diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/README.md b/packages/@aws-cdk/aws-eks-v2-alpha/README.md index 422c2b57d9ad5..4006a2bb83b5b 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/README.md +++ b/packages/@aws-cdk/aws-eks-v2-alpha/README.md @@ -100,6 +100,122 @@ new eks.Cluster(this, 'hello-eks', { }); ``` +## EKS Auto Mode + +[Amazon EKS Auto Mode](https://aws.amazon.com/eks/auto-mode/) extends AWS management of Kubernetes clusters beyond the cluster itself, allowing AWS to set up and manage the infrastructure that enables the smooth operation of your workloads. + +### Using Auto Mode + +While `aws-eks` uses `DefaultCapacityType.NODEGROUP` by default, `aws-eks-v2` uses `DefaultCapacityType.AUTOMODE` as the default capacity type. + +Auto Mode is enabled by default when creating a new cluster without specifying any capacity-related properties: + +```ts +// Create EKS cluster with Auto Mode implicitly enabled +const cluster = new eks.Cluster(this, 'EksAutoCluster', { + version: eks.KubernetesVersion.V1_32, +}); +``` + +You can also explicitly enable Auto Mode using `defaultCapacityType`: + +```ts +// Create EKS cluster with Auto Mode explicitly enabled +const cluster = new eks.Cluster(this, 'EksAutoCluster', { + version: eks.KubernetesVersion.V1_32, + defaultCapacityType: eks.DefaultCapacityType.AUTOMODE, +}); +``` + +### Node Pools + +When Auto Mode is enabled, the cluster comes with two default node pools: + +- `system`: For running system components and add-ons +- `general-purpose`: For running your application workloads + +These node pools are managed automatically by EKS. You can configure which node pools to enable through the `compute` property: + +```ts +const cluster = new eks.Cluster(this, 'EksAutoCluster', { + version: eks.KubernetesVersion.V1_32, + defaultCapacityType: eks.DefaultCapacityType.AUTOMODE, + compute: { + nodePools: ['system', 'general-purpose'], + }, +}); +``` + +For more information, see [Create a Node Pool for EKS Auto Mode](https://docs.aws.amazon.com/eks/latest/userguide/create-node-pool.html). + +### Node Groups as the default capacity type + +If you prefer to manage your own node groups instead of using Auto Mode, you can use the traditional node group approach by specifying `defaultCapacityType` as `NODEGROUP`: + +```ts +// Create EKS cluster with traditional managed node group +const cluster = new eks.Cluster(this, 'EksCluster', { + version: eks.KubernetesVersion.V1_32, + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, + defaultCapacity: 3, // Number of instances + defaultCapacityInstance: ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.LARGE), +}); +``` + +You can also create a cluster with no initial capacity and add node groups later: + +```ts +const cluster = new eks.Cluster(this, 'EksCluster', { + version: eks.KubernetesVersion.V1_32, + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, + defaultCapacity: 0, +}); + +// Add node groups as needed +cluster.addNodegroupCapacity('custom-node-group', { + minSize: 1, + maxSize: 3, + instanceTypes: [ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.LARGE)], +}); +``` + +Read [Managed node groups](#managed-node-groups) for more information on how to add node groups to the cluster. + +### Mixed with Auto Mode and Node Groups + +You can combine Auto Mode with traditional node groups for specific workload requirements: + +```ts +const cluster = new eks.Cluster(this, 'Cluster', { + version: eks.KubernetesVersion.V1_32, + defaultCapacityType: eks.DefaultCapacityType.AUTOMODE, + compute: { + nodePools: ['system', 'general-purpose'], + }, +}); + +// Add specialized node group for specific workloads +cluster.addNodegroupCapacity('specialized-workload', { + minSize: 1, + maxSize: 3, + instanceTypes: [ec2.InstanceType.of(ec2.InstanceClass.C5, ec2.InstanceSize.XLARGE)], + labels: { + workload: 'specialized', + }, +}); +``` + +### Important Notes + +1. Auto Mode and traditional capacity management are mutually exclusive at the default capacity level. You cannot opt in to Auto Mode and specify `defaultCapacity` or `defaultCapacityInstance`. + +2. When Auto Mode is enabled: + - The cluster will automatically manage compute resources + - Node pools cannot be modified, only enabled or disabled + - EKS will handle scaling and management of the node pools + +3. Auto Mode requires specific IAM permissions. The construct will automatically attach the required managed policies. + ### Managed node groups Amazon EKS managed node groups automate the provisioning and lifecycle management of nodes (Amazon EC2 instances) for Amazon EKS Kubernetes clusters. @@ -107,15 +223,21 @@ With Amazon EKS managed node groups, you don't need to separately provision or r > For more details visit [Amazon EKS Managed Node Groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html). -**Managed Node Groups are the recommended way to allocate cluster capacity.** +By default, when using `DefaultCapacityType.NODEGROUP`, this library will allocate a managed node group with 2 *m5.large* instances (this instance type suits most common use-cases, and is good value for money). -By default, this library will allocate a managed node group with 2 *m5.large* instances (this instance type suits most common use-cases, and is good value for money). +```ts +new eks.Cluster(this, 'HelloEKS', { + version: eks.KubernetesVersion.V1_32, + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, +}); +``` At cluster instantiation time, you can customize the number of instances and their type: ```ts new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_32, + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, defaultCapacity: 5, defaultCapacityInstance: ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.SMALL), }); @@ -128,6 +250,7 @@ Additional customizations are available post instantiation. To apply them, set t ```ts const cluster = new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_32, + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, defaultCapacity: 0, }); diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/lib/cluster.ts b/packages/@aws-cdk/aws-eks-v2-alpha/lib/cluster.ts index 8867abf0f7682..cb7c73fa4134c 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/lib/cluster.ts +++ b/packages/@aws-cdk/aws-eks-v2-alpha/lib/cluster.ts @@ -22,7 +22,7 @@ import * as ec2 from 'aws-cdk-lib/aws-ec2'; import * as iam from 'aws-cdk-lib/aws-iam'; import * as kms from 'aws-cdk-lib/aws-kms'; import * as ssm from 'aws-cdk-lib/aws-ssm'; -import { Annotations, CfnOutput, CfnResource, IResource, Resource, Tags, Token, Duration, ArnComponents } from 'aws-cdk-lib/core'; +import { Annotations, CfnOutput, CfnResource, IResource, Resource, Tags, Token, Duration, ArnComponents, Stack } from 'aws-cdk-lib/core'; import { CfnCluster } from 'aws-cdk-lib/aws-eks'; import { MethodMetadata, addConstructMetadata } from 'aws-cdk-lib/core/lib/metadata-resource'; @@ -519,10 +519,43 @@ export class EndpointAccess { } } +/** + * Options for configuring EKS Auto Mode compute settings. + * When enabled, EKS will automatically manage compute resources like node groups and Fargate profiles. + */ +export interface ComputeConfig { + /** + * Names of nodePools to include in Auto Mode. + * You cannot modify the built in system and general-purpose node pools. You can only enable or disable them. + * Node pool values are case-sensitive and must be `general-purpose` and/or `system`. + * + * @see - https://docs.aws.amazon.com/eks/latest/userguide/create-node-pool.html + * + * @default - ['system', 'general-purpose'] + */ + readonly nodePools?: string[]; + + /** + * IAM role for the nodePools. + * + * @see - https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html + * + * @default - generated by the CDK + */ + readonly nodeRole?: iam.IRole; + +} + /** * Properties for configuring a standard EKS cluster (non-Fargate) */ export interface ClusterProps extends ClusterCommonOptions { + /** + * Configuration for compute settings in Auto Mode. + * When enabled, EKS will automatically manage compute resources. + * @default - Auto Mode compute disabled + */ + readonly compute?: ComputeConfig; /** * Number of instances to allocate as an initial capacity for this cluster. @@ -560,6 +593,15 @@ export interface ClusterProps extends ClusterCommonOptions { * @default true */ readonly bootstrapClusterCreatorAdminPermissions?: boolean; + + /** + * Determines whether a CloudFormation output with the `aws eks + * update-kubeconfig` command will be synthesized. This command will include + * the cluster name and, if applicable, the ARN of the masters IAM role. + * + * @default true + */ + readonly outputConfigCommand?: boolean; } /** @@ -1055,6 +1097,33 @@ export class Cluster extends ClusterBase { ], }); + // validate all automode relevant configurations + const autoModeEnabled = this.isValidAutoModeConfig(props); + + if (autoModeEnabled) { + // attach required managed policy for the cluster role in EKS Auto Mode + // see - https://docs.aws.amazon.com/eks/latest/userguide/auto-cluster-iam-role.html + ['AmazonEKSComputePolicy', + 'AmazonEKSBlockStoragePolicy', + 'AmazonEKSLoadBalancingPolicy', + 'AmazonEKSNetworkingPolicy'].forEach((policyName) => { + this.role.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName(policyName)); + }); + + // sts:TagSession is required for EKS Auto Mode or when using EKS Pod Identity features. + // see https://docs.aws.amazon.com/eks/latest/userguide/pod-id-role.html + // https://docs.aws.amazon.com/eks/latest/userguide/automode-get-started-cli.html#_create_an_eks_auto_mode_cluster_iam_role + if (this.role instanceof iam.Role) { + this.role.assumeRolePolicy?.addStatements( + new iam.PolicyStatement({ + effect: iam.Effect.ALLOW, + principals: [new iam.ServicePrincipal('eks.amazonaws.com')], + actions: ['sts:TagSession'], + }), + ); + } + } + const securityGroup = props.securityGroup || new ec2.SecurityGroup(this, 'ControlPlaneSecurityGroup', { vpc: this.vpc, description: 'EKS Control Plane Security Group', @@ -1109,6 +1178,25 @@ export class Cluster extends ClusterBase { authenticationMode: 'API', bootstrapClusterCreatorAdminPermissions: props.bootstrapClusterCreatorAdminPermissions, }, + computeConfig: { + enabled: autoModeEnabled, + // If the computeConfig enabled flag is set to false when creating a cluster with Auto Mode, + // the request must not include values for the nodeRoleArn or nodePools fields. + nodePools: !autoModeEnabled ? undefined : props.compute?.nodePools ?? ['system', 'general-purpose'], + nodeRoleArn: !autoModeEnabled ? undefined : props.compute?.nodeRole?.roleArn ?? this.addNodePoolRole(`${id}nodePoolRole`).roleArn, + }, + storageConfig: { + blockStorage: { + enabled: autoModeEnabled, + }, + }, + kubernetesNetworkConfig: { + ipFamily: this.ipFamily, + serviceIpv4Cidr: props.serviceIpv4Cidr, + elasticLoadBalancing: { + enabled: autoModeEnabled, + }, + }, resourcesVpcConfig: { securityGroupIds: [securityGroup.securityGroupId], subnetIds, @@ -1124,10 +1212,6 @@ export class Cluster extends ClusterBase { resources: ['secrets'], }], } : {}), - kubernetesNetworkConfig: { - ipFamily: this.ipFamily, - serviceIpv4Cidr: props.serviceIpv4Cidr, - }, tags: Object.keys(props.tags ?? {}).map(k => ({ key: k, value: props.tags![k] })), logging: this.logging, }); @@ -1177,6 +1261,11 @@ export class Cluster extends ClusterBase { defaultPort: ec2.Port.tcp(443), // Control Plane has an HTTPS API }); + const stack = Stack.of(this); + const updateConfigCommandPrefix = `aws eks update-kubeconfig --name ${this.clusterName}`; + const getTokenCommandPrefix = `aws eks get-token --cluster-name ${this.clusterName}`; + const commonCommandOptions = [`--region ${stack.region}`]; + if (props.kubectlProviderOptions) { this._kubectlProvider = new KubectlProvider(this, 'KubectlProvider', { cluster: this, @@ -1199,29 +1288,51 @@ export class Cluster extends ClusterBase { // do not create a masters role if one is not provided. Trusting the accountRootPrincipal() is too permissive. if (props.mastersRole) { + const mastersRole = props.mastersRole; this.grantAccess('mastersRoleAccess', props.mastersRole.roleArn, [ AccessPolicy.fromAccessPolicyName('AmazonEKSClusterAdminPolicy', { accessScopeType: AccessScopeType.CLUSTER, }), ]); + + commonCommandOptions.push(`--role-arn ${mastersRole.roleArn}`); } if (props.albController) { this.albController = AlbController.create(this, { ...props.albController, cluster: this }); } - // allocate default capacity if non-zero (or default). - const minCapacity = props.defaultCapacity ?? DEFAULT_CAPACITY_COUNT; - if (minCapacity > 0) { - const instanceType = props.defaultCapacityInstance || DEFAULT_CAPACITY_TYPE; - this.defaultCapacity = props.defaultCapacityType === DefaultCapacityType.EC2 ? - this.addAutoScalingGroupCapacity('DefaultCapacity', { instanceType, minCapacity }) : undefined; + // if any of defaultCapacity* properties are set, we need a default capacity(nodegroup) + if (props.defaultCapacity !== undefined || + props.defaultCapacityType !== undefined || + props.defaultCapacityInstance !== undefined) { + const minCapacity = props.defaultCapacity ?? DEFAULT_CAPACITY_COUNT; + if (minCapacity > 0) { + const instanceType = props.defaultCapacityInstance || DEFAULT_CAPACITY_TYPE; + // If defaultCapacityType is undefined, use AUTOMODE as the default + const capacityType = props.defaultCapacityType ?? DefaultCapacityType.AUTOMODE; + + // Only create EC2 or Nodegroup capacity if not using AUTOMODE + if (capacityType === DefaultCapacityType.EC2) { + this.defaultCapacity = this.addAutoScalingGroupCapacity('DefaultCapacity', { instanceType, minCapacity }); + } else if (capacityType === DefaultCapacityType.NODEGROUP) { + this.defaultNodegroup = this.addNodegroupCapacity('DefaultCapacity', { instanceTypes: [instanceType], minSize: minCapacity }); + } + // For AUTOMODE, we don't create any explicit capacity as it's managed by EKS + } + } - this.defaultNodegroup = props.defaultCapacityType !== DefaultCapacityType.EC2 ? - this.addNodegroupCapacity('DefaultCapacity', { instanceTypes: [instanceType], minSize: minCapacity }) : undefined; + // ensure FARGATE still applies here + if (props.coreDnsComputeType === CoreDnsComputeType.FARGATE) { + this.defineCoreDnsComputeType(CoreDnsComputeType.FARGATE); } - this.defineCoreDnsComputeType(props.coreDnsComputeType ?? CoreDnsComputeType.EC2); + const outputConfigCommand = (props.outputConfigCommand ?? true) && props.mastersRole; + if (outputConfigCommand) { + const postfix = commonCommandOptions.join(' '); + new CfnOutput(this, 'ConfigCommand', { value: `${updateConfigCommandPrefix} ${postfix}` }); + new CfnOutput(this, 'GetTokenCommand', { value: `${getTokenCommandPrefix} ${postfix}` }); + } } /** @@ -1436,6 +1547,55 @@ export class Cluster extends ClusterBase { return this._fargateProfiles; } + /** + * validate all autoMode relevant configurations to ensure they are correct and throw + * errors if they are not. + * + * @param props ClusterProps + * + */ + private isValidAutoModeConfig(props: ClusterProps): boolean { + const autoModeEnabled = props.defaultCapacityType === undefined || props.defaultCapacityType == DefaultCapacityType.AUTOMODE; + // if using AUTOMODE + if (autoModeEnabled) { + // When using AUTOMODE, nodePools values are case-sensitive and must be general-purpose and/or system + if (props.compute?.nodePools) { + const validNodePools = ['general-purpose', 'system']; + const invalidPools = props.compute.nodePools.filter(pool => !validNodePools.includes(pool)); + if (invalidPools.length > 0) { + throw new Error(`Invalid node pool values: ${invalidPools.join(', ')}. Valid values are: ${validNodePools.join(', ')}`); + } + } + + // When using AUTOMODE, defaultCapacity and defaultCapacityInstance cannot be specified + if (props.defaultCapacity !== undefined || props.defaultCapacityInstance !