "Interface" + } + ], + "Tags": [], + "ManagesVpcEndpoints": false, + "AcceptanceRequired": false, + "ServiceName": "com.amazonaws.us-isob-east-1.s3", + "VpcEndpointPolicySupported": true, + "ServiceId": "vpce-svc-5", + "Owner": "amazon", + "AvailabilityZones": [ + "us-isob-east-1a", + "us-isob-east-1b" + ], + "BaseEndpointDnsNames": [ + "s3.us-isob-east-1.amazonaws.com" + ] + }, + { + "ServiceType": [ + { + "ServiceType": "Interface" + } + ], + "Tags": [], + "ManagesVpcEndpoints": false, + "PrivateDnsName": "sts.us-isob-east-1.amazonaws.com", + "ServiceName": "com.amazonaws.us-isob-east-1.sts", + "VpcEndpointPolicySupported": true, + "ServiceId": "vpce-svc-6", + "Owner": "amazon", + "AvailabilityZones": [ + "us-isob-east-1a", + "us-isob-east-1b" + ], + "AcceptanceRequired": false, + "BaseEndpointDnsNames": [ + "sts.us-isob-east-1.vpce.amazonaws.com" + ] + }, + { + "ServiceType": [ + { + "ServiceType": "Gateway" + } + ], + "Tags": [], + "ManagesVpcEndpoints": false, + "AcceptanceRequired": false, + "ServiceName": "gov.sgov.sc2s.us-isob-east-1.ec2", + "VpcEndpointPolicySupported": true, + "ServiceId": "vpce-svc-non-existing-endpoint-type", + "Owner": "amazon", + "AvailabilityZones": [ + "us-isob-east-1a", + "us-isob-east-1b" + ], + "BaseEndpointDnsNames": [ + "ec2.us-isob-east-1.amazonaws.com" + ] + } + ] +} diff --git a/pkg/cfn/builder/testdata/service_details_isoe.json b/pkg/cfn/builder/testdata/service_details_isoe.json new file mode 100644 index 0000000000..4a237706ab --- /dev/null +++ b/pkg/cfn/builder/testdata/service_details_isoe.json @@ -0,0 +1,162 @@ +{ + "ServiceNames": [ + "com.amazonaws.eu-isoe-west-1.ec2", + "uk.adc-e.cloud.eu-isoe-west-1.ecr.api", + "uk.adc-e.cloud.eu-isoe-west-1.ecr.dkr", + "com.amazonaws.eu-isoe-west-1.s3", + "com.amazonaws.eu-isoe-west-1.sts" + ], + "ServiceDetails": [ + { + "ServiceType": [ + { + "ServiceType": "Interface" + } + ], + "Tags": [], + "ManagesVpcEndpoints": false, + "PrivateDnsName": "ec2.eu-isoe-west-1.amazonaws.com", + "ServiceName": "com.amazonaws.eu-isoe-west-1.ec2", + "VpcEndpointPolicySupported": true, + "ServiceId": "vpce-svc-1", + "Owner": "amazon", + "AvailabilityZones": [ + "eu-isoe-west-1a", + "eu-isoe-west-1b" + ], + "AcceptanceRequired": false, + "BaseEndpointDnsNames": [ + "ec2.eu-isoe-west-1.vpce.amazonaws.com" + ] + }, + { + "ServiceType": [ + { + "ServiceType": "Interface" + } + ], + "Tags": [], + "ManagesVpcEndpoints": false, + "PrivateDnsName": "api.ecr.eu-isoe-west-1.amazonaws.com", + "ServiceName": "uk.adc-e.cloud.eu-isoe-west-1.ecr.api", + "VpcEndpointPolicySupported": true, + "ServiceId": "vpce-svc-2", + "Owner": "amazon", + "AvailabilityZones": [ + "eu-isoe-west-1a", + "eu-isoe-west-1b" + ], + "AcceptanceRequired": false, + "BaseEndpointDnsNames": [ + "api.ecr.eu-isoe-west-1.vpce.amazonaws.com" + ] + }, + { + "ServiceType": [ + { + "ServiceType": "Interface" + } + ], + "Tags": [], + "ManagesVpcEndpoints": false, + "PrivateDnsName": "*.dkr.ecr.eu-isoe-west-1.amazonaws.com", + "ServiceName": "uk.adc-e.cloud.eu-isoe-west-1.ecr.dkr", + "VpcEndpointPolicySupported": true, + "ServiceId": "vpce-svc-3", + "Owner": "amazon", + "AvailabilityZones": [ + "eu-isoe-west-1a", + "eu-isoe-west-1b" + ], + "AcceptanceRequired": false, + "BaseEndpointDnsNames": [ + "dkr.ecr.eu-isoe-west-1.vpce.amazonaws.com" + ] + }, + { + "ServiceType": [ + { + "ServiceType": "Gateway" + } + ], + "Tags": [], + "ManagesVpcEndpoints": false, + "AcceptanceRequired": false, + "ServiceName": "com.amazonaws.eu-isoe-west-1.s3", + "VpcEndpointPolicySupported": true, + "ServiceId": "vpce-svc-4", + "Owner": "amazon", + "AvailabilityZones": [ + "eu-isoe-west-1a", + "eu-isoe-west-1b" + ], + "BaseEndpointDnsNames": [ + "s3.eu-isoe-west-1.amazonaws.com" + ] + }, + { + "ServiceType": [ + { + "ServiceType": "Interface" + } + ], + "Tags": [], + "ManagesVpcEndpoints": false, + "AcceptanceRequired": false, + "ServiceName": "com.amazonaws.eu-isoe-west-1.s3", + "VpcEndpointPolicySupported": true, + "ServiceId": "vpce-svc-5", + "Owner": "amazon", + "AvailabilityZones": [ + "eu-isoe-west-1a", + "eu-isoe-west-1b" + ], + "BaseEndpointDnsNames": [ + "s3.eu-isoe-west-1.amazonaws.com" + ] + }, + { + "ServiceType": [ + { + "ServiceType": "Interface" + } + ], + "Tags": [], + "ManagesVpcEndpoints": false, + "PrivateDnsName": "sts.eu-isoe-west-1.amazonaws.com", + "ServiceName": "com.amazonaws.eu-isoe-west-1.sts", + "VpcEndpointPolicySupported": true, + "ServiceId": "vpce-svc-6", + "Owner": "amazon", + "AvailabilityZones": [ + "eu-isoe-west-1a", + "eu-isoe-west-1b" + ], + "AcceptanceRequired": false, + "BaseEndpointDnsNames": [ + "sts.eu-isoe-west-1.vpce.amazonaws.com" + ] + }, + { + "ServiceType": [ + { + "ServiceType": "Gateway" + } + ], + "Tags": [], + "ManagesVpcEndpoints": false, + "AcceptanceRequired": false, + "ServiceName": "com.amazonaws.eu-isoe-west-1.ec2", + "VpcEndpointPolicySupported": true, + "ServiceId": "vpce-svc-non-existing-endpoint-type", + "Owner": "amazon", + "AvailabilityZones": [ + "eu-isoe-west-1a", + "eu-isoe-west-1b" + ], + "BaseEndpointDnsNames": [ + "ec2.eu-isoe-west-1.amazonaws.com" + ] + } + ] +} diff --git a/pkg/cfn/builder/testdata/service_details_isof.json b/pkg/cfn/builder/testdata/service_details_isof.json new file mode 100644 index 0000000000..6bf230cd72 --- /dev/null +++ b/pkg/cfn/builder/testdata/service_details_isof.json @@ -0,0 +1,162 @@ +{ + "ServiceNames": [ + "com.amazonaws.us-isof-south-1.ec2", + "gov.ic.hci.csp.us-isof-south-1.ecr.api", + "gov.ic.hci.csp.us-isof-south-1.ecr.dkr", + "com.amazonaws.us-isof-south-1.s3", + "com.amazonaws.us-isof-south-1.sts" + ], + "ServiceDetails": [ + { + "ServiceType": [ + { + "ServiceType": "Interface" + } + ], + "Tags": [], + "ManagesVpcEndpoints": false, + "PrivateDnsName": "ec2.us-isof-south-1.amazonaws.com", + "ServiceName": "com.amazonaws.us-isof-south-1.ec2", + "VpcEndpointPolicySupported": true, + "ServiceId": "vpce-svc-1", + "Owner": "amazon", + "AvailabilityZones": [ + "us-isof-south-1a", + "us-isof-south-1b" + ], + "AcceptanceRequired": false, + "BaseEndpointDnsNames": [ + "ec2.us-isof-south-1.vpce.amazonaws.com" + ] + }, + { + "ServiceType": [ + { + "ServiceType": "Interface" + } + ], + "Tags": [], + "ManagesVpcEndpoints": false, + "PrivateDnsName": "api.ecr.us-isof-south-1.amazonaws.com", + "ServiceName": "gov.ic.hci.csp.us-isof-south-1.ecr.api", + "VpcEndpointPolicySupported": true, + "ServiceId": "vpce-svc-2", + "Owner": "amazon", + "AvailabilityZones": [ + "us-isof-south-1a", + "us-isof-south-1b" + ], + "AcceptanceRequired": false, + "BaseEndpointDnsNames": [ + "api.ecr.us-isof-south-1.vpce.amazonaws.com" + ] + }, + { + "ServiceType": [ + { + "ServiceType": "Interface" + } + ], + "Tags": [], + "ManagesVpcEndpoints": false, + "PrivateDnsName": "*.dkr.ecr.us-isof-south-1.amazonaws.com", + "ServiceName": "gov.ic.hci.csp.us-isof-south-1.ecr.dkr", + "VpcEndpointPolicySupported": true, + "ServiceId": "vpce-svc-3", + "Owner": "amazon", + "AvailabilityZones": [ + "us-isof-south-1a", + "us-isof-south-1b" + ], + "AcceptanceRequired": false, + "BaseEndpointDnsNames": [ + "dkr.ecr.us-isof-south-1.vpce.amazonaws.com" + ] + }, + { + "ServiceType": [ + { + "ServiceType": "Gateway" + } + ], + "Tags": [], + "ManagesVpcEndpoints": false, + "AcceptanceRequired": false, + "ServiceName": "com.amazonaws.us-isof-south-1.s3", + "VpcEndpointPolicySupported": true, + "ServiceId": "vpce-svc-4", + "Owner": "amazon", + "AvailabilityZones": [ + "us-isof-south-1a", + "us-isof-south-1b" + ], + "BaseEndpointDnsNames": [ + "s3.us-isof-south-1.amazonaws.com" + ] + }, + { + "ServiceType": [ + { + "ServiceType": "Interface" + } + ], + "Tags": [], + "ManagesVpcEndpoints": false, + "AcceptanceRequired": false, + "ServiceName": "com.amazonaws.us-isof-south-1.s3", + "VpcEndpointPolicySupported": true, + "ServiceId": "vpce-svc-5", + "Owner": "amazon", + "AvailabilityZones": [ + "us-isof-south-1a", + "us-isof-south-1b" + ], + "BaseEndpointDnsNames": [ + "s3.us-isof-south-1.amazonaws.com" + ] + }, + { + "ServiceType": [ + { + "ServiceType": "Interface" + } + ], + "Tags": [], + "ManagesVpcEndpoints": false, + "PrivateDnsName": "sts.us-isof-south-1.amazonaws.com", + "ServiceName": "com.amazonaws.us-isof-south-1.sts", + "VpcEndpointPolicySupported": true, + "ServiceId": "vpce-svc-6", + "Owner": "amazon", + "AvailabilityZones": [ + "us-isof-south-1a", + "us-isof-south-1b" + ], + "AcceptanceRequired": false, + "BaseEndpointDnsNames": [ + "sts.us-isof-south-1.vpce.amazonaws.com" + ] + }, + { + "ServiceType": [ + { + "ServiceType": "Gateway" + } + ], + "Tags": [], + "ManagesVpcEndpoints": false, + "AcceptanceRequired": false, + "ServiceName": "com.amazonaws.us-isof-south-1.ec2", + "VpcEndpointPolicySupported": true, + "ServiceId": "vpce-svc-non-existing-endpoint-type", + "Owner": "amazon", + "AvailabilityZones": [ + "us-isof-south-1a", + "us-isof-south-1b" + ], + "BaseEndpointDnsNames": [ + "ec2.us-isof-south-1.amazonaws.com" + ] + } + ] +} diff --git a/pkg/cfn/builder/testdata/vpc_private_isob.json b/pkg/cfn/builder/testdata/vpc_private_isob.json new file mode 100644 index 0000000000..38dbd066cd --- /dev/null +++ b/pkg/cfn/builder/testdata/vpc_private_isob.json @@ -0,0 +1,225 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Resources": { + "PrivateRouteTableUSISOBEAST1A": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": { + "Fn::Sub": "${AWS::StackName}/PrivateRouteTableUSISOBEAST1A" + } + } + ], + "VpcId": { + "Ref": "VPC" + } + } + }, + "PrivateRouteTableUSISOBEAST1B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": { + "Fn::Sub": "${AWS::StackName}/PrivateRouteTableUSISOBEAST1B" + } + } + ], + "VpcId": { + "Ref": "VPC" + } + } + }, + "RouteTableAssociationPrivateUSISOBEAST1A": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "PrivateRouteTableUSISOBEAST1A" + }, + "SubnetId": { + "Ref": "SubnetPrivateUSISOBEAST1A" + } + } + }, + "RouteTableAssociationPrivateUSISOBEAST1B": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "PrivateRouteTableUSISOBEAST1B" + }, + "SubnetId": { + "Ref": "SubnetPrivateUSISOBEAST1B" + } + } + }, + "SubnetPrivateUSISOBEAST1A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "us-isob-east-1a", + "CidrBlock": "192.168.64.0/19", + "Tags": [ + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": { + "Fn::Sub": "${AWS::StackName}/SubnetPrivateUSISOBEAST1A" + } + } + ], + "VpcId": { + "Ref": "VPC" + } + } + }, + "SubnetPrivateUSISOBEAST1B": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "us-isob-east-1b", + "CidrBlock": "192.168.96.0/19", + "Tags": [ + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": { + "Fn::Sub": "${AWS::StackName}/SubnetPrivateUSISOBEAST1B" + } + } + ], + "VpcId": { + "Ref": "VPC" + } + } + }, + "VPC": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "192.168.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "Tags": [ + { + "Key": "Name", + "Value": { + "Fn::Sub": "${AWS::StackName}/VPC" + } + } + ] + } + }, + "VPCEndpointEC2": { + "Type": "AWS::EC2::VPCEndpoint", + "Properties": { + "PrivateDnsEnabled": true, + "SecurityGroupIds": [ + "sg-test" + ], + "ServiceName": "gov.sgov.sc2s.us-isob-east-1.ec2", + "SubnetIds": [ + { + "Ref": "SubnetPrivateUSISOBEAST1A" + }, + { + "Ref": "SubnetPrivateUSISOBEAST1B" + } + ], + "VpcEndpointType": "Interface", + "VpcId": { + "Ref": "VPC" + } + } + }, + "VPCEndpointECRAPI": { + "Type": "AWS::EC2::VPCEndpoint", + "Properties": { + "PrivateDnsEnabled": true, + "SecurityGroupIds": [ + "sg-test" + ], + "ServiceName": "gov.sgov.sc2s.us-isob-east-1.ecr.api", + "SubnetIds": [ + { + "Ref": "SubnetPrivateUSISOBEAST1A" + }, + { + "Ref": "SubnetPrivateUSISOBEAST1B" + } + ], + "VpcEndpointType": "Interface", + "VpcId": { + "Ref": "VPC" + } + } + }, + "VPCEndpointECRDKR": { + "Type": "AWS::EC2::VPCEndpoint", + "Properties": { + "PrivateDnsEnabled": true, + "SecurityGroupIds": [ + "sg-test" + ], + "ServiceName": "gov.sgov.sc2s.us-isob-east-1.ecr.dkr", + "SubnetIds": [ + { + "Ref": "SubnetPrivateUSISOBEAST1A" + }, + { + "Ref": "SubnetPrivateUSISOBEAST1B" + } + ], + "VpcEndpointType": "Interface", + "VpcId": { + "Ref": "VPC" + } + } + }, + "VPCEndpointS3": { + "Type": "AWS::EC2::VPCEndpoint", + "Properties": { + "RouteTableIds": [ + { + "Ref": "PrivateRouteTableUSISOBEAST1A" + }, + { + "Ref": "PrivateRouteTableUSISOBEAST1B" + } + ], + "ServiceName": "com.amazonaws.us-isob-east-1.s3", + "VpcEndpointType": "Gateway", + "VpcId": { + "Ref": "VPC" + } + } + }, + "VPCEndpointSTS": { + "Type": "AWS::EC2::VPCEndpoint", + "Properties": { + "PrivateDnsEnabled": true, + "SecurityGroupIds": [ + "sg-test" + ], + "ServiceName": "com.amazonaws.us-isob-east-1.sts", + "SubnetIds": [ + { + "Ref": "SubnetPrivateUSISOBEAST1A" + }, + { + "Ref": "SubnetPrivateUSISOBEAST1B" + } + ], + "VpcEndpointType": "Interface", + "VpcId": { + "Ref": "VPC" + } + } + } + } +} diff --git a/pkg/cfn/builder/testdata/vpc_private_isoe.json b/pkg/cfn/builder/testdata/vpc_private_isoe.json new file mode 100644 index 0000000000..572376618f --- /dev/null +++ b/pkg/cfn/builder/testdata/vpc_private_isoe.json @@ -0,0 +1,225 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Resources": { + "PrivateRouteTableEUISOEWEST1A": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": { + "Fn::Sub": "${AWS::StackName}/PrivateRouteTableEUISOEWEST1A" + } + } + ], + "VpcId": { + "Ref": "VPC" + } + } + }, + "PrivateRouteTableEUISOEWEST1B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": { + "Fn::Sub": "${AWS::StackName}/PrivateRouteTableEUISOEWEST1B" + } + } + ], + "VpcId": { + "Ref": "VPC" + } + } + }, + "RouteTableAssociationPrivateEUISOEWEST1A": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "PrivateRouteTableEUISOEWEST1A" + }, + "SubnetId": { + "Ref": "SubnetPrivateEUISOEWEST1A" + } + } + }, + "RouteTableAssociationPrivateEUISOEWEST1B": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "PrivateRouteTableEUISOEWEST1B" + }, + "SubnetId": { + "Ref": "SubnetPrivateEUISOEWEST1B" + } + } + }, + "SubnetPrivateEUISOEWEST1A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "eu-isoe-west-1a", + "CidrBlock": "192.168.64.0/19", + "Tags": [ + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": { + "Fn::Sub": "${AWS::StackName}/SubnetPrivateEUISOEWEST1A" + } + } + ], + "VpcId": { + "Ref": "VPC" + } + } + }, + "SubnetPrivateEUISOEWEST1B": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "eu-isoe-west-1b", + "CidrBlock": "192.168.96.0/19", + "Tags": [ + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": { + "Fn::Sub": "${AWS::StackName}/SubnetPrivateEUISOEWEST1B" + } + } + ], + "VpcId": { + "Ref": "VPC" + } + } + }, + "VPC": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "192.168.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "Tags": [ + { + "Key": "Name", + "Value": { + "Fn::Sub": "${AWS::StackName}/VPC" + } + } + ] + } + }, + "VPCEndpointEC2": { + "Type": "AWS::EC2::VPCEndpoint", + "Properties": { + "PrivateDnsEnabled": true, + "SecurityGroupIds": [ + "sg-test" + ], + "ServiceName": "com.amazonaws.eu-isoe-west-1.ec2", + "SubnetIds": [ + { + "Ref": "SubnetPrivateEUISOEWEST1A" + }, + { + "Ref": "SubnetPrivateEUISOEWEST1B" + } + ], + "VpcEndpointType": "Interface", + "VpcId": { + "Ref": "VPC" + } + } + }, + "VPCEndpointECRAPI": { + "Type": "AWS::EC2::VPCEndpoint", + "Properties": { + "PrivateDnsEnabled": true, + "SecurityGroupIds": [ + "sg-test" + ], + "ServiceName": "uk.adc-e.cloud.eu-isoe-west-1.ecr.api", + "SubnetIds": [ + { + "Ref": "SubnetPrivateEUISOEWEST1A" + }, + { + "Ref": "SubnetPrivateEUISOEWEST1B" + } + ], + "VpcEndpointType": "Interface", + "VpcId": { + "Ref": "VPC" + } + } + }, + "VPCEndpointECRDKR": { + "Type": "AWS::EC2::VPCEndpoint", + "Properties": { + "PrivateDnsEnabled": true, + "SecurityGroupIds": [ + "sg-test" + ], + "ServiceName": "uk.adc-e.cloud.eu-isoe-west-1.ecr.dkr", + "SubnetIds": [ + { + "Ref": "SubnetPrivateEUISOEWEST1A" + }, + { + "Ref": "SubnetPrivateEUISOEWEST1B" + } + ], + "VpcEndpointType": "Interface", + "VpcId": { + "Ref": "VPC" + } + } + }, + "VPCEndpointS3": { + "Type": "AWS::EC2::VPCEndpoint", + "Properties": { + "RouteTableIds": [ + { + "Ref": "PrivateRouteTableEUISOEWEST1A" + }, + { + "Ref": "PrivateRouteTableEUISOEWEST1B" + } + ], + "ServiceName": "com.amazonaws.eu-isoe-west-1.s3", + "VpcEndpointType": "Gateway", + "VpcId": { + "Ref": "VPC" + } + } + }, + "VPCEndpointSTS": { + "Type": "AWS::EC2::VPCEndpoint", + "Properties": { + "PrivateDnsEnabled": true, + "SecurityGroupIds": [ + "sg-test" + ], + "ServiceName": "com.amazonaws.eu-isoe-west-1.sts", + "SubnetIds": [ + { + "Ref": "SubnetPrivateEUISOEWEST1A" + }, + { + "Ref": "SubnetPrivateEUISOEWEST1B" + } + ], + "VpcEndpointType": "Interface", + "VpcId": { + "Ref": "VPC" + } + } + } + } +} diff --git a/pkg/cfn/builder/testdata/vpc_private_isof.json