== undefined) { + throw new Error('Cannot specify defaultCapacity or defaultCapacityInstance when using Auto Mode. Auto Mode manages compute resources automatically.'); + } + } else { + // if NOT using AUTOMODE + if (props.compute) { + // When not using AUTOMODE, compute must be undefined + throw new Error('Cannot specify compute without using DefaultCapacityType.AUTOMODE'); + } + } + + return autoModeEnabled; + } + + private addNodePoolRole(id: string): iam.Role { + const role = new iam.Role(this, id, { + assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'), + // to be able to access the AWSLoadBalancerController + managedPolicies: [ + // see https://docs.aws.amazon.com/eks/latest/userguide/automode-get-started-cli.html#auto-mode-create-roles + iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEKSWorkerNodePolicy'), + iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEC2ContainerRegistryReadOnly'), + ], + }); + + return role; + } + /** * Adds an access entry to the cluster's access entries map. * @@ -1931,6 +2091,10 @@ export enum DefaultCapacityType { * EC2 autoscaling group */ EC2, + /** + * Auto Mode + */ + AUTOMODE, } /** @@ -1976,4 +2140,3 @@ function clusterArnComponents(clusterName: string): ArnComponents { resourceName: clusterName, }; } - diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/lib/fargate-cluster.ts b/packages/@aws-cdk/aws-eks-v2-alpha/lib/fargate-cluster.ts index ed6856cd8813f..17857c3791701 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/lib/fargate-cluster.ts +++ b/packages/@aws-cdk/aws-eks-v2-alpha/lib/fargate-cluster.ts @@ -1,5 +1,5 @@ import { Construct } from 'constructs'; -import { Cluster, ClusterCommonOptions, CoreDnsComputeType } from './cluster'; +import { Cluster, ClusterCommonOptions, CoreDnsComputeType, DefaultCapacityType } from './cluster'; import { FargateProfile, FargateProfileOptions } from './fargate-profile'; import { addConstructMetadata } from 'aws-cdk-lib/core/lib/metadata-resource'; @@ -33,6 +33,7 @@ export class FargateCluster extends Cluster { super(scope, id, { ...props, defaultCapacity: 0, + defaultCapacityType: DefaultCapacityType.NODEGROUP, coreDnsComputeType: props.coreDnsComputeType ?? CoreDnsComputeType.FARGATE, version: props.version, }); diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/automode.test.ts b/packages/@aws-cdk/aws-eks-v2-alpha/test/automode.test.ts new file mode 100644 index 0000000000000..3ba2b0ecb72ab --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/automode.test.ts @@ -0,0 +1,323 @@ +import { Template, Match } from 'aws-cdk-lib/assertions'; +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as iam from 'aws-cdk-lib/aws-iam'; +import * as eks from '../lib'; +import { testFixtureNoVpc } from './util'; + +const CLUSTER_VERSION = eks.KubernetesVersion.V1_32; + +describe('eks auto mode', () => { + describe('basic configuration', () => { + test('auto mode is enabled by default', () => { + const { stack } = testFixtureNoVpc(); + new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::EKS::Cluster', { + ComputeConfig: { + Enabled: true, + NodePools: ['system', 'general-purpose'], + }, + KubernetesNetworkConfig: { + ElasticLoadBalancing: { + Enabled: true, + }, + }, + StorageConfig: { + BlockStorage: { + Enabled: true, + }, + }, + }); + }); + + test('auto mode can be explicitly enabled', () => { + const { stack } = testFixtureNoVpc(); + new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + defaultCapacityType: eks.DefaultCapacityType.AUTOMODE, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::EKS::Cluster', { + ComputeConfig: { + Enabled: true, + NodePools: ['system', 'general-purpose'], + }, + KubernetesNetworkConfig: { + ElasticLoadBalancing: { + Enabled: true, + }, + }, + StorageConfig: { + BlockStorage: { + Enabled: true, + }, + }, + }); + }); + }); + + describe('default capacity interactions', () => { + test('throws when defaultCapacity is set with auto mode', () => { + const { stack } = testFixtureNoVpc(); + expect(() => { + new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + defaultCapacityType: eks.DefaultCapacityType.AUTOMODE, + defaultCapacity: 2, + }); + }).toThrow(/Cannot specify defaultCapacity or defaultCapacityInstance when using Auto Mode/); + }); + + test('throws when defaultCapacityInstance is set with auto mode', () => { + const { stack } = testFixtureNoVpc(); + expect(() => { + new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + defaultCapacityType: eks.DefaultCapacityType.AUTOMODE, + defaultCapacityInstance: ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.MEDIUM), + }); + }).toThrow(/Cannot specify defaultCapacity or defaultCapacityInstance when using Auto Mode/); + }); + + test('allows nodegroup with specific capacity settings', () => { + const { stack } = testFixtureNoVpc(); + new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, + defaultCapacity: 3, + defaultCapacityInstance: ec2.InstanceType.of(ec2.InstanceClass.T3, ec2.InstanceSize.LARGE), + }); + + const template = Template.fromStack(stack); + template.hasResourceProperties('AWS::EKS::Cluster', { + ComputeConfig: { + Enabled: false, + }, + }); + + template.hasResourceProperties('AWS::EKS::Nodegroup', { + ScalingConfig: { + DesiredSize: 3, + MinSize: 3, + }, + InstanceTypes: ['t3.large'], + }); + }); + }); + + describe('node pool configuration', () => { + test('throws when nodePools specified without auto mode', () => { + const { stack } = testFixtureNoVpc(); + expect(() => { + new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, + compute: { + nodePools: ['system', 'general-purpose'], + }, + }); + }).toThrow(/Cannot specify compute without using DefaultCapacityType.AUTOMODE/); + }); + + test('throws when nodeRole specified without auto mode', () => { + const { stack } = testFixtureNoVpc(); + const customRole = new iam.Role(stack, 'CustomRole', { + assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'), + }); + + expect(() => { + new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, + compute: { + nodeRole: customRole, + }, + }); + }).toThrow(/Cannot specify compute without using DefaultCapacityType.AUTOMODE/); + }); + + test('throws when both nodePools and nodeRole specified without auto mode', () => { + const { stack } = testFixtureNoVpc(); + const customRole = new iam.Role(stack, 'CustomRole', { + assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'), + }); + + expect(() => { + new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, + compute: { + nodePools: ['system', 'general-purpose'], + nodeRole: customRole, + }, + }); + }).toThrow(/Cannot specify compute without using DefaultCapacityType.AUTOMODE/); + }); + + test('validates node pool values', () => { + const { stack } = testFixtureNoVpc(); + expect(() => { + new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + defaultCapacityType: eks.DefaultCapacityType.AUTOMODE, + compute: { + nodePools: ['invalid-pool'], + }, + }); + }).toThrow(/Invalid node pool values: invalid-pool. Valid values are: general-purpose, system/); + }); + + test('validates case-sensitive node pool values', () => { + const { stack } = testFixtureNoVpc(); + expect(() => { + new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + defaultCapacityType: eks.DefaultCapacityType.AUTOMODE, + compute: { + nodePools: ['System', 'GENERAL-PURPOSE'], + }, + }); + }).toThrow(/Invalid node pool values: System, GENERAL-PURPOSE. Valid values are: general-purpose, system/); + }); + + test('configures node pools in correct order', () => { + const { stack } = testFixtureNoVpc(); + new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + defaultCapacityType: eks.DefaultCapacityType.AUTOMODE, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::EKS::Cluster', { + ComputeConfig: { + NodePools: Match.arrayEquals(['system', 'general-purpose']), + }, + }); + }); + + test('supports custom node role(new role)', () => { + const { stack } = testFixtureNoVpc(); + const customRole = new iam.Role(stack, 'CustomRole', { + assumedBy: new iam.ServicePrincipal('ec2.amazonaws.com'), + }); + + new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + defaultCapacityType: eks.DefaultCapacityType.AUTOMODE, + compute: { + nodeRole: customRole, + }, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::EKS::Cluster', { + ComputeConfig: { + NodeRoleArn: { 'Fn::GetAtt': ['CustomRole6D8E6809', 'Arn'] }, + }, + }); + }); + + test('supports custom node role(imported role)', () => { + const { stack } = testFixtureNoVpc(); + const customRole = iam.Role.fromRoleArn(stack, 'CustomRole', 'arn:aws:iam::123456789012:role/CustomRole'); + + new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + defaultCapacityType: eks.DefaultCapacityType.AUTOMODE, + compute: { + nodeRole: customRole, + }, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::EKS::Cluster', { + ComputeConfig: { + NodeRoleArn: 'arn:aws:iam::123456789012:role/CustomRole', + }, + }); + }); + }); + + describe('network configuration', () => { + test('supports private endpoint access', () => { + const { stack } = testFixtureNoVpc(); + new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + defaultCapacityType: eks.DefaultCapacityType.AUTOMODE, + endpointAccess: eks.EndpointAccess.PRIVATE, + }); + + Template.fromStack(stack).hasResourceProperties('AWS::EKS::Cluster', { + ResourcesVpcConfig: Match.objectLike({ + EndpointPrivateAccess: true, + EndpointPublicAccess: false, + }), + KubernetesNetworkConfig: { + ElasticLoadBalancing: { + Enabled: true, + }, + }, + }); + }); + }); + + describe('mixed scenarios', () => { + test('supports auto mode with explicit node groups', () => { + const { stack } = testFixtureNoVpc(); + const cluster = new eks.Cluster(stack, 'Cluster', { + version: CLUSTER_VERSION, + defaultCapacityType: eks.DefaultCapacityType.AUTOMODE, + }); + + cluster.addNodegroupCapacity('CpuNodegroup', { + minSize: 1, + instanceTypes: [ec2.InstanceType.of(ec2.InstanceClass.C5, ec2.InstanceSize.XLARGE)], + labels: { workload: 'cpu-intensive' }, + }); + + cluster.addNodegroupCapacity('MemoryNodegroup', { + minSize: 1, + instanceTypes: [ec2.InstanceType.of(ec2.InstanceClass.R5, ec2.InstanceSize.XLARGE)], + labels: { workload: 'memory-intensive' }, + }); + + const template = Template.fromStack(stack); + template.hasResourceProperties('AWS::EKS::Cluster', { + ComputeConfig: { + Enabled: true, + NodePools: ['system', 'general-purpose'], + }, + }); + + template.resourceCountIs('AWS::EKS::Nodegroup', 2); + // cluster should support auto mode + template.hasResourceProperties('AWS::EKS::Cluster', { + ComputeConfig: { + Enabled: true, + NodePools: ['system', 'general-purpose'], + }, + StorageConfig: { + BlockStorage: { + Enabled: true, + }, + }, + KubernetesNetworkConfig: { + ElasticLoadBalancing: { + Enabled: true, + }, + }, + }); + // as well as nodegroups + template.hasResourceProperties('AWS::EKS::Nodegroup', { + ScalingConfig: { MinSize: 1 }, + InstanceTypes: ['c5.xlarge'], + Labels: { workload: 'cpu-intensive' }, + }); + + template.hasResourceProperties('AWS::EKS::Nodegroup', { + ScalingConfig: { MinSize: 1 }, + InstanceTypes: ['r5.xlarge'], + Labels: { workload: 'memory-intensive' }, + }); + }); + }); +}); diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/cluster.test.ts b/packages/@aws-cdk/aws-eks-v2-alpha/test/cluster.test.ts index 721772a9e746e..5ccb76d78a124 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/cluster.test.ts +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/cluster.test.ts @@ -20,6 +20,11 @@ import { BottleRocketImage } from '../lib/private/bottlerocket'; /* eslint-disable max-len */ const CLUSTER_VERSION = eks.KubernetesVersion.V1_32; +const commonProps = { + version: CLUSTER_VERSION, + defaultCapacity: 0, + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, +}; describe('cluster', () => { test('can configure and access ALB controller', () => { @@ -66,8 +71,7 @@ describe('cluster', () => { expect(() => new eks.Cluster(stack, 'Cluster', { vpc: vpc, vpcSubnets: [{ subnetType: ec2.SubnetType.PUBLIC }, { subnetType: ec2.SubnetType.PRIVATE_WITH_EGRESS }], - defaultCapacity: 0, - version: eks.KubernetesVersion.V1_31, + ...commonProps, })).toThrow(/cannot select multiple subnet groups/); }); @@ -76,8 +80,7 @@ describe('cluster', () => { new eks.Cluster(stack, 'Cluster', { vpc: vpc, vpcSubnets: [{ subnetType: ec2.SubnetType.PUBLIC }], - defaultCapacity: 0, - version: eks.KubernetesVersion.V1_31, + ...commonProps, }); // THEN @@ -124,8 +127,7 @@ describe('cluster', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, }); @@ -147,7 +149,7 @@ describe('cluster', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - version: CLUSTER_VERSION, + ...commonProps, }); // WHEN @@ -166,8 +168,7 @@ describe('cluster', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, }); @@ -198,8 +199,7 @@ describe('cluster', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, }); @@ -224,7 +224,7 @@ describe('cluster', () => { const { stack } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { - version: CLUSTER_VERSION, + ...commonProps, prune: false, }); @@ -238,7 +238,7 @@ describe('cluster', () => { const { stack } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { - version: CLUSTER_VERSION, + ...commonProps, prune: false, kubectlProviderOptions: { kubectlLayer: new KubectlV32Layer(stack, 'kubectlLayer'), @@ -282,7 +282,7 @@ describe('cluster', () => { const { stack } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { - version: CLUSTER_VERSION, + ...commonProps, prune: false, }); @@ -299,7 +299,7 @@ describe('cluster', () => { constructor(scope: Construct, id: string, props: { sg: ec2.ISecurityGroup; vpc: ec2.IVpc }) { super(scope, id); this.eksCluster = new eks.Cluster(this, 'Cluster', { - version: CLUSTER_VERSION, + ...commonProps, prune: false, securityGroup: props.sg, vpc: props.vpc, @@ -333,7 +333,7 @@ describe('cluster', () => { constructor(scope: Construct, id: string, props?: cdk.StackProps) { super(scope, id, props); this.eksCluster = new eks.Cluster(this, 'Cluster', { - version: CLUSTER_VERSION, + ...commonProps, prune: false, kubectlProviderOptions: { kubectlLayer: new KubectlV32Layer(this, 'kubectlLayer'), @@ -491,7 +491,7 @@ describe('cluster', () => { const { stack, vpc } = testFixture(); // WHEN - new eks.Cluster(stack, 'Cluster', { vpc, defaultCapacity: 0, version: CLUSTER_VERSION, prune: false }); + new eks.Cluster(stack, 'Cluster', { vpc, ...commonProps, prune: false }); // THEN Template.fromStack(stack).hasResourceProperties('AWS::EKS::Cluster', { @@ -520,8 +520,8 @@ describe('cluster', () => { Template.fromStack(stack).hasResourceProperties('AWS::EC2::VPC', Match.anyValue()); }); - describe('default capacity', () => { - test('x2 m5.large by default', () => { + describe('no default capacity as auto mode is implicitly enabled', () => { + test('no default capacity by default', () => { // GIVEN const { stack } = testFixtureNoVpc(); @@ -529,17 +529,8 @@ describe('cluster', () => { const cluster = new eks.Cluster(stack, 'cluster', { version: CLUSTER_VERSION, prune: false }); // THEN - expect(cluster.defaultNodegroup).toBeDefined(); - Template.fromStack(stack).hasResourceProperties('AWS::EKS::Nodegroup', { - InstanceTypes: [ - 'm5.large', - ], - ScalingConfig: { - DesiredSize: 2, - MaxSize: 2, - MinSize: 2, - }, - }); + expect(cluster.defaultNodegroup).toBeUndefined(); + Template.fromStack(stack).resourceCountIs('AWS::EKS::Nodegroup', 0); }); test('quantity and type can be customized', () => { @@ -548,6 +539,7 @@ describe('cluster', () => { // WHEN const cluster = new eks.Cluster(stack, 'cluster', { + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, defaultCapacity: 10, defaultCapacityInstance: new ec2.InstanceType('m2.xlarge'), version: CLUSTER_VERSION, @@ -571,7 +563,10 @@ describe('cluster', () => { const { stack } = testFixtureNoVpc(); // WHEN - const cluster = new eks.Cluster(stack, 'cluster', { defaultCapacity: 0, version: CLUSTER_VERSION, prune: false }); + const cluster = new eks.Cluster(stack, 'cluster', { + ...commonProps, + prune: false, + }); // THEN expect(cluster.defaultCapacity).toBeUndefined(); @@ -585,7 +580,11 @@ describe('cluster', () => { const { stack, vpc } = testFixture(); // WHEN - new eks.Cluster(stack, 'Cluster', { vpc, defaultCapacity: 0, version: CLUSTER_VERSION, prune: false }); + new eks.Cluster(stack, 'Cluster', { + vpc, + ...commonProps, + prune: false, + }); // THEN Template.fromStack(stack).hasResourceProperties('AWS::EC2::Subnet', { @@ -603,7 +602,11 @@ describe('cluster', () => { const { stack, vpc } = testFixture(); // WHEN - new eks.Cluster(stack, 'Cluster', { vpc, defaultCapacity: 0, version: CLUSTER_VERSION, prune: false }); + new eks.Cluster(stack, 'Cluster', { + vpc, + ...commonProps, + prune: false, + }); // THEN Template.fromStack(stack).hasResourceProperties('AWS::EC2::Subnet', { @@ -622,8 +625,7 @@ describe('cluster', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, }); @@ -642,8 +644,7 @@ describe('cluster', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, }); @@ -675,6 +676,7 @@ describe('cluster', () => { // WHEN const cluster = new eks.Cluster(stack, 'cluster', { + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, defaultCapacity: 10, defaultCapacityInstance: new ec2.InstanceType('m2.xlarge'), version: CLUSTER_VERSION, @@ -706,8 +708,7 @@ describe('cluster', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, }); @@ -739,8 +740,7 @@ describe('cluster', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, }); @@ -877,8 +877,7 @@ describe('cluster', () => { const stack2 = new cdk.Stack(app, 'stack2', { env: { region: 'us-east-1' } }); const cluster = new eks.Cluster(stack1, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, }); @@ -929,8 +928,7 @@ describe('cluster', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, kubectlProviderOptions: { kubectlLayer: new KubectlV32Layer(stack, 'kubectlLayer'), @@ -1009,7 +1007,10 @@ describe('cluster', () => { test('rendered by default for ASGs', () => { // GIVEN const { app, stack } = testFixtureNoVpc(); - const cluster = new eks.Cluster(stack, 'Cluster', { defaultCapacity: 0, version: CLUSTER_VERSION, prune: false }); + const cluster = new eks.Cluster(stack, 'Cluster', { + ...commonProps, + prune: false, + }); // WHEN cluster.addAutoScalingGroupCapacity('MyCapcity', { instanceType: new ec2.InstanceType('m3.xlargs') }); @@ -1023,7 +1024,10 @@ describe('cluster', () => { test('not rendered if bootstrap is disabled', () => { // GIVEN const { app, stack } = testFixtureNoVpc(); - const cluster = new eks.Cluster(stack, 'Cluster', { defaultCapacity: 0, version: CLUSTER_VERSION, prune: false }); + const cluster = new eks.Cluster(stack, 'Cluster', { + ...commonProps, + prune: false, + }); // WHEN cluster.addAutoScalingGroupCapacity('MyCapcity', { @@ -1041,7 +1045,10 @@ describe('cluster', () => { test('bootstrap options', () => { // GIVEN const { app, stack } = testFixtureNoVpc(); - const cluster = new eks.Cluster(stack, 'Cluster', { defaultCapacity: 0, version: CLUSTER_VERSION, prune: false }); + const cluster = new eks.Cluster(stack, 'Cluster', { + ...commonProps, + prune: false, + }); // WHEN cluster.addAutoScalingGroupCapacity('MyCapcity', { @@ -1062,8 +1069,7 @@ describe('cluster', () => { // GIVEN const { app, stack } = testFixtureNoVpc(); const cluster = new eks.Cluster(stack, 'Cluster', { - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, kubectlProviderOptions: { kubectlLayer: new KubectlV32Layer(stack, 'kubectlLayer'), @@ -1087,7 +1093,10 @@ describe('cluster', () => { test('if bootstrap is disabled cannot specify options', () => { // GIVEN const { stack } = testFixtureNoVpc(); - const cluster = new eks.Cluster(stack, 'Cluster', { defaultCapacity: 0, version: CLUSTER_VERSION, prune: false }); + const cluster = new eks.Cluster(stack, 'Cluster', { + ...commonProps, + prune: false, + }); // THEN expect(() => cluster.addAutoScalingGroupCapacity('MyCapcity', { @@ -1144,6 +1153,7 @@ describe('cluster', () => { // WHEN new eks.Cluster(stack, 'cluster', { + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, defaultCapacity: 1, version: CLUSTER_VERSION, prune: false, @@ -1162,8 +1172,7 @@ describe('cluster', () => { // WHEN new eks.Cluster(stack, 'cluster', { - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, defaultCapacityInstance: new ec2.InstanceType('m6g.medium'), }).addNodegroupCapacity('ng', { @@ -1182,8 +1191,7 @@ describe('cluster', () => { // WHEN new eks.Cluster(stack, 'cluster', { - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, defaultCapacityInstance: new ec2.InstanceType('t4g.medium'), }).addNodegroupCapacity('ng', { @@ -1202,8 +1210,7 @@ describe('cluster', () => { // WHEN new eks.Cluster(stack, 'cluster', { - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, }).addAutoScalingGroupCapacity('ng', { instanceType: new ec2.InstanceType('t4g.medium'), @@ -1224,8 +1231,7 @@ describe('cluster', () => { // WHEN new eks.Cluster(stack, 'cluster', { - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, defaultCapacityInstance: new ec2.InstanceType('c7g.large'), }).addNodegroupCapacity('ng', { @@ -1244,8 +1250,7 @@ describe('cluster', () => { // WHEN new eks.Cluster(stack, 'cluster', { - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, }).addAutoScalingGroupCapacity('ng', { instanceType: new ec2.InstanceType('c7g.large'), @@ -1266,8 +1271,7 @@ describe('cluster', () => { // WHEN new eks.Cluster(stack, 'cluster', { - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, }).addAutoScalingGroupCapacity('GPUCapacity', { instanceType: new ec2.InstanceType('g4dn.xlarge'), @@ -1287,8 +1291,7 @@ describe('cluster', () => { // WHEN new eks.Cluster(stack, 'cluster', { - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, }).addAutoScalingGroupCapacity('ARMCapacity', { instanceType: new ec2.InstanceType('m6g.medium'), @@ -1351,7 +1354,10 @@ describe('cluster', () => { test('if openIDConnectProvider a new OpenIDConnectProvider resource is created and exposed', () => { // GIVEN const { stack } = testFixtureNoVpc(); - const cluster = new eks.Cluster(stack, 'Cluster', { defaultCapacity: 0, version: CLUSTER_VERSION, prune: false }); + const cluster = new eks.Cluster(stack, 'Cluster', { + ...commonProps, + prune: false, + }); // WHEN const provider = cluster.openIdConnectProvider; @@ -1380,8 +1386,7 @@ describe('cluster', () => { // GIVEN const { stack } = testFixtureNoVpc(); const cluster = new eks.Cluster(stack, 'Cluster', { - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, kubectlProviderOptions: { kubectlLayer: new KubectlV32Layer(stack, 'kubectlLayer'), @@ -1405,8 +1410,7 @@ describe('cluster', () => { // GIVEN const { stack } = testFixtureNoVpc(); const cluster = new eks.Cluster(stack, 'Cluster', { - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, kubectlProviderOptions: { kubectlLayer: new KubectlV32Layer(stack, 'kubectlLayer'), @@ -1430,8 +1434,7 @@ describe('cluster', () => { // GIVEN const { stack } = testFixtureNoVpc(); const cluster = new eks.Cluster(stack, 'Cluster', { - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, kubectlProviderOptions: { kubectlLayer: new KubectlV32Layer(stack, 'kubectlLayer'), @@ -1455,8 +1458,7 @@ describe('cluster', () => { // GIVEN const { stack } = testFixtureNoVpc(); const cluster = new eks.Cluster(stack, 'Cluster', { - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, kubectlProviderOptions: { kubectlLayer: new KubectlV32Layer(stack, 'kubectlLayer'), @@ -1481,8 +1483,7 @@ describe('cluster', () => { // GIVEN const { stack } = testFixtureNoVpc(); const cluster = new eks.Cluster(stack, 'Cluster', { - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, kubectlProviderOptions: { kubectlLayer: new KubectlV32Layer(stack, 'kubectlLayer'), @@ -1505,8 +1506,7 @@ describe('cluster', () => { // GIVEN const { stack } = testFixtureNoVpc(); const cluster = new eks.Cluster(stack, 'Cluster', { - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, prune: false, kubectlProviderOptions: { kubectlLayer: new KubectlV32Layer(stack, 'kubectlLayer'), diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip new file mode 100644 index 0000000000000..0a8e7ba83b46f Binary files /dev/null and b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip differ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/asset.2e670e0c40dc05a34d602c35c948edefcb81afaeea05b9f6240341173af6164e.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/asset.2e670e0c40dc05a34d602c35c948edefcb81afaeea05b9f6240341173af6164e.zip deleted file mode 100644 index 3075cb9cf9d6b..0000000000000 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/asset.2e670e0c40dc05a34d602c35c948edefcb81afaeea05b9f6240341173af6164e.zip +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a1ed5f76941f23885a2e2a3991022df194a6c8c4b407b8aeca46728fbbea8f63 -size 34441651 diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/asset.e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/asset.e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip index 33cd69e8824d5..d28ed8e86969d 100644 Binary files a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/asset.e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip and b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/asset.e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip differ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller.assets.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller.assets.json index a0c7ae69db8a9..a6f0628ca3f7b 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller.assets.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller.assets.json @@ -92,7 +92,7 @@ } } }, - "3aeb493ad6c258cb894f188549419889f869fc602cc93cd057cdc09d9cb6f836": { + "433130dc9dc24341429fefad41296dca9cdbf9757002fe0544d75c79b2265434": { "source": { "path": "aws-cdk-eks-cluster-alb-controller.template.json", "packaging": "file" @@ -100,7 +100,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "3aeb493ad6c258cb894f188549419889f869fc602cc93cd057cdc09d9cb6f836.json", + "objectKey": "433130dc9dc24341429fefad41296dca9cdbf9757002fe0544d75c79b2265434.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller.template.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller.template.json index 8024c86d1fa8a..2ef88a585d2bd 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller.template.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/aws-cdk-eks-cluster-alb-controller.template.json @@ -414,7 +414,10 @@ "AssumeRolePolicyDocument": { "Statement": [ { - "Action": "sts:AssumeRole", + "Action": [ + "sts:AssumeRole", + "sts:TagSession" + ], "Effect": "Allow", "Principal": { "Service": "eks.amazonaws.com" @@ -435,6 +438,54 @@ ":iam::aws:policy/AmazonEKSClusterPolicy" ] ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSComputePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSBlockStoragePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSLoadBalancingPolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSNetworkingPolicy" + ] + ] } ] } @@ -455,13 +506,72 @@ } } }, + "ClusterClusternodePoolRole69276141": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSWorkerNodePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + } + ] + } + }, "ClusterEB0386A7": { "Type": "AWS::EKS::Cluster", "Properties": { "AccessConfig": { "AuthenticationMode": "API" }, + "ComputeConfig": { + "Enabled": true, + "NodePools": [ + "system", + "general-purpose" + ], + "NodeRoleArn": { + "Fn::GetAtt": [ + "ClusterClusternodePoolRole69276141", + "Arn" + ] + } + }, "KubernetesNetworkConfig": { + "ElasticLoadBalancing": { + "Enabled": true + }, "IpFamily": "ipv4" }, "ResourcesVpcConfig": { @@ -496,6 +606,11 @@ "Arn" ] }, + "StorageConfig": { + "BlockStorage": { + "Enabled": true + } + }, "Version": "1.32" }, "DependsOn": [ @@ -969,93 +1084,6 @@ "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, - "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ec2.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSWorkerNodePolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKS_CNI_Policy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - ] - ] - } - ] - } - }, - "ClusterNodegroupDefaultCapacityDA0920A3": { - "Type": "AWS::EKS::Nodegroup", - "Properties": { - "AmiType": "AL2_x86_64", - "ClusterName": { - "Ref": "ClusterEB0386A7" - }, - "ForceUpdateEnabled": true, - "InstanceTypes": [ - "m5.large" - ], - "NodeRole": { - "Fn::GetAtt": [ - "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", - "Arn" - ] - }, - "ScalingConfig": { - "DesiredSize": 2, - "MaxSize": 2, - "MinSize": 2 - }, - "Subnets": [ - { - "Ref": "VpcPrivateSubnet1Subnet536B997A" - }, - { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1" - } - ] - } - }, "Clusterechoserver5815619F": { "Type": "Custom::AWSCDK-EKS-KubernetesResource", "Properties": { @@ -1166,10 +1194,6 @@ ] } }, - "DependsOn": [ - "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", - "ClusterNodegroupDefaultCapacityDA0920A3" - ], "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, @@ -1198,11 +1222,7 @@ ], "Version": "2012-10-17" } - }, - "DependsOn": [ - "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", - "ClusterNodegroupDefaultCapacityDA0920A3" - ] + } }, "awscdkeksclusteralbcontrollerCluster0686D58BAlbControlleralbsaRoleDefaultPolicy0BB22F48": { "Type": "AWS::IAM::Policy", @@ -1551,11 +1571,7 @@ "Ref": "awscdkeksclusteralbcontrollerCluster0686D58BAlbControlleralbsaRoleE08C7B02" } ] - }, - "DependsOn": [ - "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", - "ClusterNodegroupDefaultCapacityDA0920A3" - ] + } }, "awscdkeksclusteralbcontrollerCluster0686D58BAlbControlleralbsamanifestalbsaServiceAccountResource49741BE5": { "Type": "Custom::AWSCDK-EKS-KubernetesResource", @@ -1587,9 +1603,7 @@ "PruneLabel": "aws.cdk.eks/prune-c8f6f125d54f53dae5b00b5d2a563146e2074b70a5" }, "DependsOn": [ - "ClusterKubectlReadyBarrier200052AF", - "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", - "ClusterNodegroupDefaultCapacityDA0920A3" + "ClusterKubectlReadyBarrier200052AF" ], "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" @@ -1641,8 +1655,6 @@ "awscdkeksclusteralbcontrollerCluster0686D58BAlbControlleralbsaRoleDefaultPolicy0BB22F48", "awscdkeksclusteralbcontrollerCluster0686D58BAlbControlleralbsaRoleE08C7B02", "ClusterKubectlReadyBarrier200052AF", - "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", - "ClusterNodegroupDefaultCapacityDA0920A3", "ClusterOpenIdConnectProviderE7EB0530" ], "UpdateReplacePolicy": "Delete", diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/manifest.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/manifest.json index f4ce39a316a2a..a6921956abc54 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/3aeb493ad6c258cb894f188549419889f869fc602cc93cd057cdc09d9cb6f836.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/433130dc9dc24341429fefad41296dca9cdbf9757002fe0544d75c79b2265434.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -311,10 +311,6 @@ "type": "aws:cdk:analytics:method", "data": "*" }, - { - "type": "aws:cdk:analytics:method", - "data": "*" - }, { "type": "aws:cdk:analytics:method", "data": "*" @@ -334,6 +330,56 @@ } ] } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } } ], "/aws-cdk-eks-cluster-alb-controller/Cluster/Role/ImportRole": [ @@ -363,6 +409,37 @@ "data": "ClusterControlPlaneSecurityGroupD274242C" } ], + "/aws-cdk-eks-cluster-alb-controller/Cluster/ClusternodePoolRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + }, + "managedPolicies": [ + { + "managedPolicyArn": "*" + }, + { + "managedPolicyArn": "*" + } + ] + } + } + ], + "/aws-cdk-eks-cluster-alb-controller/Cluster/ClusternodePoolRole/ImportClusternodePoolRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-eks-cluster-alb-controller/Cluster/ClusternodePoolRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterClusternodePoolRole69276141" + } + ], "/aws-cdk-eks-cluster-alb-controller/Cluster/Resource": [ { "type": "aws:cdk:logicalId", @@ -792,71 +869,6 @@ "data": "ClusterOpenIdConnectProviderE7EB0530" } ], - "/aws-cdk-eks-cluster-alb-controller/Cluster/NodegroupDefaultCapacity": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - } - ], - "/aws-cdk-eks-cluster-alb-controller/Cluster/NodegroupDefaultCapacity/NodeGroupRole": [ - { - "type": "aws:cdk:analytics:construct", - "data": { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - } - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - } - } - ], - "/aws-cdk-eks-cluster-alb-controller/Cluster/NodegroupDefaultCapacity/NodeGroupRole/ImportNodeGroupRole": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - } - ], - "/aws-cdk-eks-cluster-alb-controller/Cluster/NodegroupDefaultCapacity/NodeGroupRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04" - } - ], - "/aws-cdk-eks-cluster-alb-controller/Cluster/NodegroupDefaultCapacity/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupDefaultCapacityDA0920A3" - } - ], "/aws-cdk-eks-cluster-alb-controller/Cluster/echo-server/Resource": [ { "type": "aws:cdk:analytics:construct", diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/tree.