b/pkg/cfn/builder/testdata/vpc_private_isof.json new file mode 100644 index 0000000000..d1e2e8863c --- /dev/null +++ b/pkg/cfn/builder/testdata/vpc_private_isof.json @@ -0,0 +1,225 @@ +{ + "AWSTemplateFormatVersion": "2010-09-09", + "Resources": { + "PrivateRouteTableUSISOFSOUTH1A": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": { + "Fn::Sub": "${AWS::StackName}/PrivateRouteTableUSISOFSOUTH1A" + } + } + ], + "VpcId": { + "Ref": "VPC" + } + } + }, + "PrivateRouteTableUSISOFSOUTH1B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": { + "Fn::Sub": "${AWS::StackName}/PrivateRouteTableUSISOFSOUTH1B" + } + } + ], + "VpcId": { + "Ref": "VPC" + } + } + }, + "RouteTableAssociationPrivateUSISOFSOUTH1A": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "PrivateRouteTableUSISOFSOUTH1A" + }, + "SubnetId": { + "Ref": "SubnetPrivateUSISOFSOUTH1A" + } + } + }, + "RouteTableAssociationPrivateUSISOFSOUTH1B": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "PrivateRouteTableUSISOFSOUTH1B" + }, + "SubnetId": { + "Ref": "SubnetPrivateUSISOFSOUTH1B" + } + } + }, + "SubnetPrivateUSISOFSOUTH1A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "us-isof-south-1a", + "CidrBlock": "192.168.64.0/19", + "Tags": [ + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": { + "Fn::Sub": "${AWS::StackName}/SubnetPrivateUSISOFSOUTH1A" + } + } + ], + "VpcId": { + "Ref": "VPC" + } + } + }, + "SubnetPrivateUSISOFSOUTH1B": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": "us-isof-south-1b", + "CidrBlock": "192.168.96.0/19", + "Tags": [ + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": { + "Fn::Sub": "${AWS::StackName}/SubnetPrivateUSISOFSOUTH1B" + } + } + ], + "VpcId": { + "Ref": "VPC" + } + } + }, + "VPC": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "192.168.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "Tags": [ + { + "Key": "Name", + "Value": { + "Fn::Sub": "${AWS::StackName}/VPC" + } + } + ] + } + }, + "VPCEndpointEC2": { + "Type": "AWS::EC2::VPCEndpoint", + "Properties": { + "PrivateDnsEnabled": true, + "SecurityGroupIds": [ + "sg-test" + ], + "ServiceName": "com.amazonaws.us-isof-south-1.ec2", + "SubnetIds": [ + { + "Ref": "SubnetPrivateUSISOFSOUTH1A" + }, + { + "Ref": "SubnetPrivateUSISOFSOUTH1B" + } + ], + "VpcEndpointType": "Interface", + "VpcId": { + "Ref": "VPC" + } + } + }, + "VPCEndpointECRAPI": { + "Type": "AWS::EC2::VPCEndpoint", + "Properties": { + "PrivateDnsEnabled": true, + "SecurityGroupIds": [ + "sg-test" + ], + "ServiceName": "gov.ic.hci.csp.us-isof-south-1.ecr.api", + "SubnetIds": [ + { + "Ref": "SubnetPrivateUSISOFSOUTH1A" + }, + { + "Ref": "SubnetPrivateUSISOFSOUTH1B" + } + ], + "VpcEndpointType": "Interface", + "VpcId": { + "Ref": "VPC" + } + } + }, + "VPCEndpointECRDKR": { + "Type": "AWS::EC2::VPCEndpoint", + "Properties": { + "PrivateDnsEnabled": true, + "SecurityGroupIds": [ + "sg-test" + ], + "ServiceName": "gov.ic.hci.csp.us-isof-south-1.ecr.dkr", + "SubnetIds": [ + { + "Ref": "SubnetPrivateUSISOFSOUTH1A" + }, + { + "Ref": "SubnetPrivateUSISOFSOUTH1B" + } + ], + "VpcEndpointType": "Interface", + "VpcId": { + "Ref": "VPC" + } + } + }, + "VPCEndpointS3": { + "Type": "AWS::EC2::VPCEndpoint", + "Properties": { + "RouteTableIds": [ + { + "Ref": "PrivateRouteTableUSISOFSOUTH1A" + }, + { + "Ref": "PrivateRouteTableUSISOFSOUTH1B" + } + ], + "ServiceName": "com.amazonaws.us-isof-south-1.s3", + "VpcEndpointType": "Gateway", + "VpcId": { + "Ref": "VPC" + } + } + }, + "VPCEndpointSTS": { + "Type": "AWS::EC2::VPCEndpoint", + "Properties": { + "PrivateDnsEnabled": true, + "SecurityGroupIds": [ + "sg-test" + ], + "ServiceName": "com.amazonaws.us-isof-south-1.sts", + "SubnetIds": [ + { + "Ref": "SubnetPrivateUSISOFSOUTH1A" + }, + { + "Ref": "SubnetPrivateUSISOFSOUTH1B" + } + ], + "VpcEndpointType": "Interface", + "VpcId": { + "Ref": "VPC" + } + } + } + } +} diff --git a/pkg/cfn/builder/vpc_endpoint_test.go b/pkg/cfn/builder/vpc_endpoint_test.go index 4aa5aa9e0b..7529131b16 100644 --- a/pkg/cfn/builder/vpc_endpoint_test.go +++ b/pkg/cfn/builder/vpc_endpoint_test.go @@ -49,6 +49,12 @@ var _ = Describe("VPC Endpoint Builder", func() { vc.clusterConfig.AvailabilityZones = makeZones("cn-north-1", 