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/tree.json index 494a2054e9d8e..cdf1932ef692b 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.alb-controller.js.snapshot/tree.json @@ -824,7 +824,10 @@ "assumeRolePolicyDocument": { "Statement": [ { - "Action": "sts:AssumeRole", + "Action": [ + "sts:AssumeRole", + "sts:TagSession" + ], "Effect": "Allow", "Principal": { "Service": "eks.amazonaws.com" @@ -845,6 +848,54 @@ ":iam::aws:policy/AmazonEKSClusterPolicy" ] ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSComputePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSBlockStoragePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSLoadBalancingPolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSNetworkingPolicy" + ] + ] } ] } @@ -869,6 +920,41 @@ "managedPolicyArn": "*" } ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] } ] } @@ -913,6 +999,94 @@ ] } }, + "ClusternodePoolRole": { + "id": "ClusternodePoolRole", + "path": "aws-cdk-eks-cluster-alb-controller/Cluster/ClusternodePoolRole", + "children": { + "ImportClusternodePoolRole": { + "id": "ImportClusternodePoolRole", + "path": "aws-cdk-eks-cluster-alb-controller/Cluster/ClusternodePoolRole/ImportClusternodePoolRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0", + "metadata": [ + "*" + ] + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-eks-cluster-alb-controller/Cluster/ClusternodePoolRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSWorkerNodePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0", + "metadata": [ + { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + }, + "managedPolicies": [ + { + "managedPolicyArn": "*" + }, + { + "managedPolicyArn": "*" + } + ] + } + ] + } + }, "Resource": { "id": "Resource", "path": "aws-cdk-eks-cluster-alb-controller/Cluster/Resource", @@ -922,8 +1096,24 @@ "accessConfig": { "authenticationMode": "API" }, + "computeConfig": { + "enabled": true, + "nodePools": [ + "system", + "general-purpose" + ], + "nodeRoleArn": { + "Fn::GetAtt": [ + "ClusterClusternodePoolRole69276141", + "Arn" + ] + } + }, "kubernetesNetworkConfig": { - "ipFamily": "ipv4" + "ipFamily": "ipv4", + "elasticLoadBalancing": { + "enabled": true + } }, "resourcesVpcConfig": { "securityGroupIds": [ @@ -957,6 +1147,11 @@ "Arn" ] }, + "storageConfig": { + "blockStorage": { + "enabled": true + } + }, "version": "1.32" } }, @@ -1916,172 +2111,6 @@ ] } }, - "NodegroupDefaultCapacity": { - "id": "NodegroupDefaultCapacity", - "path": "aws-cdk-eks-cluster-alb-controller/Cluster/NodegroupDefaultCapacity", - "children": { - "NodeGroupRole": { - "id": "NodeGroupRole", - "path": "aws-cdk-eks-cluster-alb-controller/Cluster/NodegroupDefaultCapacity/NodeGroupRole", - "children": { - "ImportNodeGroupRole": { - "id": "ImportNodeGroupRole", - "path": "aws-cdk-eks-cluster-alb-controller/Cluster/NodegroupDefaultCapacity/NodeGroupRole/ImportNodeGroupRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0", - "metadata": [ - "*" - ] - } - }, - "Resource": { - "id": "Resource", - "path": "aws-cdk-eks-cluster-alb-controller/Cluster/NodegroupDefaultCapacity/NodeGroupRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ec2.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "managedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSWorkerNodePolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKS_CNI_Policy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - ] - ] - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0", - "metadata": [ - { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - } - }, - { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - }, - { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - }, - { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - } - ] - } - }, - "Resource": { - "id": "Resource", - "path": "aws-cdk-eks-cluster-alb-controller/Cluster/NodegroupDefaultCapacity/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EKS::Nodegroup", - "aws:cdk:cloudformation:props": { - "amiType": "AL2_x86_64", - "clusterName": { - "Ref": "ClusterEB0386A7" - }, - "forceUpdateEnabled": true, - "instanceTypes": [ - "m5.large" - ], - "nodeRole": { - "Fn::GetAtt": [ - "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", - "Arn" - ] - }, - "scalingConfig": { - "desiredSize": 2, - "maxSize": 2, - "minSize": 2 - }, - "subnets": [ - { - "Ref": "VpcPrivateSubnet1Subnet536B997A" - }, - { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_eks.CfnNodegroup", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-eks-v2-alpha.Nodegroup", - "version": "0.0.0", - "metadata": [ - "*" - ] - } - }, "echo-server": { "id": "echo-server", "path": "aws-cdk-eks-cluster-alb-controller/Cluster/echo-server", @@ -2150,7 +2179,6 @@ "fqn": "@aws-cdk/aws-eks-v2-alpha.Cluster", "version": "0.0.0", "metadata": [ - "*", "*", "*", "*" diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/EksClusterWithAddonStack.assets.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/EksClusterWithAddonStack.assets.json index c7c857594d5bd..cea4062af0ac9 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/EksClusterWithAddonStack.assets.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/EksClusterWithAddonStack.assets.json @@ -66,7 +66,7 @@ } } }, - "453141fec0bbed1244eca79c646d7cf7fdd61cce46c0d6c072a39a9f9957e8f1": { + "cad1e07392fc8fc068e9f1db3e068b37805168b10e69a28bcfe716f3b123dd14": { "source": { "path": "EksClusterWithAddonStack.template.json", "packaging": "file" @@ -74,7 +74,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "453141fec0bbed1244eca79c646d7cf7fdd61cce46c0d6c072a39a9f9957e8f1.json", + "objectKey": "cad1e07392fc8fc068e9f1db3e068b37805168b10e69a28bcfe716f3b123dd14.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/EksClusterWithAddonStack.template.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/EksClusterWithAddonStack.template.json index 0041d31340f1b..22b41baffa11c 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/EksClusterWithAddonStack.template.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/EksClusterWithAddonStack.template.json @@ -538,7 +538,10 @@ "AssumeRolePolicyDocument": { "Statement": [ { - "Action": "sts:AssumeRole", + "Action": [ + "sts:AssumeRole", + "sts:TagSession" + ], "Effect": "Allow", "Principal": { "Service": "eks.amazonaws.com" @@ -559,6 +562,54 @@ ":iam::aws:policy/AmazonEKSClusterPolicy" ] ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSComputePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSBlockStoragePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSLoadBalancingPolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSNetworkingPolicy" + ] + ] } ] } @@ -579,13 +630,72 @@ } } }, + "ClusterClusternodePoolRole69276141": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSWorkerNodePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + } + ] + } + }, "ClusterEB0386A7": { "Type": "AWS::EKS::Cluster", "Properties": { "AccessConfig": { "AuthenticationMode": "API" }, + "ComputeConfig": { + "Enabled": true, + "NodePools": [ + "system", + "general-purpose" + ], + "NodeRoleArn": { + "Fn::GetAtt": [ + "ClusterClusternodePoolRole69276141", + "Arn" + ] + } + }, "KubernetesNetworkConfig": { + "ElasticLoadBalancing": { + "Enabled": true + }, "IpFamily": "ipv4" }, "ResourcesVpcConfig": { @@ -620,6 +730,11 @@ "Arn" ] }, + "StorageConfig": { + "BlockStorage": { + "Enabled": true + } + }, "Version": "1.32" }, "DependsOn": [ @@ -1070,93 +1185,6 @@ } } }, - "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ec2.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSWorkerNodePolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKS_CNI_Policy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - ] - ] - } - ] - } - }, - "ClusterNodegroupDefaultCapacityDA0920A3": { - "Type": "AWS::EKS::Nodegroup", - "Properties": { - "AmiType": "AL2_x86_64", - "ClusterName": { - "Ref": "ClusterEB0386A7" - }, - "ForceUpdateEnabled": true, - "InstanceTypes": [ - "m5.large" - ], - "NodeRole": { - "Fn::GetAtt": [ - "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", - "Arn" - ] - }, - "ScalingConfig": { - "DesiredSize": 2, - "MaxSize": 2, - "MinSize": 2 - }, - "Subnets": [ - { - "Ref": "VpcPrivateSubnet1Subnet536B997A" - }, - { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1" - } - ] - } - }, "AddonF8C56F86": { "Type": "AWS::EKS::Addon", "Properties": { diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip new file mode 100644 index 0000000000000..0a8e7ba83b46f Binary files /dev/null and b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip differ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/asset.2e670e0c40dc05a34d602c35c948edefcb81afaeea05b9f6240341173af6164e.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/asset.2e670e0c40dc05a34d602c35c948edefcb81afaeea05b9f6240341173af6164e.zip deleted file mode 100644 index 3075cb9cf9d6b..0000000000000 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/asset.2e670e0c40dc05a34d602c35c948edefcb81afaeea05b9f6240341173af6164e.zip +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a1ed5f76941f23885a2e2a3991022df194a6c8c4b407b8aeca46728fbbea8f63 -size 34441651 diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/asset.e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/asset.e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip index 33cd69e8824d5..d28ed8e86969d 100644 Binary files a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/asset.e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip and b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/asset.e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip differ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/manifest.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/manifest.json index fc2b85838a7b9..a103b76dc438d 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/453141fec0bbed1244eca79c646d7cf7fdd61cce46c0d6c072a39a9f9957e8f1.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/cad1e07392fc8fc068e9f1db3e068b37805168b10e69a28bcfe716f3b123dd14.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -341,10 +341,6 @@ "type": "aws:cdk:analytics:construct", "data": "*" }, - { - "type": "aws:cdk:analytics:method", - "data": "*" - }, { "type": "aws:cdk:analytics:method", "data": "*" @@ -364,6 +360,56 @@ } ] } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } } ], "/EksClusterWithAddonStack/Cluster/Role/ImportRole": [ @@ -393,6 +439,37 @@ "data": "ClusterControlPlaneSecurityGroupD274242C" } ], + "/EksClusterWithAddonStack/Cluster/ClusternodePoolRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + }, + "managedPolicies": [ + { + "managedPolicyArn": "*" + }, + { + "managedPolicyArn": "*" + } + ] + } + } + ], + "/EksClusterWithAddonStack/Cluster/ClusternodePoolRole/ImportClusternodePoolRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/EksClusterWithAddonStack/Cluster/ClusternodePoolRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterClusternodePoolRole69276141" + } + ], "/EksClusterWithAddonStack/Cluster/Resource": [ { "type": "aws:cdk:logicalId", @@ -796,71 +873,6 @@ "data": "ClusterClusterAdminRoleAccessF2BFF759" } ], - "/EksClusterWithAddonStack/Cluster/NodegroupDefaultCapacity": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - } - ], - "/EksClusterWithAddonStack/Cluster/NodegroupDefaultCapacity/NodeGroupRole": [ - { - "type": "aws:cdk:analytics:construct", - "data": { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - } - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - } - } - ], - "/EksClusterWithAddonStack/Cluster/NodegroupDefaultCapacity/NodeGroupRole/ImportNodeGroupRole": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - } - ], - "/EksClusterWithAddonStack/Cluster/NodegroupDefaultCapacity/NodeGroupRole/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04" - } - ], - "/EksClusterWithAddonStack/Cluster/NodegroupDefaultCapacity/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupDefaultCapacityDA0920A3" - } - ], "/EksClusterWithAddonStack/Addon": [ { "type": "aws:cdk:analytics:construct", diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/tree.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/tree.json index ff829ff3a6159..f2e49ccc63d7c 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-addon.js.snapshot/tree.json @@ -885,7 +885,10 @@ "assumeRolePolicyDocument": { "Statement": [ { - "Action": "sts:AssumeRole", + "Action": [ + "sts:AssumeRole", + "sts:TagSession" + ], "Effect": "Allow", "Principal": { "Service": "eks.amazonaws.com" @@ -906,6 +909,54 @@ ":iam::aws:policy/AmazonEKSClusterPolicy" ] ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSComputePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSBlockStoragePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSLoadBalancingPolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSNetworkingPolicy" + ] + ] } ] } @@ -930,6 +981,41 @@ "managedPolicyArn": "*" } ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] } ] } @@ -974,6 +1060,94 @@ ] } }, + "ClusternodePoolRole": { + "id": "ClusternodePoolRole", + "path": "EksClusterWithAddonStack/Cluster/ClusternodePoolRole", + "children": { + "ImportClusternodePoolRole": { + "id": "ImportClusternodePoolRole", + "path": "EksClusterWithAddonStack/Cluster/ClusternodePoolRole/ImportClusternodePoolRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0", + "metadata": [ + "*" + ] + } + }, + "Resource": { + "id": "Resource", + "path": "EksClusterWithAddonStack/Cluster/ClusternodePoolRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSWorkerNodePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0", + "metadata": [ + { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + }, + "managedPolicies": [ + { + "managedPolicyArn": "*" + }, + { + "managedPolicyArn": "*" + } + ] + } + ] + } + }, "Resource": { "id": "Resource", "path": "EksClusterWithAddonStack/Cluster/Resource", @@ -983,8 +1157,24 @@ "accessConfig": { "authenticationMode": "API" }, + "computeConfig": { + "enabled": true, + "nodePools": [ + "system", + "general-purpose" + ], + "nodeRoleArn": { + "Fn::GetAtt": [ + "ClusterClusternodePoolRole69276141", + "Arn" + ] + } + }, "kubernetesNetworkConfig": { - "ipFamily": "ipv4" + "ipFamily": "ipv4", + "elasticLoadBalancing": { + "enabled": true + } }, "resourcesVpcConfig": { "securityGroupIds": [ @@ -1018,6 +1208,11 @@ "Arn" ] }, + "storageConfig": { + "blockStorage": { + "enabled": true + } + }, "version": "1.32" } }, @@ -1940,179 +2135,12 @@ "*" ] } - }, - "NodegroupDefaultCapacity": { - "id": "NodegroupDefaultCapacity", - "path": "EksClusterWithAddonStack/Cluster/NodegroupDefaultCapacity", - "children": { - "NodeGroupRole": { - "id": "NodeGroupRole", - "path": "EksClusterWithAddonStack/Cluster/NodegroupDefaultCapacity/NodeGroupRole", - "children": { - "ImportNodeGroupRole": { - "id": "ImportNodeGroupRole", - "path": "EksClusterWithAddonStack/Cluster/NodegroupDefaultCapacity/NodeGroupRole/ImportNodeGroupRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0", - "metadata": [ - "*" - ] - } - }, - "Resource": { - "id": "Resource", - "path": "EksClusterWithAddonStack/Cluster/NodegroupDefaultCapacity/NodeGroupRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ec2.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "managedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSWorkerNodePolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKS_CNI_Policy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - ] - ] - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0", - "metadata": [ - { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - } - }, - { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - }, - { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - }, - { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - } - ] - } - }, - "Resource": { - "id": "Resource", - "path": "EksClusterWithAddonStack/Cluster/NodegroupDefaultCapacity/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EKS::Nodegroup", - "aws:cdk:cloudformation:props": { - "amiType": "AL2_x86_64", - "clusterName": { - "Ref": "ClusterEB0386A7" - }, - "forceUpdateEnabled": true, - "instanceTypes": [ - "m5.large" - ], - "nodeRole": { - "Fn::GetAtt": [ - "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", - "Arn" - ] - }, - "scalingConfig": { - "desiredSize": 2, - "maxSize": 2, - "minSize": 2 - }, - "subnets": [ - { - "Ref": "VpcPrivateSubnet1Subnet536B997A" - }, - { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_eks.CfnNodegroup", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "@aws-cdk/aws-eks-v2-alpha.Nodegroup", - "version": "0.0.0", - "metadata": [ - "*" - ] - } } }, "constructInfo": { "fqn": "@aws-cdk/aws-eks-v2-alpha.Cluster", "version": "0.0.0", "metadata": [ - "*", "*", "*" ] diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip new file mode 100644 index 0000000000000..0a8e7ba83b46f Binary files /dev/null and b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip differ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.js.snapshot/aws-cdk-eks-cluster-al2023-nodegroup-test.assets.