2) case api.PartitionISO: vc.clusterConfig.AvailabilityZones = makeZones("us-iso-east-1", 2) + case api.PartitionISOB: + vc.clusterConfig.AvailabilityZones = makeZones("us-isob-east-1", 2) + case api.PartitionISOF: + vc.clusterConfig.AvailabilityZones = makeZones("us-isof-south-1", 2) + case api.PartitionISOE: + vc.clusterConfig.AvailabilityZones = makeZones("eu-isoe-west-1", 2) default: panic("not supported in tests") } @@ -354,6 +360,63 @@ var _ = Describe("VPC Endpoint Builder", func() { }, expectedFile: "vpc_private_iso.json", }), + + Entry("Private cluster in an ISOB region", vpcResourceSetCase{ + clusterConfig: &api.ClusterConfig{ + Metadata: &api.ClusterMeta{ + Region: "us-isob-east-1", + }, + VPC: api.NewClusterVPC(false), + PrivateCluster: &api.PrivateCluster{ + Enabled: true, + }, + }, + createProvider: func() api.ClusterProvider { + provider := mockprovider.NewMockProvider() + mockDescribeVPCEndpoints(provider, serviceDetailsISOBJSON) + provider.SetRegion("us-isob-east-1") + return provider + }, + expectedFile: "vpc_private_isob.json", + }), + + Entry("Private cluster in an ISOF region", vpcResourceSetCase{ + clusterConfig: &api.ClusterConfig{ + Metadata: &api.ClusterMeta{ + Region: "us-isof-south-1", + }, + VPC: api.NewClusterVPC(false), + PrivateCluster: &api.PrivateCluster{ + Enabled: true, + }, + }, + createProvider: func() api.ClusterProvider { + provider := mockprovider.NewMockProvider() + mockDescribeVPCEndpoints(provider, serviceDetailsISOFJSON) + provider.SetRegion("us-isof-south-1") + return provider + }, + expectedFile: "vpc_private_isof.json", + }), + + Entry("Private cluster in an ISOE region", vpcResourceSetCase{ + clusterConfig: &api.ClusterConfig{ + Metadata: &api.ClusterMeta{ + Region: "eu-isoe-west-1", + }, + VPC: api.NewClusterVPC(false), + PrivateCluster: &api.PrivateCluster{ + Enabled: true, + }, + }, + createProvider: func() api.ClusterProvider { + provider := mockprovider.NewMockProvider() + mockDescribeVPCEndpoints(provider, serviceDetailsISOEJSON) + provider.SetRegion("eu-isoe-west-1") + return provider + }, + expectedFile: "vpc_private_isoe.json", + }), ) }) @@ -372,6 +435,15 @@ var serviceDetailsOutpostsChinaJSON []byte //go:embed testdata/service_details_iso.json var serviceDetailsISOJSON []byte +//go:embed testdata/service_details_isob.json +var serviceDetailsISOBJSON []byte + +//go:embed testdata/service_details_isoe.json +var serviceDetailsISOEJSON []byte + +//go:embed testdata/service_details_isof.json +var serviceDetailsISOFJSON []byte + func mockDescribeVPC(provider *mockprovider.MockProvider) { provider.MockEC2().On("DescribeVpcs", mock.Anything, &ec2.DescribeVpcsInput{ VpcIds: []string{"vpc-custom"}, diff --git a/pkg/connector/arn_test.go b/pkg/connector/arn_test.go index 83608ef377..12cc4f97ca 100644 --- a/pkg/connector/arn_test.go +++ b/pkg/connector/arn_test.go @@ -21,6 +21,8 @@ var arnTests = []struct { {"arn:aws:sts::123456789012:assumed-role/Org/Team/Admin/Session", "arn:aws:iam::123456789012:role/Org/Team/Admin", nil}, {"arn:aws-iso:iam::123456789012:user/Chris", "arn:aws-iso:iam::123456789012:user/Chris", nil}, {"arn:aws-iso-b:iam::123456789012:user/Chris", "arn:aws-iso-b:iam::123456789012:user/Chris", nil}, + {"arn:aws-iso-f:iam::123456789012:user/Chris", "arn:aws-iso-f:iam::123456789012:user/Chris", nil}, + {"arn:aws-iso-e:iam::123456789012:user/Chris", "arn:aws-iso-e:iam::123456789012:user/Chris", nil}, } func TestUserARN(t *testing.T) { diff --git a/userdocs/src/getting-started.md b/userdocs/src/getting-started.md index 5bd302c39c..607a76789c 100644 --- a/userdocs/src/getting-started.md +++ b/userdocs/src/getting-started.md @@ -1,7 +1,7 @@ # Getting started !!! tip "New for 2024" - `eksctl` now supports new region Kuala Lumpur (`ap-southeast-5`) + `eksctl` now supports new regions Kuala Lumpur (`ap-southeast-5`), `us-isof-south-1`, `us-isof-east-1` and `eu-isoe-west-1` EKS Add-ons now support receiving IAM permissions via [EKS Pod Identity Associations](/usage/pod-identity-associations/#eks-add-ons-support-for-pod-identity-associations) diff --git a/userdocs/theme/home.html b/userdocs/theme/home.html index 8fb824af8b..2461b311a5 100644 --- a/userdocs/theme/home.html +++ b/userdocs/theme/home.html @@ -541,7 +541,8 @@