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.js.snapshot/aws-cdk-eks-cluster-al2023-nodegroup-test.assets.json index 237c46083a505..a2c04eb3a8f9c 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.js.snapshot/aws-cdk-eks-cluster-al2023-nodegroup-test.assets.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.js.snapshot/aws-cdk-eks-cluster-al2023-nodegroup-test.assets.json @@ -53,7 +53,7 @@ } } }, - "55d146642494abe95d03de6df5a92b0ab7531ebecc5aefd95cf9664cbb37f6f1": { + "ea53587d3eb0adcb3ad7e07319d2ec79d203d781932794348e92a9634a6674a7": { "source": { "path": "aws-cdk-eks-cluster-al2023-nodegroup-test.template.json", "packaging": "file" @@ -61,7 +61,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "55d146642494abe95d03de6df5a92b0ab7531ebecc5aefd95cf9664cbb37f6f1.json", + "objectKey": "ea53587d3eb0adcb3ad7e07319d2ec79d203d781932794348e92a9634a6674a7.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.js.snapshot/aws-cdk-eks-cluster-al2023-nodegroup-test.template.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.js.snapshot/aws-cdk-eks-cluster-al2023-nodegroup-test.template.json index 42405e418a3ab..ef9ac0c8f765c 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.js.snapshot/aws-cdk-eks-cluster-al2023-nodegroup-test.template.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.js.snapshot/aws-cdk-eks-cluster-al2023-nodegroup-test.template.json @@ -493,7 +493,13 @@ "AccessConfig": { "AuthenticationMode": "API" }, + "ComputeConfig": { + "Enabled": false + }, "KubernetesNetworkConfig": { + "ElasticLoadBalancing": { + "Enabled": false + }, "IpFamily": "ipv4" }, "ResourcesVpcConfig": { @@ -528,6 +534,11 @@ "Arn" ] }, + "StorageConfig": { + "BlockStorage": { + "Enabled": false + } + }, "Version": "1.32" }, "DependsOn": [ @@ -1357,6 +1368,56 @@ ] } }, + "Outputs": { + "ClusterConfigCommand43AAE40F": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks update-kubeconfig --name ", + { + "Ref": "ClusterEB0386A7" + }, + " --region ", + { + "Ref": "AWS::Region" + }, + " --role-arn ", + { + "Fn::GetAtt": [ + "AdminRole38563C57", + "Arn" + ] + } + ] + ] + } + }, + "ClusterGetTokenCommand06AE992E": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks get-token --cluster-name ", + { + "Ref": "ClusterEB0386A7" + }, + " --region ", + { + "Ref": "AWS::Region" + }, + " --role-arn ", + { + "Fn::GetAtt": [ + "AdminRole38563C57", + "Arn" + ] + } + ] + ] + } + } + }, "Mappings": { "LatestNodeRuntimeMap": { "af-south-1": { diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.js.snapshot/manifest.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.js.snapshot/manifest.json index c4308b9729cb8..2dae0807f37ff 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/55d146642494abe95d03de6df5a92b0ab7531ebecc5aefd95cf9664cbb37f6f1.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ea53587d3eb0adcb3ad7e07319d2ec79d203d781932794348e92a9634a6674a7.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -400,7 +400,10 @@ "/aws-cdk-eks-cluster-al2023-nodegroup-test/Cluster/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterEB0386A7" + "data": "ClusterEB0386A7", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster-al2023-nodegroup-test/Cluster/KubectlReadyBarrier": [ @@ -797,7 +800,10 @@ "/aws-cdk-eks-cluster-al2023-nodegroup-test/Cluster/ClusterAdminRoleAccess/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterClusterAdminRoleAccessF2BFF759" + "data": "ClusterClusterAdminRoleAccessF2BFF759", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster-al2023-nodegroup-test/Cluster/mastersRoleAccess": [ @@ -809,7 +815,22 @@ "/aws-cdk-eks-cluster-al2023-nodegroup-test/Cluster/mastersRoleAccess/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClustermastersRoleAccess698EBA51" + "data": "ClustermastersRoleAccess698EBA51", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] + } + ], + "/aws-cdk-eks-cluster-al2023-nodegroup-test/Cluster/ConfigCommand": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterConfigCommand43AAE40F" + } + ], + "/aws-cdk-eks-cluster-al2023-nodegroup-test/Cluster/GetTokenCommand": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterGetTokenCommand06AE992E" } ], "/aws-cdk-eks-cluster-al2023-nodegroup-test/Cluster/NodegroupMNG_AL2023_X86_64_STANDARD": [ @@ -874,7 +895,10 @@ "/aws-cdk-eks-cluster-al2023-nodegroup-test/Cluster/NodegroupMNG_AL2023_X86_64_STANDARD/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupMNGAL2023X8664STANDARD8BD0F7AB" + "data": "ClusterNodegroupMNGAL2023X8664STANDARD8BD0F7AB", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster-al2023-nodegroup-test/Cluster/NodegroupMNG_AL2023_ARM_64_STANDARD": [ @@ -939,7 +963,10 @@ "/aws-cdk-eks-cluster-al2023-nodegroup-test/Cluster/NodegroupMNG_AL2023_ARM_64_STANDARD/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupMNGAL2023ARM64STANDARD8E30167E" + "data": "ClusterNodegroupMNGAL2023ARM64STANDARD8E30167E", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster-al2023-nodegroup-test/Cluster/NodegroupMNG_AL2023_X86_64_NEURON": [ @@ -1004,7 +1031,10 @@ "/aws-cdk-eks-cluster-al2023-nodegroup-test/Cluster/NodegroupMNG_AL2023_X86_64_NEURON/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupMNGAL2023X8664NEURON44201AF9" + "data": "ClusterNodegroupMNGAL2023X8664NEURON44201AF9", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster-al2023-nodegroup-test/Cluster/NodegroupMNG_AL2023_X86_64_NVIDIA": [ @@ -1069,7 +1099,10 @@ "/aws-cdk-eks-cluster-al2023-nodegroup-test/Cluster/NodegroupMNG_AL2023_X86_64_NVIDIA/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupMNGAL2023X8664NVIDIAE1B719F2" + "data": "ClusterNodegroupMNGAL2023X8664NVIDIAE1B719F2", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster-al2023-nodegroup-test/LatestNodeRuntimeMap": [ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.js.snapshot/tree.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.js.snapshot/tree.json index 79379c5130ddf..2d3a8c2478570 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.js.snapshot/tree.json @@ -990,8 +990,14 @@ "accessConfig": { "authenticationMode": "API" }, + "computeConfig": { + "enabled": false + }, "kubernetesNetworkConfig": { - "ipFamily": "ipv4" + "ipFamily": "ipv4", + "elasticLoadBalancing": { + "enabled": false + } }, "resourcesVpcConfig": { "securityGroupIds": [ @@ -1025,6 +1031,11 @@ "Arn" ] }, + "storageConfig": { + "blockStorage": { + "enabled": false + } + }, "version": "1.32" } }, @@ -2002,6 +2013,22 @@ ] } }, + "ConfigCommand": { + "id": "ConfigCommand", + "path": "aws-cdk-eks-cluster-al2023-nodegroup-test/Cluster/ConfigCommand", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, + "GetTokenCommand": { + "id": "GetTokenCommand", + "path": "aws-cdk-eks-cluster-al2023-nodegroup-test/Cluster/GetTokenCommand", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, "NodegroupMNG_AL2023_X86_64_STANDARD": { "id": "NodegroupMNG_AL2023_X86_64_STANDARD", "path": "aws-cdk-eks-cluster-al2023-nodegroup-test/Cluster/NodegroupMNG_AL2023_X86_64_STANDARD", diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.ts b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.ts index 2063233ee287e..c3424acd601ec 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.ts +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-al2023-nodegroup.ts @@ -26,6 +26,7 @@ class EksClusterStack extends Stack { this.cluster = new eks.Cluster(this, 'Cluster', { vpc: this.vpc, mastersRole, + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, defaultCapacity: 0, version: eks.KubernetesVersion.V1_32, kubectlProviderOptions: { diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip new file mode 100644 index 0000000000000..0a8e7ba83b46f Binary files /dev/null and b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip differ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.39472b1c2875cf306d4ba429aeccdd34cb49bcf59dbde81f7e6b6cb9deac23a6/cfn-response.js b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.39472b1c2875cf306d4ba429aeccdd34cb49bcf59dbde81f7e6b6cb9deac23a6/cfn-response.js new file mode 100644 index 0000000000000..5a86242674505 --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.39472b1c2875cf306d4ba429aeccdd34cb49bcf59dbde81f7e6b6cb9deac23a6/cfn-response.js @@ -0,0 +1,106 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.Retry = exports.includeStackTraces = exports.MISSING_PHYSICAL_ID_MARKER = exports.CREATE_FAILED_PHYSICAL_ID_MARKER = void 0; +exports.submitResponse = submitResponse; +exports.safeHandler = safeHandler; +exports.redactDataFromPayload = redactDataFromPayload; +/* eslint-disable max-len */ +/* eslint-disable no-console */ +const url = require("url"); +const outbound_1 = require("./outbound"); +const util_1 = require("./util"); +exports.CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; +exports.MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; +async function submitResponse(status, event, options = {}) { + const json = { + Status: status, + Reason: options.reason || status, + StackId: event.StackId, + RequestId: event.RequestId, + PhysicalResourceId: event.PhysicalResourceId || exports.MISSING_PHYSICAL_ID_MARKER, + LogicalResourceId: event.LogicalResourceId, + NoEcho: options.noEcho, + Data: event.Data, + }; + const responseBody = JSON.stringify(json); + const parsedUrl = url.parse(event.ResponseURL); + const loggingSafeUrl = `${parsedUrl.protocol}//${parsedUrl.hostname}/${parsedUrl.pathname}?***`; + if (options?.noEcho) { + (0, util_1.log)('submit redacted response to cloudformation', loggingSafeUrl, redactDataFromPayload(json)); + } + else { + (0, util_1.log)('submit response to cloudformation', loggingSafeUrl, json); + } + const retryOptions = { + attempts: 5, + sleep: 1000, + }; + await (0, util_1.withRetries)(retryOptions, outbound_1.httpRequest)({ + hostname: parsedUrl.hostname, + path: parsedUrl.path, + method: 'PUT', + headers: { + 'content-type': '', + 'content-length': Buffer.byteLength(responseBody, 'utf8'), + }, + }, responseBody); +} +exports.includeStackTraces = true; // for unit tests +function safeHandler(block) { + return async (event) => { + // ignore DELETE event when the physical resource ID is the marker that + // indicates that this DELETE is a subsequent DELETE to a failed CREATE + // operation. + if (event.RequestType === 'Delete' && event.PhysicalResourceId === exports.CREATE_FAILED_PHYSICAL_ID_MARKER) { + (0, util_1.log)('ignoring DELETE event caused by a failed CREATE event'); + await submitResponse('SUCCESS', event); + return; + } + try { + await block(event); + } + catch (e) { + // tell waiter state machine to retry + if (e instanceof Retry) { + (0, util_1.log)('retry requested by handler'); + throw e; + } + if (!event.PhysicalResourceId) { + // special case: if CREATE fails, which usually implies, we usually don't + // have a physical resource id. in this case, the subsequent DELETE + // operation does not have any meaning, and will likely fail as well. to + // address this, we use a marker so the provider framework can simply + // ignore the subsequent DELETE. + if (event.RequestType === 'Create') { + (0, util_1.log)('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); + event.PhysicalResourceId = exports.CREATE_FAILED_PHYSICAL_ID_MARKER; + } + else { + // otherwise, if PhysicalResourceId is not specified, something is + // terribly wrong because all other events should have an ID. + (0, util_1.log)(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify({ ...event, ResponseURL: '...' })}`); + } + } + // this is an actual error, fail the activity altogether and exist. + await submitResponse('FAILED', event, { + reason: exports.includeStackTraces ? e.stack : e.message, + }); + } + }; +} +function redactDataFromPayload(payload) { + // Create a deep copy of the payload object + const redactedPayload = JSON.parse(JSON.stringify(payload)); + // Redact the data in the copied payload object + if (redactedPayload.Data) { + const keys = Object.keys(redactedPayload.Data); + for (const key of keys) { + redactedPayload.Data[key] = '*****'; + } + } + return redactedPayload; +} +class Retry extends Error { +} +exports.Retry = Retry; +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2ZuLXJlc3BvbnNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiY2ZuLXJlc3BvbnNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQXdCQSx3Q0FtQ0M7QUFJRCxrQ0EwQ0M7QUFFRCxzREFZQztBQXZIRCw0QkFBNEI7QUFDNUIsK0JBQStCO0FBQy9CLDJCQUEyQjtBQUMzQix5Q0FBeUM7QUFDekMsaUNBQTBDO0FBRzdCLFFBQUEsZ0NBQWdDLEdBQUcsd0RBQXdELENBQUM7QUFDNUYsUUFBQSwwQkFBMEIsR0FBRyw4REFBOEQsQ0FBQztBQWdCbEcsS0FBSyxVQUFVLGNBQWMsQ0FBQyxNQUE0QixFQUFFLEtBQWlDLEVBQUUsVUFBeUMsRUFBRztJQUNoSixNQUFNLElBQUksR0FBbUQ7UUFDM0QsTUFBTSxFQUFFLE1BQU07UUFDZCxNQUFNLEVBQUUsT0FBTyxDQUFDLE1BQU0sSUFBSSxNQUFNO1FBQ2hDLE9BQU8sRUFBRSxLQUFLLENBQUMsT0FBTztRQUN0QixTQUFTLEVBQUUsS0FBSyxDQUFDLFNBQVM7UUFDMUIsa0JBQWtCLEVBQUUsS0FBSyxDQUFDLGtCQUFrQixJQUFJLGtDQUEwQjtRQUMxRSxpQkFBaUIsRUFBRSxLQUFLLENBQUMsaUJBQWlCO1FBQzFDLE1BQU0sRUFBRSxPQUFPLENBQUMsTUFBTTtRQUN0QixJQUFJLEVBQUUsS0FBSyxDQUFDLElBQUk7S0FDakIsQ0FBQztJQUVGLE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUM7SUFFMUMsTUFBTSxTQUFTLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDL0MsTUFBTSxjQUFjLEdBQUcsR0FBRyxTQUFTLENBQUMsUUFBUSxLQUFLLFNBQVMsQ0FBQyxRQUFRLElBQUksU0FBUyxDQUFDLFFBQVEsTUFBTSxDQUFDO0lBQ2hHLElBQUksT0FBTyxFQUFFLE1BQU0sRUFBRSxDQUFDO1FBQ3BCLElBQUEsVUFBRyxFQUFDLDRDQUE0QyxFQUFFLGNBQWMsRUFBRSxxQkFBcUIsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO0lBQ2pHLENBQUM7U0FBTSxDQUFDO1FBQ04sSUFBQSxVQUFHLEVBQUMsbUNBQW1DLEVBQUUsY0FBYyxFQUFFLElBQUksQ0FBQyxDQUFDO0lBQ2pFLENBQUM7SUFFRCxNQUFNLFlBQVksR0FBRztRQUNuQixRQUFRLEVBQUUsQ0FBQztRQUNYLEtBQUssRUFBRSxJQUFJO0tBQ1osQ0FBQztJQUNGLE1BQU0sSUFBQSxrQkFBVyxFQUFDLFlBQVksRUFBRSxzQkFBVyxDQUFDLENBQUM7UUFDM0MsUUFBUSxFQUFFLFNBQVMsQ0FBQyxRQUFRO1FBQzVCLElBQUksRUFBRSxTQUFTLENBQUMsSUFBSTtRQUNwQixNQUFNLEVBQUUsS0FBSztRQUNiLE9BQU8sRUFBRTtZQUNQLGNBQWMsRUFBRSxFQUFFO1lBQ2xCLGdCQUFnQixFQUFFLE1BQU0sQ0FBQyxVQUFVLENBQUMsWUFBWSxFQUFFLE1BQU0sQ0FBQztTQUMxRDtLQUNGLEVBQUUsWUFBWSxDQUFDLENBQUM7QUFDbkIsQ0FBQztBQUVVLFFBQUEsa0JBQWtCLEdBQUcsSUFBSSxDQUFDLENBQUMsaUJBQWlCO0FBRXZELFNBQWdCLFdBQVcsQ0FBQyxLQUFvQztJQUM5RCxPQUFPLEtBQUssRUFBRSxLQUFVLEVBQUUsRUFBRTtRQUMxQix1RUFBdUU7UUFDdkUsdUVBQXVFO1FBQ3ZFLGFBQWE7UUFDYixJQUFJLEtBQUssQ0FBQyxXQUFXLEtBQUssUUFBUSxJQUFJLEtBQUssQ0FBQyxrQkFBa0IsS0FBSyx3Q0FBZ0MsRUFBRSxDQUFDO1lBQ3BHLElBQUEsVUFBRyxFQUFDLHVEQUF1RCxDQUFDLENBQUM7WUFDN0QsTUFBTSxjQUFjLENBQUMsU0FBUyxFQUFFLEtBQUssQ0FBQyxDQUFDO1lBQ3ZDLE9BQU87UUFDVCxDQUFDO1FBRUQsSUFBSSxDQUFDO1lBQ0gsTUFBTSxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDckIsQ0FBQztRQUFDLE9BQU8sQ0FBTSxFQUFFLENBQUM7WUFDaEIscUNBQXFDO1lBQ3JDLElBQUksQ0FBQyxZQUFZLEtBQUssRUFBRSxDQUFDO2dCQUN2QixJQUFBLFVBQUcsRUFBQyw0QkFBNEIsQ0FBQyxDQUFDO2dCQUNsQyxNQUFNLENBQUMsQ0FBQztZQUNWLENBQUM7WUFFRCxJQUFJLENBQUMsS0FBSyxDQUFDLGtCQUFrQixFQUFFLENBQUM7Z0JBQzlCLHlFQUF5RTtnQkFDekUsbUVBQW1FO2dCQUNuRSx3RUFBd0U7Z0JBQ3hFLHFFQUFxRTtnQkFDckUsZ0NBQWdDO2dCQUNoQyxJQUFJLEtBQUssQ0FBQyxXQUFXLEtBQUssUUFBUSxFQUFFLENBQUM7b0JBQ25DLElBQUEsVUFBRyxFQUFDLDRHQUE0RyxDQUFDLENBQUM7b0JBQ2xILEtBQUssQ0FBQyxrQkFBa0IsR0FBRyx3Q0FBZ0MsQ0FBQztnQkFDOUQsQ0FBQztxQkFBTSxDQUFDO29CQUNOLGtFQUFrRTtvQkFDbEUsNkRBQTZEO29CQUM3RCxJQUFBLFVBQUcsRUFBQyw2REFBNkQsSUFBSSxDQUFDLFNBQVMsQ0FBQyxFQUFFLEdBQUcsS0FBSyxFQUFFLFdBQVcsRUFBRSxLQUFLLEVBQUUsQ0FBQyxFQUFFLENBQUMsQ0FBQztnQkFDdkgsQ0FBQztZQUNILENBQUM7WUFFRCxtRUFBbUU7WUFDbkUsTUFBTSxjQUFjLENBQUMsUUFBUSxFQUFFLEtBQUssRUFBRTtnQkFDcEMsTUFBTSxFQUFFLDBCQUFrQixDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsT0FBTzthQUNqRCxDQUFDLENBQUM7UUFDTCxDQUFDO0lBQ0gsQ0FBQyxDQUFDO0FBQ0osQ0FBQztBQUVELFNBQWdCLHFCQUFxQixDQUFDLE9BQXdCO0lBQzVELDJDQUEyQztJQUMzQyxNQUFNLGVBQWUsR0FBb0IsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7SUFFN0UsK0NBQStDO0lBQy9DLElBQUksZUFBZSxDQUFDLElBQUksRUFBRSxDQUFDO1FBQ3pCLE1BQU0sSUFBSSxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQy9DLEtBQUssTUFBTSxHQUFHLElBQUksSUFBSSxFQUFFLENBQUM7WUFDdkIsZUFBZSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsR0FBRyxPQUFPLENBQUM7UUFDdEMsQ0FBQztJQUNILENBQUM7SUFDRCxPQUFPLGVBQWUsQ0FBQztBQUN6QixDQUFDO0FBRUQsTUFBYSxLQUFNLFNBQVEsS0FBSztDQUFJO0FBQXBDLHNCQUFvQyIsInNvdXJjZXNDb250ZW50IjpbIi8qIGVzbGludC1kaXNhYmxlIG1heC1sZW4gKi9cbi8qIGVzbGludC1kaXNhYmxlIG5vLWNvbnNvbGUgKi9cbmltcG9ydCAqIGFzIHVybCBmcm9tICd1cmwnO1xuaW1wb3J0IHsgaHR0cFJlcXVlc3QgfSBmcm9tICcuL291dGJvdW5kJztcbmltcG9ydCB7IGxvZywgd2l0aFJldHJpZXMgfSBmcm9tICcuL3V0aWwnO1xuaW1wb3J0IHsgT25FdmVudFJlc3BvbnNlIH0gZnJvbSAnLi4vdHlwZXMnO1xuXG5leHBvcnQgY29uc3QgQ1JFQVRFX0ZBSUxFRF9QSFlTSUNBTF9JRF9NQVJLRVIgPSAnQVdTQ0RLOjpDdXN0b21SZXNvdXJjZVByb3ZpZGVyRnJhbWV3b3JrOjpDUkVBVEVfRkFJTEVEJztcbmV4cG9ydCBjb25zdCBNSVNTSU5HX1BIWVNJQ0FMX0lEX01BUktFUiA9ICdBV1NDREs6OkN1c3RvbVJlc291cmNlUHJvdmlkZXJGcmFtZXdvcms6Ok1JU1NJTkdfUEhZU0lDQUxfSUQnO1xuXG5leHBvcnQgaW50ZXJmYWNlIENsb3VkRm9ybWF0aW9uUmVzcG9uc2VPcHRpb25zIHtcbiAgcmVhZG9ubHkgcmVhc29uPzogc3RyaW5nO1xuICByZWFkb25seSBub0VjaG8/OiBib29sZWFuO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIENsb3VkRm9ybWF0aW9uRXZlbnRDb250ZXh0IHtcbiAgU3RhY2tJZDogc3RyaW5nO1xuICBSZXF1ZXN0SWQ6IHN0cmluZztcbiAgUGh5c2ljYWxSZXNvdXJjZUlkPzogc3RyaW5nO1xuICBMb2dpY2FsUmVzb3VyY2VJZDogc3RyaW5nO1xuICBSZXNwb25zZVVSTDogc3RyaW5nO1xuICBEYXRhPzogYW55O1xufVxuXG5leHBvcnQgYXN5bmMgZnVuY3Rpb24gc3VibWl0UmVzcG9uc2Uoc3RhdHVzOiAnU1VDQ0VTUycgfCAnRkFJTEVEJywgZXZlbnQ6IENsb3VkRm9ybWF0aW9uRXZlbnRDb250ZXh0LCBvcHRpb25zOiBDbG91ZEZvcm1hdGlvblJlc3BvbnNlT3B0aW9ucyA9IHsgfSkge1xuICBjb25zdCBqc29uOiBBV1NMYW1iZGEuQ2xvdWRGb3JtYXRpb25DdXN0b21SZXNvdXJjZVJlc3BvbnNlID0ge1xuICAgIFN0YXR1czogc3RhdHVzLFxuICAgIFJlYXNvbjogb3B0aW9ucy5yZWFzb24gfHwgc3RhdHVzLFxuICAgIFN0YWNrSWQ6IGV2ZW50LlN0YWNrSWQsXG4gICAgUmVxdWVzdElkOiBldmVudC5SZXF1ZXN0SWQsXG4gICAgUGh5c2ljYWxSZXNvdXJjZUlkOiBldmVudC5QaHlzaWNhbFJlc291cmNlSWQgfHwgTUlTU0lOR19QSFlTSUNBTF9JRF9NQVJLRVIsXG4gICAgTG9naWNhbFJlc291cmNlSWQ6IGV2ZW50LkxvZ2ljYWxSZXNvdXJjZUlkLFxuICAgIE5vRWNobzogb3B0aW9ucy5ub0VjaG8sXG4gICAgRGF0YTogZXZlbnQuRGF0YSxcbiAgfTtcblxuICBjb25zdCByZXNwb25zZUJvZHkgPSBKU09OLnN0cmluZ2lmeShqc29uKTtcblxuICBjb25zdCBwYXJzZWRVcmwgPSB1cmwucGFyc2UoZXZlbnQuUmVzcG9uc2VVUkwpO1xuICBjb25zdCBsb2dnaW5nU2FmZVVybCA9IGAke3BhcnNlZFVybC5wcm90b2NvbH0vLyR7cGFyc2VkVXJsLmhvc3RuYW1lfS8ke3BhcnNlZFVybC5wYXRobmFtZX0/KioqYDtcbiAgaWYgKG9wdGlvbnM/Lm5vRWNobykge1xuICAgIGxvZygnc3VibWl0IHJlZGFjdGVkIHJlc3BvbnNlIHRvIGNsb3VkZm9ybWF0aW9uJywgbG9nZ2luZ1NhZmVVcmwsIHJlZGFjdERhdGFGcm9tUGF5bG9hZChqc29uKSk7XG4gIH0gZWxzZSB7XG4gICAgbG9nKCdzdWJtaXQgcmVzcG9uc2UgdG8gY2xvdWRmb3JtYXRpb24nLCBsb2dnaW5nU2FmZVVybCwganNvbik7XG4gIH1cblxuICBjb25zdCByZXRyeU9wdGlvbnMgPSB7XG4gICAgYXR0ZW1wdHM6IDUsXG4gICAgc2xlZXA6IDEwMDAsXG4gIH07XG4gIGF3YWl0IHdpdGhSZXRyaWVzKHJldHJ5T3B0aW9ucywgaHR0cFJlcXVlc3QpKHtcbiAgICBob3N0bmFtZTogcGFyc2VkVXJsLmhvc3RuYW1lLFxuICAgIHBhdGg6IHBhcnNlZFVybC5wYXRoLFxuICAgIG1ldGhvZDogJ1BVVCcsXG4gICAgaGVhZGVyczoge1xuICAgICAgJ2NvbnRlbnQtdHlwZSc6ICcnLFxuICAgICAgJ2NvbnRlbnQtbGVuZ3RoJzogQnVmZmVyLmJ5dGVMZW5ndGgocmVzcG9uc2VCb2R5LCAndXRmOCcpLFxuICAgIH0sXG4gIH0sIHJlc3BvbnNlQm9keSk7XG59XG5cbmV4cG9ydCBsZXQgaW5jbHVkZVN0YWNrVHJhY2VzID0gdHJ1ZTsgLy8gZm9yIHVuaXQgdGVzdHNcblxuZXhwb3J0IGZ1bmN0aW9uIHNhZmVIYW5kbGVyKGJsb2NrOiAoZXZlbnQ6IGFueSkgPT4gUHJvbWlzZTx2b2lkPikge1xuICByZXR1cm4gYXN5bmMgKGV2ZW50OiBhbnkpID0+IHtcbiAgICAvLyBpZ25vcmUgREVMRVRFIGV2ZW50IHdoZW4gdGhlIHBoeXNpY2FsIHJlc291cmNlIElEIGlzIHRoZSBtYXJrZXIgdGhhdFxuICAgIC8vIGluZGljYXRlcyB0aGF0IHRoaXMgREVMRVRFIGlzIGEgc3Vic2VxdWVudCBERUxFVEUgdG8gYSBmYWlsZWQgQ1JFQVRFXG4gICAgLy8gb3BlcmF0aW9uLlxuICAgIGlmIChldmVudC5SZXF1ZXN0VHlwZSA9PT0gJ0RlbGV0ZScgJiYgZXZlbnQuUGh5c2ljYWxSZXNvdXJjZUlkID09PSBDUkVBVEVfRkFJTEVEX1BIWVNJQ0FMX0lEX01BUktFUikge1xuICAgICAgbG9nKCdpZ25vcmluZyBERUxFVEUgZXZlbnQgY2F1c2VkIGJ5IGEgZmFpbGVkIENSRUFURSBldmVudCcpO1xuICAgICAgYXdhaXQgc3VibWl0UmVzcG9uc2UoJ1NVQ0NFU1MnLCBldmVudCk7XG4gICAgICByZXR1cm47XG4gICAgfVxuXG4gICAgdHJ5IHtcbiAgICAgIGF3YWl0IGJsb2NrKGV2ZW50KTtcbiAgICB9IGNhdGNoIChlOiBhbnkpIHtcbiAgICAgIC8vIHRlbGwgd2FpdGVyIHN0YXRlIG1hY2hpbmUgdG8gcmV0cnlcbiAgICAgIGlmIChlIGluc3RhbmNlb2YgUmV0cnkpIHtcbiAgICAgICAgbG9nKCdyZXRyeSByZXF1ZXN0ZWQgYnkgaGFuZGxlcicpO1xuICAgICAgICB0aHJvdyBlO1xuICAgICAgfVxuXG4gICAgICBpZiAoIWV2ZW50LlBoeXNpY2FsUmVzb3VyY2VJZCkge1xuICAgICAgICAvLyBzcGVjaWFsIGNhc2U6IGlmIENSRUFURSBmYWlscywgd2hpY2ggdXN1YWxseSBpbXBsaWVzLCB3ZSB1c3VhbGx5IGRvbid0XG4gICAgICAgIC8vIGhhdmUgYSBwaHlzaWNhbCByZXNvdXJjZSBpZC4gaW4gdGhpcyBjYXNlLCB0aGUgc3Vic2VxdWVudCBERUxFVEVcbiAgICAgICAgLy8gb3BlcmF0aW9uIGRvZXMgbm90IGhhdmUgYW55IG1lYW5pbmcsIGFuZCB3aWxsIGxpa2VseSBmYWlsIGFzIHdlbGwuIHRvXG4gICAgICAgIC8vIGFkZHJlc3MgdGhpcywgd2UgdXNlIGEgbWFya2VyIHNvIHRoZSBwcm92aWRlciBmcmFtZXdvcmsgY2FuIHNpbXBseVxuICAgICAgICAvLyBpZ25vcmUgdGhlIHN1YnNlcXVlbnQgREVMRVRFLlxuICAgICAgICBpZiAoZXZlbnQuUmVxdWVzdFR5cGUgPT09ICdDcmVhdGUnKSB7XG4gICAgICAgICAgbG9nKCdDUkVBVEUgZmFpbGVkLCByZXNwb25kaW5nIHdpdGggYSBtYXJrZXIgcGh5c2ljYWwgcmVzb3VyY2UgaWQgc28gdGhhdCB0aGUgc3Vic2VxdWVudCBERUxFVEUgd2lsbCBiZSBpZ25vcmVkJyk7XG4gICAgICAgICAgZXZlbnQuUGh5c2ljYWxSZXNvdXJjZUlkID0gQ1JFQVRFX0ZBSUxFRF9QSFlTSUNBTF9JRF9NQVJLRVI7XG4gICAgICAgIH0gZWxzZSB7XG4gICAgICAgICAgLy8gb3RoZXJ3aXNlLCBpZiBQaHlzaWNhbFJlc291cmNlSWQgaXMgbm90IHNwZWNpZmllZCwgc29tZXRoaW5nIGlzXG4gICAgICAgICAgLy8gdGVycmlibHkgd3JvbmcgYmVjYXVzZSBhbGwgb3RoZXIgZXZlbnRzIHNob3VsZCBoYXZlIGFuIElELlxuICAgICAgICAgIGxvZyhgRVJST1I6IE1hbGZvcm1lZCBldmVudC4gXCJQaHlzaWNhbFJlc291cmNlSWRcIiBpcyByZXF1aXJlZDogJHtKU09OLnN0cmluZ2lmeSh7IC4uLmV2ZW50LCBSZXNwb25zZVVSTDogJy4uLicgfSl9YCk7XG4gICAgICAgIH1cbiAgICAgIH1cblxuICAgICAgLy8gdGhpcyBpcyBhbiBhY3R1YWwgZXJyb3IsIGZhaWwgdGhlIGFjdGl2aXR5IGFsdG9nZXRoZXIgYW5kIGV4aXN0LlxuICAgICAgYXdhaXQgc3VibWl0UmVzcG9uc2UoJ0ZBSUxFRCcsIGV2ZW50LCB7XG4gICAgICAgIHJlYXNvbjogaW5jbHVkZVN0YWNrVHJhY2VzID8gZS5zdGFjayA6IGUubWVzc2FnZSxcbiAgICAgIH0pO1xuICAgIH1cbiAgfTtcbn1cblxuZXhwb3J0IGZ1bmN0aW9uIHJlZGFjdERhdGFGcm9tUGF5bG9hZChwYXlsb2FkOiBPbkV2ZW50UmVzcG9uc2UpIHtcbiAgLy8gQ3JlYXRlIGEgZGVlcCBjb3B5IG9mIHRoZSBwYXlsb2FkIG9iamVjdFxuICBjb25zdCByZWRhY3RlZFBheWxvYWQ6IE9uRXZlbnRSZXNwb25zZSA9IEpTT04ucGFyc2UoSlNPTi5zdHJpbmdpZnkocGF5bG9hZCkpO1xuXG4gIC8vIFJlZGFjdCB0aGUgZGF0YSBpbiB0aGUgY29waWVkIHBheWxvYWQgb2JqZWN0XG4gIGlmIChyZWRhY3RlZFBheWxvYWQuRGF0YSkge1xuICAgIGNvbnN0IGtleXMgPSBPYmplY3Qua2V5cyhyZWRhY3RlZFBheWxvYWQuRGF0YSk7XG4gICAgZm9yIChjb25zdCBrZXkgb2Yga2V5cykge1xuICAgICAgcmVkYWN0ZWRQYXlsb2FkLkRhdGFba2V5XSA9ICcqKioqKic7XG4gICAgfVxuICB9XG4gIHJldHVybiByZWRhY3RlZFBheWxvYWQ7XG59XG5cbmV4cG9ydCBjbGFzcyBSZXRyeSBleHRlbmRzIEVycm9yIHsgfVxuIl19 \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.39472b1c2875cf306d4ba429aeccdd34cb49bcf59dbde81f7e6b6cb9deac23a6/consts.js b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.39472b1c2875cf306d4ba429aeccdd34cb49bcf59dbde81f7e6b6cb9deac23a6/consts.js new file mode 100644 index 0000000000000..31faa077ae313 --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.39472b1c2875cf306d4ba429aeccdd34cb49bcf59dbde81f7e6b6cb9deac23a6/consts.js @@ -0,0 +1,10 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.FRAMEWORK_ON_TIMEOUT_HANDLER_NAME = exports.FRAMEWORK_IS_COMPLETE_HANDLER_NAME = exports.FRAMEWORK_ON_EVENT_HANDLER_NAME = exports.WAITER_STATE_MACHINE_ARN_ENV = exports.USER_IS_COMPLETE_FUNCTION_ARN_ENV = exports.USER_ON_EVENT_FUNCTION_ARN_ENV = void 0; +exports.USER_ON_EVENT_FUNCTION_ARN_ENV = 'USER_ON_EVENT_FUNCTION_ARN'; +exports.USER_IS_COMPLETE_FUNCTION_ARN_ENV = 'USER_IS_COMPLETE_FUNCTION_ARN'; +exports.WAITER_STATE_MACHINE_ARN_ENV = 'WAITER_STATE_MACHINE_ARN'; +exports.FRAMEWORK_ON_EVENT_HANDLER_NAME = 'onEvent'; +exports.FRAMEWORK_IS_COMPLETE_HANDLER_NAME = 'isComplete'; +exports.FRAMEWORK_ON_TIMEOUT_HANDLER_NAME = 'onTimeout'; +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uc3RzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiY29uc3RzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFhLFFBQUEsOEJBQThCLEdBQUcsNEJBQTRCLENBQUM7QUFDOUQsUUFBQSxpQ0FBaUMsR0FBRywrQkFBK0IsQ0FBQztBQUNwRSxRQUFBLDRCQUE0QixHQUFHLDBCQUEwQixDQUFDO0FBRTFELFFBQUEsK0JBQStCLEdBQUcsU0FBUyxDQUFDO0FBQzVDLFFBQUEsa0NBQWtDLEdBQUcsWUFBWSxDQUFDO0FBQ2xELFFBQUEsaUNBQWlDLEdBQUcsV0FBVyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiZXhwb3J0IGNvbnN0IFVTRVJfT05fRVZFTlRfRlVOQ1RJT05fQVJOX0VOViA9ICdVU0VSX09OX0VWRU5UX0ZVTkNUSU9OX0FSTic7XG5leHBvcnQgY29uc3QgVVNFUl9JU19DT01QTEVURV9GVU5DVElPTl9BUk5fRU5WID0gJ1VTRVJfSVNfQ09NUExFVEVfRlVOQ1RJT05fQVJOJztcbmV4cG9ydCBjb25zdCBXQUlURVJfU1RBVEVfTUFDSElORV9BUk5fRU5WID0gJ1dBSVRFUl9TVEFURV9NQUNISU5FX0FSTic7XG5cbmV4cG9ydCBjb25zdCBGUkFNRVdPUktfT05fRVZFTlRfSEFORExFUl9OQU1FID0gJ29uRXZlbnQnO1xuZXhwb3J0IGNvbnN0IEZSQU1FV09SS19JU19DT01QTEVURV9IQU5ETEVSX05BTUUgPSAnaXNDb21wbGV0ZSc7XG5leHBvcnQgY29uc3QgRlJBTUVXT1JLX09OX1RJTUVPVVRfSEFORExFUl9OQU1FID0gJ29uVGltZW91dCc7XG4iXX0= \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.39472b1c2875cf306d4ba429aeccdd34cb49bcf59dbde81f7e6b6cb9deac23a6/framework.js b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.39472b1c2875cf306d4ba429aeccdd34cb49bcf59dbde81f7e6b6cb9deac23a6/framework.js new file mode 100644 index 0000000000000..d381e7833f0b7 --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.39472b1c2875cf306d4ba429aeccdd34cb49bcf59dbde81f7e6b6cb9deac23a6/framework.js @@ -0,0 +1,185 @@ +"use strict"; +/* eslint-disable max-len */ +/* eslint-disable no-console */ +const cfnResponse = require("./cfn-response"); +const consts = require("./consts"); +const outbound_1 = require("./outbound"); +const util_1 = require("./util"); +/** + * The main runtime entrypoint of the async custom resource lambda function. + * + * Any lifecycle event changes to the custom resources will invoke this handler, which will, in turn, + * interact with the user-defined `onEvent` and `isComplete` handlers. + * + * This function will always succeed. If an error occurs, it is logged but an error is not thrown. + * + * @param cfnRequest The cloudformation custom resource event. + */ +async function onEvent(cfnRequest) { + const sanitizedRequest = { ...cfnRequest, ResponseURL: '...' }; + (0, util_1.log)('onEventHandler', sanitizedRequest); + cfnRequest.ResourceProperties = cfnRequest.ResourceProperties || {}; + const onEventResult = await invokeUserFunction(consts.USER_ON_EVENT_FUNCTION_ARN_ENV, sanitizedRequest, cfnRequest.ResponseURL); + if (onEventResult?.NoEcho) { + (0, util_1.log)('redacted onEvent returned:', cfnResponse.redactDataFromPayload(onEventResult)); + } + else { + (0, util_1.log)('onEvent returned:', onEventResult); + } + // merge the request and the result from onEvent to form the complete resource event + // this also performs validation. + const resourceEvent = createResponseEvent(cfnRequest, onEventResult); + const sanitizedEvent = { ...resourceEvent, ResponseURL: '...' }; + if (onEventResult?.NoEcho) { + (0, util_1.log)('readacted event:', cfnResponse.redactDataFromPayload(sanitizedEvent)); + } + else { + (0, util_1.log)('event:', sanitizedEvent); + } + // determine if this is an async provider based on whether we have an isComplete handler defined. + // if it is not defined, then we are basically ready to return a positive response. + if (!process.env[consts.USER_IS_COMPLETE_FUNCTION_ARN_ENV]) { + return cfnResponse.submitResponse('SUCCESS', resourceEvent, { noEcho: resourceEvent.NoEcho }); + } + // ok, we are not complete, so kick off the waiter workflow + const waiter = { + stateMachineArn: (0, util_1.getEnv)(consts.WAITER_STATE_MACHINE_ARN_ENV), + name: resourceEvent.RequestId, + input: JSON.stringify(resourceEvent), + }; + (0, util_1.log)('starting waiter', { + stateMachineArn: (0, util_1.getEnv)(consts.WAITER_STATE_MACHINE_ARN_ENV), + name: resourceEvent.RequestId, + }); + // kick off waiter state machine + await (0, outbound_1.startExecution)(waiter); +} +// invoked a few times until `complete` is true or until it times out. +async function isComplete(event) { + const sanitizedRequest = { ...event, ResponseURL: '...' }; + if (event?.NoEcho) { + (0, util_1.log)('redacted isComplete request', cfnResponse.redactDataFromPayload(sanitizedRequest)); + } + else { + (0, util_1.log)('isComplete', sanitizedRequest); + } + const isCompleteResult = await invokeUserFunction(consts.USER_IS_COMPLETE_FUNCTION_ARN_ENV, sanitizedRequest, event.ResponseURL); + if (event?.NoEcho) { + (0, util_1.log)('redacted user isComplete returned:', cfnResponse.redactDataFromPayload(isCompleteResult)); + } + else { + (0, util_1.log)('user isComplete returned:', isCompleteResult); + } + // if we are not complete, return false, and don't send a response back. + if (!isCompleteResult.IsComplete) { + if (isCompleteResult.Data && Object.keys(isCompleteResult.Data).length > 0) { + throw new Error('"Data" is not allowed if "IsComplete" is "False"'); + } + // This must be the full event, it will be deserialized in `onTimeout` to send the response to CloudFormation + throw new cfnResponse.Retry(JSON.stringify(event)); + } + const response = { + ...event, + ...isCompleteResult, + Data: { + ...event.Data, + ...isCompleteResult.Data, + }, + }; + await cfnResponse.submitResponse('SUCCESS', response, { noEcho: event.NoEcho }); +} +// invoked when completion retries are exhaused. +async function onTimeout(timeoutEvent) { + (0, util_1.log)('timeoutHandler', timeoutEvent); + const isCompleteRequest = JSON.parse(JSON.parse(timeoutEvent.Cause).errorMessage); + await cfnResponse.submitResponse('FAILED', isCompleteRequest, { + reason: 'Operation timed out', + }); +} +async function invokeUserFunction(functionArnEnv, sanitizedPayload, responseUrl) { + const functionArn = (0, util_1.getEnv)(functionArnEnv); + (0, util_1.log)(`executing user function ${functionArn} with payload`, sanitizedPayload); + // transient errors such as timeouts, throttling errors (429), and other + // errors that aren't caused by a bad request (500 series) are retried + // automatically by the JavaScript SDK. + const resp = await (0, outbound_1.invokeFunction)({ + FunctionName: functionArn, + // Cannot strip 'ResponseURL' here as this would be a breaking change even though the downstream CR doesn't need it + Payload: JSON.stringify({ ...sanitizedPayload, ResponseURL: responseUrl }), + }); + (0, util_1.log)('user function response:', resp, typeof (resp)); + // ParseJsonPayload is very defensive. It should not be possible for `Payload` + // to be anything other than a JSON encoded string (or intarray). Something weird is + // going on if that happens. Still, we should do our best to survive it. + const jsonPayload = (0, util_1.parseJsonPayload)(resp.Payload); + if (resp.FunctionError) { + (0, util_1.log)('user function threw an error:', resp.FunctionError); + const errorMessage = jsonPayload.errorMessage || 'error'; + // parse function name from arn + // arn:${Partition}:lambda:${Region}:${Account}:function:${FunctionName} + const arn = functionArn.split(':'); + const functionName = arn[arn.length - 1]; + // append a reference to the log group. + const message = [ + errorMessage, + '', + `Logs: /aws/lambda/${functionName}`, // cloudwatch log group + '', + ].join('\n'); + const e = new Error(message); + // the output that goes to CFN is what's in `stack`, not the error message. + // if we have a remote trace, construct a nice message with log group information + if (jsonPayload.trace) { + // skip first trace line because it's the message + e.stack = [message, ...jsonPayload.trace.slice(1)].join('\n'); + } + throw e; + } + return jsonPayload; +} +function createResponseEvent(cfnRequest, onEventResult) { + // + // validate that onEventResult always includes a PhysicalResourceId + onEventResult = onEventResult || {}; + // if physical ID is not returned, we have some defaults for you based + // on the request type. + const physicalResourceId = onEventResult.PhysicalResourceId || defaultPhysicalResourceId(cfnRequest); + // if we are in DELETE and physical ID was changed, it's an error. + if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { + throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${onEventResult.PhysicalResourceId}" during deletion`); + } + // if we are in UPDATE and physical ID was changed, it's a replacement (just log) + if (cfnRequest.RequestType === 'Update' && physicalResourceId !