Check out latest eksctl features

Creating fully private clusters on AWS Outposts.

Supported Regions - Calgary - (ca-west-1), - US ISO and ISOB - (us-iso-east-1 and us-isob-east-1), + US ISO, ISOB and ISOF - (us-iso-east-1, us-iso-west-1, us-isob-east-1, us-isof-south-1, us-isof-east-1), + EU ISOE - (eu-isoe-west-1), Tel Aviv (il-central-1), Melbourne (ap-southeast-4), Hyderabad (ap-south-2), From 8a3a9747473a1e7ffbe8ad4d2a6b93097f6cd345 Mon Sep 17 00:00:00 2001 From: JD Davis Date: Sat, 11 Jan 2025 21:14:11 +0000 Subject: [PATCH 2/2] fixing linter issues --- cmd/eksctl/logger.go | 2 +- .../tests/crud/creategetdelete_test.go | 4 ++- pkg/actions/accessentry/task.go | 2 +- pkg/actions/addon/tasks.go | 2 +- pkg/actions/anywhere/anywhere.go | 2 +- pkg/actions/podidentityassociation/tasks.go | 2 +- pkg/apis/eksctl.io/v1alpha5/addon.go | 2 +- .../v1alpha5/zz_generated.deepcopy.go | 26 +++++++++++++++++++ pkg/cfn/template/matchers/matchers.go | 2 +- pkg/eks/api_test.go | 6 ++--- pkg/ssh/client/ssh.go | 2 +- 11 files changed, 40 insertions(+), 12 deletions(-) diff --git a/cmd/eksctl/logger.go b/cmd/eksctl/logger.go index 37a1c5ec94..f36a5c2bc1 100644 --- a/cmd/eksctl/logger.go +++ b/cmd/eksctl/logger.go @@ -101,7 +101,7 @@ func dumpLogsToDisk(logBuffer *bytes.Buffer, errorString string) error { if _, err := os.Stat("logs/"); os.IsNotExist(err) { if err := os.Mkdir("logs/", 0755); err != nil { - return fmt.Errorf(err.Error()) + return fmt.Errorf("%s", err.Error()) } } diff --git a/integration/tests/crud/creategetdelete_test.go b/integration/tests/crud/creategetdelete_test.go index 22fa5dba79..6d1b6cdb3a 100644 --- a/integration/tests/crud/creategetdelete_test.go +++ b/integration/tests/crud/creategetdelete_test.go @@ -1271,7 +1271,9 @@ func createAdditionalSubnet(cfg *api.ClusterConfig) string { var ( i1, i2, i3, i4, ic int ) - fmt.Sscanf(cidr, "%d.%d.%d.%d/%d", &i1, &i2, &i3, &i4, &ic) + n, err := fmt.Sscanf(cidr, "%d.%d.%d.%d/%d", &i1, &i2, &i3, &i4, &ic) + Expect(err).NotTo(HaveOccurred()) + Expect(n > 4).To(BeTrue()) cidr = fmt.Sprintf("%d.%d.%s.%d/%d", i1, i2, "255", i4, ic) var tags []ec2types.Tag diff --git a/pkg/actions/accessentry/task.go b/pkg/actions/accessentry/task.go index 7860c0faf9..feea5a2aa7 100644 --- a/pkg/actions/accessentry/task.go +++ b/pkg/actions/accessentry/task.go @@ -136,7 +136,7 @@ func runAllTasks(taskTree *tasks.TaskTree) error { for _, err := range errs { allErrs = append(allErrs, err.Error()) } - return fmt.Errorf(strings.Join(allErrs, "\n")) + return fmt.Errorf("%s", strings.Join(allErrs, "\n")) } completedAction := func() string { if taskTree.PlanMode { diff --git a/pkg/actions/addon/tasks.go b/pkg/actions/addon/tasks.go index b3b0d88385..113cf473a7 100644 --- a/pkg/actions/addon/tasks.go +++ b/pkg/actions/addon/tasks.go @@ -221,7 +221,7 @@ func runAllTasks(taskTree *tasks.TaskTree) error { for _, err := range errs { allErrs = append(allErrs, err.Error()) } - return fmt.Errorf(strings.Join(allErrs, "\n")) + return fmt.Errorf("%s", strings.Join(allErrs, "\n")) } completedAction := func() string { if taskTree.PlanMode { diff --git a/pkg/actions/anywhere/anywhere.go b/pkg/actions/anywhere/anywhere.go index 9d38dca7c8..0736ccc135 100644 --- a/pkg/actions/anywhere/anywhere.go +++ b/pkg/actions/anywhere/anywhere.go @@ -38,7 +38,7 @@ func IsAnywhereCommand(args []string) (bool, error) { // RunAnywhereCommand executes the anywhere binary. func RunAnywhereCommand(args []string) (int, error) { if _, err := exec.LookPath(BinaryFileName); errors.Is(err, exec.ErrNotFound) { - return 1, fmt.Errorf(fmt.Sprintf("%q plugin was not found on your path", BinaryFileName)) + return 1, fmt.Errorf("%s", fmt.Sprintf("%q plugin was not found on your path", BinaryFileName)) } else if err != nil { return 1, fmt.Errorf("failed to lookup anywhere plugin: %w", err) } diff --git a/pkg/actions/podidentityassociation/tasks.go b/pkg/actions/podidentityassociation/tasks.go index 7f9783c2bd..1b1094b4ed 100644 --- a/pkg/actions/podidentityassociation/tasks.go +++ b/pkg/actions/podidentityassociation/tasks.go @@ -246,7 +246,7 @@ func runAllTasks(taskTree *tasks.TaskTree) error { for _, err := range errs { allErrs = append(allErrs, err.Error()) } - return fmt.Errorf(strings.Join(allErrs, "\n")) + return fmt.Errorf("%s", strings.Join(allErrs, "\n")) } completedAction := func() string { if taskTree.PlanMode { diff --git a/pkg/apis/eksctl.io/v1alpha5/addon.go b/pkg/apis/eksctl.io/v1alpha5/addon.go index 707572c0cb..c6960b7880 100644 --- a/pkg/apis/eksctl.io/v1alpha5/addon.go +++ b/pkg/apis/eksctl.io/v1alpha5/addon.go @@ -171,7 +171,7 @@ func (a Addon) checkAtMostOnePolicyProviderIsSet() error { setPolicyProviders++ } - if a.AttachPolicyARNs != nil && len(a.AttachPolicyARNs) > 0 { + if len(a.AttachPolicyARNs) > 0 { setPolicyProviders++ } diff --git a/pkg/apis/eksctl.io/v1alpha5/zz_generated.deepcopy.go b/pkg/apis/eksctl.io/v1alpha5/zz_generated.deepcopy.go index 80f5aabd88..5b6287bf1d 100644 --- a/pkg/apis/eksctl.io/v1alpha5/zz_generated.deepcopy.go +++ b/pkg/apis/eksctl.io/v1alpha5/zz_generated.deepcopy.go @@ -1385,6 +1385,11 @@ func (in *ManagedNodeGroup) DeepCopyInto(out *ManagedNodeGroup) { *out = new(LaunchTemplate) (*in).DeepCopyInto(*out) } + if in.NodeRepairConfig != nil { + in, out := &in.NodeRepairConfig, &out.NodeRepairConfig + *out = new(NodeGroupNodeRepairConfig) + (*in).DeepCopyInto(*out) + } return } @@ -1862,6 +1867,27 @@ func (in *NodeGroupInstancesDistribution) DeepCopy() *NodeGroupInstancesDistribu return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeGroupNodeRepairConfig) DeepCopyInto(out *NodeGroupNodeRepairConfig) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeGroupNodeRepairConfig. +func (in *NodeGroupNodeRepairConfig) DeepCopy() *NodeGroupNodeRepairConfig { + if in == nil { + return nil + } + out := new(NodeGroupNodeRepairConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodeGroupSGs) DeepCopyInto(out *NodeGroupSGs) { *out = *in diff --git a/pkg/cfn/template/matchers/matchers.go b/pkg/cfn/template/matchers/matchers.go index 89c1354b48..a5706615d3 100644 --- a/pkg/cfn/template/matchers/matchers.go +++ b/pkg/cfn/template/matchers/matchers.go @@ -366,7 +366,7 @@ func (m *commonMatcher) matchJSON(actual interface{}, js []byte) (bool, error) { return false, nil } if !ok { - m.err = fmt.Errorf(jsMatcher.FailureMessage(js)) + m.err = fmt.Errorf("%s", jsMatcher.FailureMessage(js)) } return ok, nil } diff --git a/pkg/eks/api_test.go b/pkg/eks/api_test.go index 707f76ccf2..3b6ce137c0 100644 --- a/pkg/eks/api_test.go +++ b/pkg/eks/api_test.go @@ -100,7 +100,7 @@ var _ = Describe("eksctl API", func() { }, Entry("fails to load default config", newAWSProviderEntry{ updateFakes: func(fal *fakes.FakeAWSConfigurationLoader) { - fal.LoadDefaultConfigReturns(*aws.NewConfig(), fmt.Errorf(genericError)) + fal.LoadDefaultConfigReturns(*aws.NewConfig(), fmt.Errorf("%v", genericError)) }, err: genericError, }), @@ -170,7 +170,7 @@ var _ = Describe("eksctl API", func() { }, Entry("fails to create the AWS provider", newClusterProviderEntry{ overwriteAWSProviderBuilderMock: func(pc *api.ProviderConfig, acl AWSConfigurationLoader) (api.ClusterProvider, error) { - return nil, fmt.Errorf(genericError) + return nil, fmt.Errorf("%v", genericError) }, err: genericError, }), @@ -178,7 +178,7 @@ var _ = Describe("eksctl API", func() { updateMocks: func(mp *mockprovider.MockProvider) { _, _ = mp.STS().GetCallerIdentity(context.Background(), nil) mp.MockSTS().On("GetCallerIdentity", mock.Anything, mock.Anything).Return( - nil, fmt.Errorf(genericError), + nil, fmt.Errorf("%v", genericError), ).Once() }, err: fmt.Sprintf("checking AWS STS access – cannot get role ARN for current session: %s", genericError), diff --git a/pkg/ssh/client/ssh.go b/pkg/ssh/client/ssh.go index 9847769b8c..44a2bb4a90 100644 --- a/pkg/ssh/client/ssh.go +++ b/pkg/ssh/client/ssh.go @@ -184,7 +184,7 @@ func findKeyInEC2(ctx context.Context, ec2API awsapi.EC2, name string) (*ec2type if errors.As(err, &ae) && ae.ErrorCode() == "InvalidKeyPair.NotFound" { return nil, nil } - return nil, errors.Wrapf(err, fmt.Sprintf("searching for SSH public key %q in EC2", name)) + return nil, errors.Wrapf(err, "%s", fmt.Sprintf("searching for SSH public key %q in EC2", name)) } if len(output.KeyPairs) != 1 {