== cfnRequest.PhysicalResourceId) { + (0, util_1.log)(`UPDATE: changing physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${onEventResult.PhysicalResourceId}"`); + } + // merge request event and result event (result prevails). + return { + ...cfnRequest, + ...onEventResult, + PhysicalResourceId: physicalResourceId, + }; +} +/** + * Calculates the default physical resource ID based in case user handler did + * not return a PhysicalResourceId. + * + * For "CREATE", it uses the RequestId. + * For "UPDATE" and "DELETE" and returns the current PhysicalResourceId (the one provided in `event`). + */ +function defaultPhysicalResourceId(req) { + switch (req.RequestType) { + case 'Create': + return req.RequestId; + case 'Update': + case 'Delete': + return req.PhysicalResourceId; + default: + throw new Error(`Invalid "RequestType" in request "${JSON.stringify(req)}"`); + } +} +module.exports = { + [consts.FRAMEWORK_ON_EVENT_HANDLER_NAME]: cfnResponse.safeHandler(onEvent), + [consts.FRAMEWORK_IS_COMPLETE_HANDLER_NAME]: cfnResponse.safeHandler(isComplete), + [consts.FRAMEWORK_ON_TIMEOUT_HANDLER_NAME]: onTimeout, +}; +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZnJhbWV3b3JrLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiZnJhbWV3b3JrLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSw0QkFBNEI7QUFDNUIsK0JBQStCO0FBQy9CLDhDQUE4QztBQUM5QyxtQ0FBbUM7QUFDbkMseUNBQTREO0FBQzVELGlDQUF1RDtBQVV2RDs7Ozs7Ozs7O0dBU0c7QUFDSCxLQUFLLFVBQVUsT0FBTyxDQUFDLFVBQXVEO0lBQzVFLE1BQU0sZ0JBQWdCLEdBQUcsRUFBRSxHQUFHLFVBQVUsRUFBRSxXQUFXLEVBQUUsS0FBSyxFQUFXLENBQUM7SUFDeEUsSUFBQSxVQUFHLEVBQUMsZ0JBQWdCLEVBQUUsZ0JBQWdCLENBQUMsQ0FBQztJQUV4QyxVQUFVLENBQUMsa0JBQWtCLEdBQUcsVUFBVSxDQUFDLGtCQUFrQixJQUFJLEVBQUcsQ0FBQztJQUVyRSxNQUFNLGFBQWEsR0FBRyxNQUFNLGtCQUFrQixDQUFDLE1BQU0sQ0FBQyw4QkFBOEIsRUFBRSxnQkFBZ0IsRUFBRSxVQUFVLENBQUMsV0FBVyxDQUFvQixDQUFDO0lBQ25KLElBQUksYUFBYSxFQUFFLE1BQU0sRUFBRSxDQUFDO1FBQzFCLElBQUEsVUFBRyxFQUFDLDRCQUE0QixFQUFFLFdBQVcsQ0FBQyxxQkFBcUIsQ0FBQyxhQUFhLENBQUMsQ0FBQyxDQUFDO0lBQ3RGLENBQUM7U0FBTSxDQUFDO1FBQ04sSUFBQSxVQUFHLEVBQUMsbUJBQW1CLEVBQUUsYUFBYSxDQUFDLENBQUM7SUFDMUMsQ0FBQztJQUVELG9GQUFvRjtJQUNwRixpQ0FBaUM7SUFDakMsTUFBTSxhQUFhLEdBQUcsbUJBQW1CLENBQUMsVUFBVSxFQUFFLGFBQWEsQ0FBQyxDQUFDO0lBQ3JFLE1BQU0sY0FBYyxHQUFHLEVBQUUsR0FBRyxhQUFhLEVBQUUsV0FBVyxFQUFFLEtBQUssRUFBRSxDQUFDO0lBQ2hFLElBQUksYUFBYSxFQUFFLE1BQU0sRUFBRSxDQUFDO1FBQzFCLElBQUEsVUFBRyxFQUFDLGtCQUFrQixFQUFFLFdBQVcsQ0FBQyxxQkFBcUIsQ0FBQyxjQUFjLENBQUMsQ0FBQyxDQUFDO0lBQzdFLENBQUM7U0FBTSxDQUFDO1FBQ04sSUFBQSxVQUFHLEVBQUMsUUFBUSxFQUFFLGNBQWMsQ0FBQyxDQUFDO0lBQ2hDLENBQUM7SUFFRCxpR0FBaUc7SUFDakcsbUZBQW1GO0lBQ25GLElBQUksQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxpQ0FBaUMsQ0FBQyxFQUFFLENBQUM7UUFDM0QsT0FBTyxXQUFXLENBQUMsY0FBYyxDQUFDLFNBQVMsRUFBRSxhQUFhLEVBQUUsRUFBRSxNQUFNLEVBQUUsYUFBYSxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUM7SUFDaEcsQ0FBQztJQUVELDJEQUEyRDtJQUMzRCxNQUFNLE1BQU0sR0FBRztRQUNiLGVBQWUsRUFBRSxJQUFBLGFBQU0sRUFBQyxNQUFNLENBQUMsNEJBQTRCLENBQUM7UUFDNUQsSUFBSSxFQUFFLGFBQWEsQ0FBQyxTQUFTO1FBQzdCLEtBQUssRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLGFBQWEsQ0FBQztLQUNyQyxDQUFDO0lBRUYsSUFBQSxVQUFHLEVBQUMsaUJBQWlCLEVBQUU7UUFDckIsZUFBZSxFQUFFLElBQUEsYUFBTSxFQUFDLE1BQU0sQ0FBQyw0QkFBNEIsQ0FBQztRQUM1RCxJQUFJLEVBQUUsYUFBYSxDQUFDLFNBQVM7S0FDOUIsQ0FBQyxDQUFDO0lBRUgsZ0NBQWdDO0lBQ2hDLE1BQU0sSUFBQSx5QkFBYyxFQUFDLE1BQU0sQ0FBQyxDQUFDO0FBQy9CLENBQUM7QUFFRCxzRUFBc0U7QUFDdEUsS0FBSyxVQUFVLFVBQVUsQ0FBQyxLQUFrRDtJQUMxRSxNQUFNLGdCQUFnQixHQUFHLEVBQUUsR0FBRyxLQUFLLEVBQUUsV0FBVyxFQUFFLEtBQUssRUFBVyxDQUFDO0lBQ25FLElBQUksS0FBSyxFQUFFLE1BQU0sRUFBRSxDQUFDO1FBQ2xCLElBQUEsVUFBRyxFQUFDLDZCQUE2QixFQUFFLFdBQVcsQ0FBQyxxQkFBcUIsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLENBQUM7SUFDMUYsQ0FBQztTQUFNLENBQUM7UUFDTixJQUFBLFVBQUcsRUFBQyxZQUFZLEVBQUUsZ0JBQWdCLENBQUMsQ0FBQztJQUN0QyxDQUFDO0lBRUQsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLGtCQUFrQixDQUFDLE1BQU0sQ0FBQyxpQ0FBaUMsRUFBRSxnQkFBZ0IsRUFBRSxLQUFLLENBQUMsV0FBVyxDQUF1QixDQUFDO0lBQ3ZKLElBQUksS0FBSyxFQUFFLE1BQU0sRUFBRSxDQUFDO1FBQ2xCLElBQUEsVUFBRyxFQUFDLG9DQUFvQyxFQUFFLFdBQVcsQ0FBQyxxQkFBcUIsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLENBQUM7SUFDakcsQ0FBQztTQUFNLENBQUM7UUFDTixJQUFBLFVBQUcsRUFBQywyQkFBMkIsRUFBRSxnQkFBZ0IsQ0FBQyxDQUFDO0lBQ3JELENBQUM7SUFFRCx3RUFBd0U7SUFDeEUsSUFBSSxDQUFDLGdCQUFnQixDQUFDLFVBQVUsRUFBRSxDQUFDO1FBQ2pDLElBQUksZ0JBQWdCLENBQUMsSUFBSSxJQUFJLE1BQU0sQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQzNFLE1BQU0sSUFBSSxLQUFLLENBQUMsa0RBQWtELENBQUMsQ0FBQztRQUN0RSxDQUFDO1FBRUQsNkdBQTZHO1FBQzdHLE1BQU0sSUFBSSxXQUFXLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztJQUNyRCxDQUFDO0lBRUQsTUFBTSxRQUFRLEdBQUc7UUFDZixHQUFHLEtBQUs7UUFDUixHQUFHLGdCQUFnQjtRQUNuQixJQUFJLEVBQUU7WUFDSixHQUFHLEtBQUssQ0FBQyxJQUFJO1lBQ2IsR0FBRyxnQkFBZ0IsQ0FBQyxJQUFJO1NBQ3pCO0tBQ0YsQ0FBQztJQUVGLE1BQU0sV0FBVyxDQUFDLGNBQWMsQ0FBQyxTQUFTLEVBQUUsUUFBUSxFQUFFLEVBQUUsTUFBTSxFQUFFLEtBQUssQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDO0FBQ2xGLENBQUM7QUFFRCxnREFBZ0Q7QUFDaEQsS0FBSyxVQUFVLFNBQVMsQ0FBQyxZQUFpQjtJQUN4QyxJQUFBLFVBQUcsRUFBQyxnQkFBZ0IsRUFBRSxZQUFZLENBQUMsQ0FBQztJQUVwQyxNQUFNLGlCQUFpQixHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxZQUFZLENBQUMsS0FBSyxDQUFDLENBQUMsWUFBWSxDQUFnRCxDQUFDO0lBQ2pJLE1BQU0sV0FBVyxDQUFDLGNBQWMsQ0FBQyxRQUFRLEVBQUUsaUJBQWlCLEVBQUU7UUFDNUQsTUFBTSxFQUFFLHFCQUFxQjtLQUM5QixDQUFDLENBQUM7QUFDTCxDQUFDO0FBRUQsS0FBSyxVQUFVLGtCQUFrQixDQUFtQyxjQUFzQixFQUFFLGdCQUFtQixFQUFFLFdBQW1CO0lBQ2xJLE1BQU0sV0FBVyxHQUFHLElBQUEsYUFBTSxFQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQzNDLElBQUEsVUFBRyxFQUFDLDJCQUEyQixXQUFXLGVBQWUsRUFBRSxnQkFBZ0IsQ0FBQyxDQUFDO0lBRTdFLHdFQUF3RTtJQUN4RSxzRUFBc0U7SUFDdEUsdUNBQXVDO0lBQ3ZDLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBQSx5QkFBYyxFQUFDO1FBQ2hDLFlBQVksRUFBRSxXQUFXO1FBRXpCLG1IQUFtSDtRQUNuSCxPQUFPLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxFQUFFLEdBQUcsZ0JBQWdCLEVBQUUsV0FBVyxFQUFFLFdBQVcsRUFBRSxDQUFDO0tBQzNFLENBQUMsQ0FBQztJQUVILElBQUEsVUFBRyxFQUFDLHlCQUF5QixFQUFFLElBQUksRUFBRSxPQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztJQUVuRCw4RUFBOEU7SUFDOUUsb0ZBQW9GO0lBQ3BGLHdFQUF3RTtJQUN4RSxNQUFNLFdBQVcsR0FBRyxJQUFBLHVCQUFnQixFQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUNuRCxJQUFJLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztRQUN2QixJQUFBLFVBQUcsRUFBQywrQkFBK0IsRUFBRSxJQUFJLENBQUMsYUFBYSxDQUFDLENBQUM7UUFFekQsTUFBTSxZQUFZLEdBQUcsV0FBVyxDQUFDLFlBQVksSUFBSSxPQUFPLENBQUM7UUFFekQsK0JBQStCO1FBQy9CLHdFQUF3RTtRQUN4RSxNQUFNLEdBQUcsR0FBRyxXQUFXLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ25DLE1BQU0sWUFBWSxHQUFHLEdBQUcsQ0FBQyxHQUFHLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxDQUFDO1FBRXpDLHVDQUF1QztRQUN2QyxNQUFNLE9BQU8sR0FBRztZQUNkLFlBQVk7WUFDWixFQUFFO1lBQ0YscUJBQXFCLFlBQVksRUFBRSxFQUFFLHVCQUF1QjtZQUM1RCxFQUFFO1NBQ0gsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUM7UUFFYixNQUFNLENBQUMsR0FBRyxJQUFJLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUU3QiwyRUFBMkU7UUFDM0UsaUZBQWlGO1FBQ2pGLElBQUksV0FBVyxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ3RCLGlEQUFpRDtZQUNqRCxDQUFDLENBQUMsS0FBSyxHQUFHLENBQUMsT0FBTyxFQUFFLEdBQUcsV0FBVyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDaEUsQ0FBQztRQUVELE1BQU0sQ0FBQyxDQUFDO0lBQ1YsQ0FBQztJQUVELE9BQU8sV0FBVyxDQUFDO0FBQ3JCLENBQUM7QUFFRCxTQUFTLG1CQUFtQixDQUFDLFVBQXVELEVBQUUsYUFBOEI7SUFDbEgsRUFBRTtJQUNGLG1FQUFtRTtJQUVuRSxhQUFhLEdBQUcsYUFBYSxJQUFJLEVBQUcsQ0FBQztJQUVyQyxzRUFBc0U7SUFDdEUsdUJBQXVCO0lBQ3ZCLE1BQU0sa0JBQWtCLEdBQUcsYUFBYSxDQUFDLGtCQUFrQixJQUFJLHlCQUF5QixDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBRXJHLGtFQUFrRTtJQUNsRSxJQUFJLFVBQVUsQ0FBQyxXQUFXLEtBQUssUUFBUSxJQUFJLGtCQUFrQixLQUFLLFVBQVUsQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1FBQ2hHLE1BQU0sSUFBSSxLQUFLLENBQUMsd0RBQXdELFVBQVUsQ0FBQyxrQkFBa0IsU0FBUyxhQUFhLENBQUMsa0JBQWtCLG1CQUFtQixDQUFDLENBQUM7SUFDckssQ0FBQztJQUVELGlGQUFpRjtJQUNqRixJQUFJLFVBQVUsQ0FBQyxXQUFXLEtBQUssUUFBUSxJQUFJLGtCQUFrQixLQUFLLFVBQVUsQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1FBQ2hHLElBQUEsVUFBRyxFQUFDLCtDQUErQyxVQUFVLENBQUMsa0JBQWtCLFNBQVMsYUFBYSxDQUFDLGtCQUFrQixHQUFHLENBQUMsQ0FBQztJQUNoSSxDQUFDO0lBRUQsMERBQTBEO0lBQzFELE9BQU87UUFDTCxHQUFHLFVBQVU7UUFDYixHQUFHLGFBQWE7UUFDaEIsa0JBQWtCLEVBQUUsa0JBQWtCO0tBQ3ZDLENBQUM7QUFDSixDQUFDO0FBRUQ7Ozs7OztHQU1HO0FBQ0gsU0FBUyx5QkFBeUIsQ0FBQyxHQUFnRDtJQUNqRixRQUFRLEdBQUcsQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUN4QixLQUFLLFFBQVE7WUFDWCxPQUFPLEdBQUcsQ0FBQyxTQUFTLENBQUM7UUFFdkIsS0FBSyxRQUFRLENBQUM7UUFDZCxLQUFLLFFBQVE7WUFDWCxPQUFPLEdBQUcsQ0FBQyxrQkFBa0IsQ0FBQztRQUVoQztZQUNFLE1BQU0sSUFBSSxLQUFLLENBQUMscUNBQXFDLElBQUksQ0FBQyxTQUFTLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ2pGLENBQUM7QUFDSCxDQUFDO0FBak5ELGlCQUFTO0lBQ1AsQ0FBQyxNQUFNLENBQUMsK0JBQStCLENBQUMsRUFBRSxXQUFXLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQztJQUMxRSxDQUFDLE1BQU0sQ0FBQyxrQ0FBa0MsQ0FBQyxFQUFFLFdBQVcsQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDO0lBQ2hGLENBQUMsTUFBTSxDQUFDLGlDQUFpQyxDQUFDLEVBQUUsU0FBUztDQUN0RCxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyogZXNsaW50LWRpc2FibGUgbWF4LWxlbiAqL1xuLyogZXNsaW50LWRpc2FibGUgbm8tY29uc29sZSAqL1xuaW1wb3J0ICogYXMgY2ZuUmVzcG9uc2UgZnJvbSAnLi9jZm4tcmVzcG9uc2UnO1xuaW1wb3J0ICogYXMgY29uc3RzIGZyb20gJy4vY29uc3RzJztcbmltcG9ydCB7IGludm9rZUZ1bmN0aW9uLCBzdGFydEV4ZWN1dGlvbiB9IGZyb20gJy4vb3V0Ym91bmQnO1xuaW1wb3J0IHsgZ2V0RW52LCBsb2csIHBhcnNlSnNvblBheWxvYWQgfSBmcm9tICcuL3V0aWwnO1xuaW1wb3J0IHsgSXNDb21wbGV0ZVJlc3BvbnNlLCBPbkV2ZW50UmVzcG9uc2UgfSBmcm9tICcuLi90eXBlcyc7XG5cbi8vIHVzZSBjb25zdHMgZm9yIGhhbmRsZXIgbmFtZXMgdG8gY29tcGlsZXItZW5mb3JjZSB0aGUgY291cGxpbmcgd2l0aCBjb25zdHJ1Y3Rpb24gY29kZS5cbmV4cG9ydCA9IHtcbiAgW2NvbnN0cy5GUkFNRVdPUktfT05fRVZFTlRfSEFORExFUl9OQU1FXTogY2ZuUmVzcG9uc2Uuc2FmZUhhbmRsZXIob25FdmVudCksXG4gIFtjb25zdHMuRlJBTUVXT1JLX0lTX0NPTVBMRVRFX0hBTkRMRVJfTkFNRV06IGNmblJlc3BvbnNlLnNhZmVIYW5kbGVyKGlzQ29tcGxldGUpLFxuICBbY29uc3RzLkZSQU1FV09SS19PTl9USU1FT1VUX0hBTkRMRVJfTkFNRV06IG9uVGltZW91dCxcbn07XG5cbi8qKlxuICogVGhlIG1haW4gcnVudGltZSBlbnRyeXBvaW50IG9mIHRoZSBhc3luYyBjdXN0b20gcmVzb3VyY2UgbGFtYmRhIGZ1bmN0aW9uLlxuICpcbiAqIEFueSBsaWZlY3ljbGUgZXZlbnQgY2hhbmdlcyB0byB0aGUgY3VzdG9tIHJlc291cmNlcyB3aWxsIGludm9rZSB0aGlzIGhhbmRsZXIsIHdoaWNoIHdpbGwsIGluIHR1cm4sXG4gKiBpbnRlcmFjdCB3aXRoIHRoZSB1c2VyLWRlZmluZWQgYG9uRXZlbnRgIGFuZCBgaXNDb21wbGV0ZWAgaGFuZGxlcnMuXG4gKlxuICogVGhpcyBmdW5jdGlvbiB3aWxsIGFsd2F5cyBzdWNjZWVkLiBJZiBhbiBlcnJvciBvY2N1cnMsIGl0IGlzIGxvZ2dlZCBidXQgYW4gZXJyb3IgaXMgbm90IHRocm93bi5cbiAqXG4gKiBAcGFyYW0gY2ZuUmVxdWVzdCBUaGUgY2xvdWRmb3JtYXRpb24gY3VzdG9tIHJlc291cmNlIGV2ZW50LlxuICovXG5hc3luYyBmdW5jdGlvbiBvbkV2ZW50KGNmblJlcXVlc3Q6IEFXU0xhbWJkYS5DbG91ZEZvcm1hdGlvbkN1c3RvbVJlc291cmNlRXZlbnQpIHtcbiAgY29uc3Qgc2FuaXRpemVkUmVxdWVzdCA9IHsgLi4uY2ZuUmVxdWVzdCwgUmVzcG9uc2VVUkw6ICcuLi4nIH0gYXMgY29uc3Q7XG4gIGxvZygnb25FdmVudEhhbmRsZXInLCBzYW5pdGl6ZWRSZXF1ZXN0KTtcblxuICBjZm5SZXF1ZXN0LlJlc291cmNlUHJvcGVydGllcyA9IGNmblJlcXVlc3QuUmVzb3VyY2VQcm9wZXJ0aWVzIHx8IHsgfTtcblxuICBjb25zdCBvbkV2ZW50UmVzdWx0ID0gYXdhaXQgaW52b2tlVXNlckZ1bmN0aW9uKGNvbnN0cy5VU0VSX09OX0VWRU5UX0ZVTkNUSU9OX0FSTl9FTlYsIHNhbml0aXplZFJlcXVlc3QsIGNmblJlcXVlc3QuUmVzcG9uc2VVUkwpIGFzIE9uRXZlbnRSZXNwb25zZTtcbiAgaWYgKG9uRXZlbnRSZXN1bHQ/Lk5vRWNobykge1xuICAgIGxvZygncmVkYWN0ZWQgb25FdmVudCByZXR1cm5lZDonLCBjZm5SZXNwb25zZS5yZWRhY3REYXRhRnJvbVBheWxvYWQob25FdmVudFJlc3VsdCkpO1xuICB9IGVsc2Uge1xuICAgIGxvZygnb25FdmVudCByZXR1cm5lZDonLCBvbkV2ZW50UmVzdWx0KTtcbiAgfVxuXG4gIC8vIG1lcmdlIHRoZSByZXF1ZXN0IGFuZCB0aGUgcmVzdWx0IGZyb20gb25FdmVudCB0byBmb3JtIHRoZSBjb21wbGV0ZSByZXNvdXJjZSBldmVudFxuICAvLyB0aGlzIGFsc28gcGVyZm9ybXMgdmFsaWRhdGlvbi5cbiAgY29uc3QgcmVzb3VyY2VFdmVudCA9IGNyZWF0ZVJlc3BvbnNlRXZlbnQoY2ZuUmVxdWVzdCwgb25FdmVudFJlc3VsdCk7XG4gIGNvbnN0IHNhbml0aXplZEV2ZW50ID0geyAuLi5yZXNvdXJjZUV2ZW50LCBSZXNwb25zZVVSTDogJy4uLicgfTtcbiAgaWYgKG9uRXZlbnRSZXN1bHQ/Lk5vRWNobykge1xuICAgIGxvZygncmVhZGFjdGVkIGV2ZW50OicsIGNmblJlc3BvbnNlLnJlZGFjdERhdGFGcm9tUGF5bG9hZChzYW5pdGl6ZWRFdmVudCkpO1xuICB9IGVsc2Uge1xuICAgIGxvZygnZXZlbnQ6Jywgc2FuaXRpemVkRXZlbnQpO1xuICB9XG5cbiAgLy8gZGV0ZXJtaW5lIGlmIHRoaXMgaXMgYW4gYXN5bmMgcHJvdmlkZXIgYmFzZWQgb24gd2hldGhlciB3ZSBoYXZlIGFuIGlzQ29tcGxldGUgaGFuZGxlciBkZWZpbmVkLlxuICAvLyBpZiBpdCBpcyBub3QgZGVmaW5lZCwgdGhlbiB3ZSBhcmUgYmFzaWNhbGx5IHJlYWR5IHRvIHJldHVybiBhIHBvc2l0aXZlIHJlc3BvbnNlLlxuICBpZiAoIXByb2Nlc3MuZW52W2NvbnN0cy5VU0VSX0lTX0NPTVBMRVRFX0ZVTkNUSU9OX0FSTl9FTlZdKSB7XG4gICAgcmV0dXJuIGNmblJlc3BvbnNlLnN1Ym1pdFJlc3BvbnNlKCdTVUNDRVNTJywgcmVzb3VyY2VFdmVudCwgeyBub0VjaG86IHJlc291cmNlRXZlbnQuTm9FY2hvIH0pO1xuICB9XG5cbiAgLy8gb2ssIHdlIGFyZSBub3QgY29tcGxldGUsIHNvIGtpY2sgb2ZmIHRoZSB3YWl0ZXIgd29ya2Zsb3dcbiAgY29uc3Qgd2FpdGVyID0ge1xuICAgIHN0YXRlTWFjaGluZUFybjogZ2V0RW52KGNvbnN0cy5XQUlURVJfU1RBVEVfTUFDSElORV9BUk5fRU5WKSxcbiAgICBuYW1lOiByZXNvdXJjZUV2ZW50LlJlcXVlc3RJZCxcbiAgICBpbnB1dDogSlNPTi5zdHJpbmdpZnkocmVzb3VyY2VFdmVudCksXG4gIH07XG5cbiAgbG9nKCdzdGFydGluZyB3YWl0ZXInLCB7XG4gICAgc3RhdGVNYWNoaW5lQXJuOiBnZXRFbnYoY29uc3RzLldBSVRFUl9TVEFURV9NQUNISU5FX0FSTl9FTlYpLFxuICAgIG5hbWU6IHJlc291cmNlRXZlbnQuUmVxdWVzdElkLFxuICB9KTtcblxuICAvLyBraWNrIG9mZiB3YWl0ZXIgc3RhdGUgbWFjaGluZVxuICBhd2FpdCBzdGFydEV4ZWN1dGlvbih3YWl0ZXIpO1xufVxuXG4vLyBpbnZva2VkIGEgZmV3IHRpbWVzIHVudGlsIGBjb21wbGV0ZWAgaXMgdHJ1ZSBvciB1bnRpbCBpdCB0aW1lcyBvdXQuXG5hc3luYyBmdW5jdGlvbiBpc0NvbXBsZXRlKGV2ZW50OiBBV1NDREtBc3luY0N1c3RvbVJlc291cmNlLklzQ29tcGxldGVSZXF1ZXN0KSB7XG4gIGNvbnN0IHNhbml0aXplZFJlcXVlc3QgPSB7IC4uLmV2ZW50LCBSZXNwb25zZVVSTDogJy4uLicgfSBhcyBjb25zdDtcbiAgaWYgKGV2ZW50Py5Ob0VjaG8pIHtcbiAgICBsb2coJ3JlZGFjdGVkIGlzQ29tcGxldGUgcmVxdWVzdCcsIGNmblJlc3BvbnNlLnJlZGFjdERhdGFGcm9tUGF5bG9hZChzYW5pdGl6ZWRSZXF1ZXN0KSk7XG4gIH0gZWxzZSB7XG4gICAgbG9nKCdpc0NvbXBsZXRlJywgc2FuaXRpemVkUmVxdWVzdCk7XG4gIH1cblxuICBjb25zdCBpc0NvbXBsZXRlUmVzdWx0ID0gYXdhaXQgaW52b2tlVXNlckZ1bmN0aW9uKGNvbnN0cy5VU0VSX0lTX0NPTVBMRVRFX0ZVTkNUSU9OX0FSTl9FTlYsIHNhbml0aXplZFJlcXVlc3QsIGV2ZW50LlJlc3BvbnNlVVJMKSBhcyBJc0NvbXBsZXRlUmVzcG9uc2U7XG4gIGlmIChldmVudD8uTm9FY2hvKSB7XG4gICAgbG9nKCdyZWRhY3RlZCB1c2VyIGlzQ29tcGxldGUgcmV0dXJuZWQ6JywgY2ZuUmVzcG9uc2UucmVkYWN0RGF0YUZyb21QYXlsb2FkKGlzQ29tcGxldGVSZXN1bHQpKTtcbiAgfSBlbHNlIHtcbiAgICBsb2coJ3VzZXIgaXNDb21wbGV0ZSByZXR1cm5lZDonLCBpc0NvbXBsZXRlUmVzdWx0KTtcbiAgfVxuXG4gIC8vIGlmIHdlIGFyZSBub3QgY29tcGxldGUsIHJldHVybiBmYWxzZSwgYW5kIGRvbid0IHNlbmQgYSByZXNwb25zZSBiYWNrLlxuICBpZiAoIWlzQ29tcGxldGVSZXN1bHQuSXNDb21wbGV0ZSkge1xuICAgIGlmIChpc0NvbXBsZXRlUmVzdWx0LkRhdGEgJiYgT2JqZWN0LmtleXMoaXNDb21wbGV0ZVJlc3VsdC5EYXRhKS5sZW5ndGggPiAwKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoJ1wiRGF0YVwiIGlzIG5vdCBhbGxvd2VkIGlmIFwiSXNDb21wbGV0ZVwiIGlzIFwiRmFsc2VcIicpO1xuICAgIH1cblxuICAgIC8vIFRoaXMgbXVzdCBiZSB0aGUgZnVsbCBldmVudCwgaXQgd2lsbCBiZSBkZXNlcmlhbGl6ZWQgaW4gYG9uVGltZW91dGAgdG8gc2VuZCB0aGUgcmVzcG9uc2UgdG8gQ2xvdWRGb3JtYXRpb25cbiAgICB0aHJvdyBuZXcgY2ZuUmVzcG9uc2UuUmV0cnkoSlNPTi5zdHJpbmdpZnkoZXZlbnQpKTtcbiAgfVxuXG4gIGNvbnN0IHJlc3BvbnNlID0ge1xuICAgIC4uLmV2ZW50LFxuICAgIC4uLmlzQ29tcGxldGVSZXN1bHQsXG4gICAgRGF0YToge1xuICAgICAgLi4uZXZlbnQuRGF0YSxcbiAgICAgIC4uLmlzQ29tcGxldGVSZXN1bHQuRGF0YSxcbiAgICB9LFxuICB9O1xuXG4gIGF3YWl0IGNmblJlc3BvbnNlLnN1Ym1pdFJlc3BvbnNlKCdTVUNDRVNTJywgcmVzcG9uc2UsIHsgbm9FY2hvOiBldmVudC5Ob0VjaG8gfSk7XG59XG5cbi8vIGludm9rZWQgd2hlbiBjb21wbGV0aW9uIHJldHJpZXMgYXJlIGV4aGF1c2VkLlxuYXN5bmMgZnVuY3Rpb24gb25UaW1lb3V0KHRpbWVvdXRFdmVudDogYW55KSB7XG4gIGxvZygndGltZW91dEhhbmRsZXInLCB0aW1lb3V0RXZlbnQpO1xuXG4gIGNvbnN0IGlzQ29tcGxldGVSZXF1ZXN0ID0gSlNPTi5wYXJzZShKU09OLnBhcnNlKHRpbWVvdXRFdmVudC5DYXVzZSkuZXJyb3JNZXNzYWdlKSBhcyBBV1NDREtBc3luY0N1c3RvbVJlc291cmNlLklzQ29tcGxldGVSZXF1ZXN0O1xuICBhd2FpdCBjZm5SZXNwb25zZS5zdWJtaXRSZXNwb25zZSgnRkFJTEVEJywgaXNDb21wbGV0ZVJlcXVlc3QsIHtcbiAgICByZWFzb246ICdPcGVyYXRpb24gdGltZWQgb3V0JyxcbiAgfSk7XG59XG5cbmFzeW5jIGZ1bmN0aW9uIGludm9rZVVzZXJGdW5jdGlvbjxBIGV4dGVuZHMgeyBSZXNwb25zZVVSTDogJy4uLicgfT4oZnVuY3Rpb25Bcm5FbnY6IHN0cmluZywgc2FuaXRpemVkUGF5bG9hZDogQSwgcmVzcG9uc2VVcmw6IHN0cmluZykge1xuICBjb25zdCBmdW5jdGlvbkFybiA9IGdldEVudihmdW5jdGlvbkFybkVudik7XG4gIGxvZyhgZXhlY3V0aW5nIHVzZXIgZnVuY3Rpb24gJHtmdW5jdGlvbkFybn0gd2l0aCBwYXlsb2FkYCwgc2FuaXRpemVkUGF5bG9hZCk7XG5cbiAgLy8gdHJhbnNpZW50IGVycm9ycyBzdWNoIGFzIHRpbWVvdXRzLCB0aHJvdHRsaW5nIGVycm9ycyAoNDI5KSwgYW5kIG90aGVyXG4gIC8vIGVycm9ycyB0aGF0IGFyZW4ndCBjYXVzZWQgYnkgYSBiYWQgcmVxdWVzdCAoNTAwIHNlcmllcykgYXJlIHJldHJpZWRcbiAgLy8gYXV0b21hdGljYWxseSBieSB0aGUgSmF2YVNjcmlwdCBTREsuXG4gIGNvbnN0IHJlc3AgPSBhd2FpdCBpbnZva2VGdW5jdGlvbih7XG4gICAgRnVuY3Rpb25OYW1lOiBmdW5jdGlvbkFybixcblxuICAgIC8vIENhbm5vdCBzdHJpcCAnUmVzcG9uc2VVUkwnIGhlcmUgYXMgdGhpcyB3b3VsZCBiZSBhIGJyZWFraW5nIGNoYW5nZSBldmVuIHRob3VnaCB0aGUgZG93bnN0cmVhbSBDUiBkb2Vzbid0IG5lZWQgaXRcbiAgICBQYXlsb2FkOiBKU09OLnN0cmluZ2lmeSh7IC4uLnNhbml0aXplZFBheWxvYWQsIFJlc3BvbnNlVVJMOiByZXNwb25zZVVybCB9KSxcbiAgfSk7XG5cbiAgbG9nKCd1c2VyIGZ1bmN0aW9uIHJlc3BvbnNlOicsIHJlc3AsIHR5cGVvZihyZXNwKSk7XG5cbiAgLy8gUGFyc2VKc29uUGF5bG9hZCBpcyB2ZXJ5IGRlZmVuc2l2ZS4gSXQgc2hvdWxkIG5vdCBiZSBwb3NzaWJsZSBmb3IgYFBheWxvYWRgXG4gIC8vIHRvIGJlIGFueXRoaW5nIG90aGVyIHRoYW4gYSBKU09OIGVuY29kZWQgc3RyaW5nIChvciBpbnRhcnJheSkuIFNvbWV0aGluZyB3ZWlyZCBpc1xuICAvLyBnb2luZyBvbiBpZiB0aGF0IGhhcHBlbnMuIFN0aWxsLCB3ZSBzaG91bGQgZG8gb3VyIGJlc3QgdG8gc3Vydml2ZSBpdC5cbiAgY29uc3QganNvblBheWxvYWQgPSBwYXJzZUpzb25QYXlsb2FkKHJlc3AuUGF5bG9hZCk7XG4gIGlmIChyZXNwLkZ1bmN0aW9uRXJyb3IpIHtcbiAgICBsb2coJ3VzZXIgZnVuY3Rpb24gdGhyZXcgYW4gZXJyb3I6JywgcmVzcC5GdW5jdGlvbkVycm9yKTtcblxuICAgIGNvbnN0IGVycm9yTWVzc2FnZSA9IGpzb25QYXlsb2FkLmVycm9yTWVzc2FnZSB8fCAnZXJyb3InO1xuXG4gICAgLy8gcGFyc2UgZnVuY3Rpb24gbmFtZSBmcm9tIGFyblxuICAgIC8vIGFybjoke1BhcnRpdGlvbn06bGFtYmRhOiR7UmVnaW9ufToke0FjY291bnR9OmZ1bmN0aW9uOiR7RnVuY3Rpb25OYW1lfVxuICAgIGNvbnN0IGFybiA9IGZ1bmN0aW9uQXJuLnNwbGl0KCc6Jyk7XG4gICAgY29uc3QgZnVuY3Rpb25OYW1lID0gYXJuW2Fybi5sZW5ndGggLSAxXTtcblxuICAgIC8vIGFwcGVuZCBhIHJlZmVyZW5jZSB0byB0aGUgbG9nIGdyb3VwLlxuICAgIGNvbnN0IG1lc3NhZ2UgPSBbXG4gICAgICBlcnJvck1lc3NhZ2UsXG4gICAgICAnJyxcbiAgICAgIGBMb2dzOiAvYXdzL2xhbWJkYS8ke2Z1bmN0aW9uTmFtZX1gLCAvLyBjbG91ZHdhdGNoIGxvZyBncm91cFxuICAgICAgJycsXG4gICAgXS5qb2luKCdcXG4nKTtcblxuICAgIGNvbnN0IGUgPSBuZXcgRXJyb3IobWVzc2FnZSk7XG5cbiAgICAvLyB0aGUgb3V0cHV0IHRoYXQgZ29lcyB0byBDRk4gaXMgd2hhdCdzIGluIGBzdGFja2AsIG5vdCB0aGUgZXJyb3IgbWVzc2FnZS5cbiAgICAvLyBpZiB3ZSBoYXZlIGEgcmVtb3RlIHRyYWNlLCBjb25zdHJ1Y3QgYSBuaWNlIG1lc3NhZ2Ugd2l0aCBsb2cgZ3JvdXAgaW5mb3JtYXRpb25cbiAgICBpZiAoanNvblBheWxvYWQudHJhY2UpIHtcbiAgICAgIC8vIHNraXAgZmlyc3QgdHJhY2UgbGluZSBiZWNhdXNlIGl0J3MgdGhlIG1lc3NhZ2VcbiAgICAgIGUuc3RhY2sgPSBbbWVzc2FnZSwgLi4uanNvblBheWxvYWQudHJhY2Uuc2xpY2UoMSldLmpvaW4oJ1xcbicpO1xuICAgIH1cblxuICAgIHRocm93IGU7XG4gIH1cblxuICByZXR1cm4ganNvblBheWxvYWQ7XG59XG5cbmZ1bmN0aW9uIGNyZWF0ZVJlc3BvbnNlRXZlbnQoY2ZuUmVxdWVzdDogQVdTTGFtYmRhLkNsb3VkRm9ybWF0aW9uQ3VzdG9tUmVzb3VyY2VFdmVudCwgb25FdmVudFJlc3VsdDogT25FdmVudFJlc3BvbnNlKTogQVdTQ0RLQXN5bmNDdXN0b21SZXNvdXJjZS5Jc0NvbXBsZXRlUmVxdWVzdCB7XG4gIC8vXG4gIC8vIHZhbGlkYXRlIHRoYXQgb25FdmVudFJlc3VsdCBhbHdheXMgaW5jbHVkZXMgYSBQaHlzaWNhbFJlc291cmNlSWRcblxuICBvbkV2ZW50UmVzdWx0ID0gb25FdmVudFJlc3VsdCB8fCB7IH07XG5cbiAgLy8gaWYgcGh5c2ljYWwgSUQgaXMgbm90IHJldHVybmVkLCB3ZSBoYXZlIHNvbWUgZGVmYXVsdHMgZm9yIHlvdSBiYXNlZFxuICAvLyBvbiB0aGUgcmVxdWVzdCB0eXBlLlxuICBjb25zdCBwaHlzaWNhbFJlc291cmNlSWQgPSBvbkV2ZW50UmVzdWx0LlBoeXNpY2FsUmVzb3VyY2VJZCB8fCBkZWZhdWx0UGh5c2ljYWxSZXNvdXJjZUlkKGNmblJlcXVlc3QpO1xuXG4gIC8vIGlmIHdlIGFyZSBpbiBERUxFVEUgYW5kIHBoeXNpY2FsIElEIHdhcyBjaGFuZ2VkLCBpdCdzIGFuIGVycm9yLlxuICBpZiAoY2ZuUmVxdWVzdC5SZXF1ZXN0VHlwZSA9PT0gJ0RlbGV0ZScgJiYgcGh5c2ljYWxSZXNvdXJjZUlkICE9PSBjZm5SZXF1ZXN0LlBoeXNpY2FsUmVzb3VyY2VJZCkge1xuICAgIHRocm93IG5ldyBFcnJvcihgREVMRVRFOiBjYW5ub3QgY2hhbmdlIHRoZSBwaHlzaWNhbCByZXNvdXJjZSBJRCBmcm9tIFwiJHtjZm5SZXF1ZXN0LlBoeXNpY2FsUmVzb3VyY2VJZH1cIiB0byBcIiR7b25FdmVudFJlc3VsdC5QaHlzaWNhbFJlc291cmNlSWR9XCIgZHVyaW5nIGRlbGV0aW9uYCk7XG4gIH1cblxuICAvLyBpZiB3ZSBhcmUgaW4gVVBEQVRFIGFuZCBwaHlzaWNhbCBJRCB3YXMgY2hhbmdlZCwgaXQncyBhIHJlcGxhY2VtZW50IChqdXN0IGxvZylcbiAgaWYgKGNmblJlcXVlc3QuUmVxdWVzdFR5cGUgPT09ICdVcGRhdGUnICYmIHBoeXNpY2FsUmVzb3VyY2VJZCAhPT0gY2ZuUmVxdWVzdC5QaHlzaWNhbFJlc291cmNlSWQpIHtcbiAgICBsb2coYFVQREFURTogY2hhbmdpbmcgcGh5c2ljYWwgcmVzb3VyY2UgSUQgZnJvbSBcIiR7Y2ZuUmVxdWVzdC5QaHlzaWNhbFJlc291cmNlSWR9XCIgdG8gXCIke29uRXZlbnRSZXN1bHQuUGh5c2ljYWxSZXNvdXJjZUlkfVwiYCk7XG4gIH1cblxuICAvLyBtZXJnZSByZXF1ZXN0IGV2ZW50IGFuZCByZXN1bHQgZXZlbnQgKHJlc3VsdCBwcmV2YWlscykuXG4gIHJldHVybiB7XG4gICAgLi4uY2ZuUmVxdWVzdCxcbiAgICAuLi5vbkV2ZW50UmVzdWx0LFxuICAgIFBoeXNpY2FsUmVzb3VyY2VJZDogcGh5c2ljYWxSZXNvdXJjZUlkLFxuICB9O1xufVxuXG4vKipcbiAqIENhbGN1bGF0ZXMgdGhlIGRlZmF1bHQgcGh5c2ljYWwgcmVzb3VyY2UgSUQgYmFzZWQgaW4gY2FzZSB1c2VyIGhhbmRsZXIgZGlkXG4gKiBub3QgcmV0dXJuIGEgUGh5c2ljYWxSZXNvdXJjZUlkLlxuICpcbiAqIEZvciBcIkNSRUFURVwiLCBpdCB1c2VzIHRoZSBSZXF1ZXN0SWQuXG4gKiBGb3IgXCJVUERBVEVcIiBhbmQgXCJERUxFVEVcIiBhbmQgcmV0dXJucyB0aGUgY3VycmVudCBQaHlzaWNhbFJlc291cmNlSWQgKHRoZSBvbmUgcHJvdmlkZWQgaW4gYGV2ZW50YCkuXG4gKi9cbmZ1bmN0aW9uIGRlZmF1bHRQaHlzaWNhbFJlc291cmNlSWQocmVxOiBBV1NMYW1iZGEuQ2xvdWRGb3JtYXRpb25DdXN0b21SZXNvdXJjZUV2ZW50KTogc3RyaW5nIHtcbiAgc3dpdGNoIChyZXEuUmVxdWVzdFR5cGUpIHtcbiAgICBjYXNlICdDcmVhdGUnOlxuICAgICAgcmV0dXJuIHJlcS5SZXF1ZXN0SWQ7XG5cbiAgICBjYXNlICdVcGRhdGUnOlxuICAgIGNhc2UgJ0RlbGV0ZSc6XG4gICAgICByZXR1cm4gcmVxLlBoeXNpY2FsUmVzb3VyY2VJZDtcblxuICAgIGRlZmF1bHQ6XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoYEludmFsaWQgXCJSZXF1ZXN0VHlwZVwiIGluIHJlcXVlc3QgXCIke0pTT04uc3RyaW5naWZ5KHJlcSl9XCJgKTtcbiAgfVxufVxuIl19 \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.39472b1c2875cf306d4ba429aeccdd34cb49bcf59dbde81f7e6b6cb9deac23a6/outbound.js b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.39472b1c2875cf306d4ba429aeccdd34cb49bcf59dbde81f7e6b6cb9deac23a6/outbound.js new file mode 100644 index 0000000000000..110a420ec64c5 --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.39472b1c2875cf306d4ba429aeccdd34cb49bcf59dbde81f7e6b6cb9deac23a6/outbound.js @@ -0,0 +1,83 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.httpRequest = exports.invokeFunction = exports.startExecution = void 0; +/* istanbul ignore file */ +const https = require("https"); +// eslint-disable-next-line import/no-extraneous-dependencies +const client_lambda_1 = require("@aws-sdk/client-lambda"); +// eslint-disable-next-line import/no-extraneous-dependencies +const client_sfn_1 = require("@aws-sdk/client-sfn"); +// eslint-disable-next-line import/no-extraneous-dependencies +const FRAMEWORK_HANDLER_TIMEOUT = 900000; // 15 minutes +// In order to honor the overall maximum timeout set for the target process, +// the default 2 minutes from AWS SDK has to be overriden: +// https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Config.html#httpOptions-property +const awsSdkConfig = { + httpOptions: { timeout: FRAMEWORK_HANDLER_TIMEOUT }, +}; +async function defaultHttpRequest(options, requestBody) { + return new Promise((resolve, reject) => { + try { + const request = https.request(options, (response) => { + response.resume(); // Consume the response but don't care about it + if (!response.statusCode || response.statusCode >= 400) { + reject(new Error(`Unsuccessful HTTP response: ${response.statusCode}`)); + } + else { + resolve(); + } + }); + request.on('error', reject); + request.write(requestBody); + request.end(); + } + catch (e) { + reject(e); + } + }); +} +let sfn; +let lambda; +async function defaultStartExecution(req) { + if (!sfn) { + sfn = new client_sfn_1.SFN(awsSdkConfig); + } + return sfn.startExecution(req); +} +async function defaultInvokeFunction(req) { + if (!lambda) { + lambda = new client_lambda_1.Lambda(awsSdkConfig); + } + try { + /** + * Try an initial invoke. + * + * When you try to invoke a function that is inactive, the invocation fails and Lambda sets + * the function to pending state until the function resources are recreated. + * If Lambda fails to recreate the resources, the function is set to the inactive state. + * + * We're using invoke first because `waitFor` doesn't trigger an inactive function to do anything, + * it just runs `getFunction` and checks the state. + */ + return await lambda.invoke(req); + } + catch { + /** + * The status of the Lambda function is checked every second for up to 300 seconds. + * Exits the loop on 'Active' state and throws an error on 'Inactive' or 'Failed'. + * + * And now we wait. + */ + await (0, client_lambda_1.waitUntilFunctionActiveV2)({ + client: lambda, + maxWaitTime: 300, + }, { + FunctionName: req.FunctionName, + }); + return lambda.invoke(req); + } +} +exports.startExecution = defaultStartExecution; +exports.invokeFunction = defaultInvokeFunction; +exports.httpRequest = defaultHttpRequest; +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3V0Ym91bmQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJvdXRib3VuZC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwwQkFBMEI7QUFDMUIsK0JBQStCO0FBQy9CLDZEQUE2RDtBQUM3RCwwREFBbUg7QUFDbkgsNkRBQTZEO0FBQzdELG9EQUFxRjtBQUNyRiw2REFBNkQ7QUFFN0QsTUFBTSx5QkFBeUIsR0FBRyxNQUFNLENBQUMsQ0FBQyxhQUFhO0FBRXZELDRFQUE0RTtBQUM1RSwwREFBMEQ7QUFDMUQsMkZBQTJGO0FBQzNGLE1BQU0sWUFBWSxHQUFHO0lBQ25CLFdBQVcsRUFBRSxFQUFFLE9BQU8sRUFBRSx5QkFBeUIsRUFBRTtDQUNwRCxDQUFDO0FBRUYsS0FBSyxVQUFVLGtCQUFrQixDQUFDLE9BQTZCLEVBQUUsV0FBbUI7SUFDbEYsT0FBTyxJQUFJLE9BQU8sQ0FBTyxDQUFDLE9BQU8sRUFBRSxNQUFNLEVBQUUsRUFBRTtRQUMzQyxJQUFJLENBQUM7WUFDSCxNQUFNLE9BQU8sR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDLE9BQU8sRUFBRSxDQUFDLFFBQVEsRUFBRSxFQUFFO2dCQUNsRCxRQUFRLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQywrQ0FBK0M7Z0JBQ2xFLElBQUksQ0FBQyxRQUFRLENBQUMsVUFBVSxJQUFJLFFBQVEsQ0FBQyxVQUFVLElBQUksR0FBRyxFQUFFLENBQUM7b0JBQ3ZELE1BQU0sQ0FBQyxJQUFJLEtBQUssQ0FBQywrQkFBK0IsUUFBUSxDQUFDLFVBQVUsRUFBRSxDQUFDLENBQUMsQ0FBQztnQkFDMUUsQ0FBQztxQkFBTSxDQUFDO29CQUNOLE9BQU8sRUFBRSxDQUFDO2dCQUNaLENBQUM7WUFDSCxDQUFDLENBQUMsQ0FBQztZQUNILE9BQU8sQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLE1BQU0sQ0FBQyxDQUFDO1lBQzVCLE9BQU8sQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLENBQUM7WUFDM0IsT0FBTyxDQUFDLEdBQUcsRUFBRSxDQUFDO1FBQ2hCLENBQUM7UUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQ1gsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ1osQ0FBQztJQUNILENBQUMsQ0FBQyxDQUFDO0FBQ0wsQ0FBQztBQUVELElBQUksR0FBUSxDQUFDO0FBQ2IsSUFBSSxNQUFjLENBQUM7QUFFbkIsS0FBSyxVQUFVLHFCQUFxQixDQUFDLEdBQXdCO0lBQzNELElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztRQUNULEdBQUcsR0FBRyxJQUFJLGdCQUFHLENBQUMsWUFBWSxDQUFDLENBQUM7SUFDOUIsQ0FBQztJQUVELE9BQU8sR0FBRyxDQUFDLGNBQWMsQ0FBQyxHQUFHLENBQUMsQ0FBQztBQUNqQyxDQUFDO0FBRUQsS0FBSyxVQUFVLHFCQUFxQixDQUFDLEdBQXVCO0lBQzFELElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUNaLE1BQU0sR0FBRyxJQUFJLHNCQUFNLENBQUMsWUFBWSxDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVELElBQUksQ0FBQztRQUNIOzs7Ozs7Ozs7V0FTRztRQUNILE9BQU8sTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ2xDLENBQUM7SUFBQyxNQUFNLENBQUM7UUFDUDs7Ozs7V0FLRztRQUNILE1BQU0sSUFBQSx5Q0FBeUIsRUFBQztZQUM5QixNQUFNLEVBQUUsTUFBTTtZQUNkLFdBQVcsRUFBRSxHQUFHO1NBQ2pCLEVBQUU7WUFDRCxZQUFZLEVBQUUsR0FBRyxDQUFDLFlBQVk7U0FDL0IsQ0FBQyxDQUFDO1FBQ0gsT0FBTyxNQUFNLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzVCLENBQUM7QUFDSCxDQUFDO0FBRVUsUUFBQSxjQUFjLEdBQUcscUJBQXFCLENBQUM7QUFDdkMsUUFBQSxjQUFjLEdBQUcscUJBQXFCLENBQUM7QUFDdkMsUUFBQSxXQUFXLEdBQUcsa0JBQWtCLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKiBpc3RhbmJ1bCBpZ25vcmUgZmlsZSAqL1xuaW1wb3J0ICogYXMgaHR0cHMgZnJvbSAnaHR0cHMnO1xuLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIGltcG9ydC9uby1leHRyYW5lb3VzLWRlcGVuZGVuY2llc1xuaW1wb3J0IHsgTGFtYmRhLCB3YWl0VW50aWxGdW5jdGlvbkFjdGl2ZVYyLCBJbnZvY2F0aW9uUmVzcG9uc2UsIEludm9rZUNvbW1hbmRJbnB1dCB9IGZyb20gJ0Bhd3Mtc2RrL2NsaWVudC1sYW1iZGEnO1xuLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIGltcG9ydC9uby1leHRyYW5lb3VzLWRlcGVuZGVuY2llc1xuaW1wb3J0IHsgU0ZOLCBTdGFydEV4ZWN1dGlvbklucHV0LCBTdGFydEV4ZWN1dGlvbk91dHB1dCB9IGZyb20gJ0Bhd3Mtc2RrL2NsaWVudC1zZm4nO1xuLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIGltcG9ydC9uby1leHRyYW5lb3VzLWRlcGVuZGVuY2llc1xuXG5jb25zdCBGUkFNRVdPUktfSEFORExFUl9USU1FT1VUID0gOTAwMDAwOyAvLyAxNSBtaW51dGVzXG5cbi8vIEluIG9yZGVyIHRvIGhvbm9yIHRoZSBvdmVyYWxsIG1heGltdW0gdGltZW91dCBzZXQgZm9yIHRoZSB0YXJnZXQgcHJvY2Vzcyxcbi8vIHRoZSBkZWZhdWx0IDIgbWludXRlcyBmcm9tIEFXUyBTREsgaGFzIHRvIGJlIG92ZXJyaWRlbjpcbi8vIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9BV1NKYXZhU2NyaXB0U0RLL2xhdGVzdC9BV1MvQ29uZmlnLmh0bWwjaHR0cE9wdGlvbnMtcHJvcGVydHlcbmNvbnN0IGF3c1Nka0NvbmZpZyA9IHtcbiAgaHR0cE9wdGlvbnM6IHsgdGltZW91dDogRlJBTUVXT1JLX0hBTkRMRVJfVElNRU9VVCB9LFxufTtcblxuYXN5bmMgZnVuY3Rpb24gZGVmYXVsdEh0dHBSZXF1ZXN0KG9wdGlvbnM6IGh0dHBzLlJlcXVlc3RPcHRpb25zLCByZXF1ZXN0Qm9keTogc3RyaW5nKSB7XG4gIHJldHVybiBuZXcgUHJvbWlzZTx2b2lkPigocmVzb2x2ZSwgcmVqZWN0KSA9PiB7XG4gICAgdHJ5IHtcbiAgICAgIGNvbnN0IHJlcXVlc3QgPSBodHRwcy5yZXF1ZXN0KG9wdGlvbnMsIChyZXNwb25zZSkgPT4ge1xuICAgICAgICByZXNwb25zZS5yZXN1bWUoKTsgLy8gQ29uc3VtZSB0aGUgcmVzcG9uc2UgYnV0IGRvbid0IGNhcmUgYWJvdXQgaXRcbiAgICAgICAgaWYgKCFyZXNwb25zZS5zdGF0dXNDb2RlIHx8IHJlc3BvbnNlLnN0YXR1c0NvZGUgPj0gNDAwKSB7XG4gICAgICAgICAgcmVqZWN0KG5ldyBFcnJvcihgVW5zdWNjZXNzZnVsIEhUVFAgcmVzcG9uc2U6ICR7cmVzcG9uc2Uuc3RhdHVzQ29kZX1gKSk7XG4gICAgICAgIH0gZWxzZSB7XG4gICAgICAgICAgcmVzb2x2ZSgpO1xuICAgICAgICB9XG4gICAgICB9KTtcbiAgICAgIHJlcXVlc3Qub24oJ2Vycm9yJywgcmVqZWN0KTtcbiAgICAgIHJlcXVlc3Qud3JpdGUocmVxdWVzdEJvZHkpO1xuICAgICAgcmVxdWVzdC5lbmQoKTtcbiAgICB9IGNhdGNoIChlKSB7XG4gICAgICByZWplY3QoZSk7XG4gICAgfVxuICB9KTtcbn1cblxubGV0IHNmbjogU0ZOO1xubGV0IGxhbWJkYTogTGFtYmRhO1xuXG5hc3luYyBmdW5jdGlvbiBkZWZhdWx0U3RhcnRFeGVjdXRpb24ocmVxOiBTdGFydEV4ZWN1dGlvbklucHV0KTogUHJvbWlzZTxTdGFydEV4ZWN1dGlvbk91dHB1dD4ge1xuICBpZiAoIXNmbikge1xuICAgIHNmbiA9IG5ldyBTRk4oYXdzU2RrQ29uZmlnKTtcbiAgfVxuXG4gIHJldHVybiBzZm4uc3RhcnRFeGVjdXRpb24ocmVxKTtcbn1cblxuYXN5bmMgZnVuY3Rpb24gZGVmYXVsdEludm9rZUZ1bmN0aW9uKHJlcTogSW52b2tlQ29tbWFuZElucHV0KTogUHJvbWlzZTxJbnZvY2F0aW9uUmVzcG9uc2U+IHtcbiAgaWYgKCFsYW1iZGEpIHtcbiAgICBsYW1iZGEgPSBuZXcgTGFtYmRhKGF3c1Nka0NvbmZpZyk7XG4gIH1cblxuICB0cnkge1xuICAgIC8qKlxuICAgICAqIFRyeSBhbiBpbml0aWFsIGludm9rZS5cbiAgICAgKlxuICAgICAqIFdoZW4geW91IHRyeSB0byBpbnZva2UgYSBmdW5jdGlvbiB0aGF0IGlzIGluYWN0aXZlLCB0aGUgaW52b2NhdGlvbiBmYWlscyBhbmQgTGFtYmRhIHNldHNcbiAgICAgKiB0aGUgZnVuY3Rpb24gdG8gcGVuZGluZyBzdGF0ZSB1bnRpbCB0aGUgZnVuY3Rpb24gcmVzb3VyY2VzIGFyZSByZWNyZWF0ZWQuXG4gICAgICogSWYgTGFtYmRhIGZhaWxzIHRvIHJlY3JlYXRlIHRoZSByZXNvdXJjZXMsIHRoZSBmdW5jdGlvbiBpcyBzZXQgdG8gdGhlIGluYWN0aXZlIHN0YXRlLlxuICAgICAqXG4gICAgICogV2UncmUgdXNpbmcgaW52b2tlIGZpcnN0IGJlY2F1c2UgYHdhaXRGb3JgIGRvZXNuJ3QgdHJpZ2dlciBhbiBpbmFjdGl2ZSBmdW5jdGlvbiB0byBkbyBhbnl0aGluZyxcbiAgICAgKiBpdCBqdXN0IHJ1bnMgYGdldEZ1bmN0aW9uYCBhbmQgY2hlY2tzIHRoZSBzdGF0ZS5cbiAgICAgKi9cbiAgICByZXR1cm4gYXdhaXQgbGFtYmRhLmludm9rZShyZXEpO1xuICB9IGNhdGNoIHtcbiAgICAvKipcbiAgICAgKiBUaGUgc3RhdHVzIG9mIHRoZSBMYW1iZGEgZnVuY3Rpb24gaXMgY2hlY2tlZCBldmVyeSBzZWNvbmQgZm9yIHVwIHRvIDMwMCBzZWNvbmRzLlxuICAgICAqIEV4aXRzIHRoZSBsb29wIG9uICdBY3RpdmUnIHN0YXRlIGFuZCB0aHJvd3MgYW4gZXJyb3Igb24gJ0luYWN0aXZlJyBvciAnRmFpbGVkJy5cbiAgICAgKlxuICAgICAqIEFuZCBub3cgd2Ugd2FpdC5cbiAgICAgKi9cbiAgICBhd2FpdCB3YWl0VW50aWxGdW5jdGlvbkFjdGl2ZVYyKHtcbiAgICAgIGNsaWVudDogbGFtYmRhLFxuICAgICAgbWF4V2FpdFRpbWU6IDMwMCxcbiAgICB9LCB7XG4gICAgICBGdW5jdGlvbk5hbWU6IHJlcS5GdW5jdGlvbk5hbWUsXG4gICAgfSk7XG4gICAgcmV0dXJuIGxhbWJkYS5pbnZva2UocmVxKTtcbiAgfVxufVxuXG5leHBvcnQgbGV0IHN0YXJ0RXhlY3V0aW9uID0gZGVmYXVsdFN0YXJ0RXhlY3V0aW9uO1xuZXhwb3J0IGxldCBpbnZva2VGdW5jdGlvbiA9IGRlZmF1bHRJbnZva2VGdW5jdGlvbjtcbmV4cG9ydCBsZXQgaHR0cFJlcXVlc3QgPSBkZWZhdWx0SHR0cFJlcXVlc3Q7XG4iXX0= \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.39472b1c2875cf306d4ba429aeccdd34cb49bcf59dbde81f7e6b6cb9deac23a6/util.js b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.39472b1c2875cf306d4ba429aeccdd34cb49bcf59dbde81f7e6b6cb9deac23a6/util.js new file mode 100644 index 0000000000000..5d48e914660a6 --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.39472b1c2875cf306d4ba429aeccdd34cb49bcf59dbde81f7e6b6cb9deac23a6/util.js @@ -0,0 +1,53 @@ +"use strict"; +/* eslint-disable no-console */ +Object.defineProperty(exports, "__esModule", { value: true }); +exports.getEnv = getEnv; +exports.log = log; +exports.withRetries = withRetries; +exports.parseJsonPayload = parseJsonPayload; +function getEnv(name) { + const value = process.env[name]; + if (!value) { + throw new Error(`The environment variable "${name}" is not defined`); + } + return value; +} +function log(title, ...args) { + console.log('[provider-framework]', title, ...args.map(x => typeof (x) === 'object' ? JSON.stringify(x, undefined, 2) : x)); +} +function withRetries(options, fn) { + return async (...xs) => { + let attempts = options.attempts; + let ms = options.sleep; + while (true) { + try { + return await fn(...xs); + } + catch (e) { + if (attempts-- <= 0) { + throw e; + } + await sleep(Math.floor(Math.random() * ms)); + ms *= 2; + } + } + }; +} +async function sleep(ms) { + return new Promise((ok) => setTimeout(ok, ms)); +} +function parseJsonPayload(payload) { + // sdk v3 returns payloads in Uint8Array, either it or a string or Buffer + // can be cast into a buffer and then decoded. + const text = new TextDecoder().decode(Buffer.from(payload ?? '')); + if (!text) { + return {}; + } + try { + return JSON.parse(text); + } + catch { + throw new Error(`return values from user-handlers must be JSON objects. got: "${text}"`); + } +} +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXRpbC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbInV0aWwudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLCtCQUErQjs7QUFFL0Isd0JBTUM7QUFFRCxrQkFFQztBQVNELGtDQWdCQztBQU1ELDRDQVVDO0FBbkRELFNBQWdCLE1BQU0sQ0FBQyxJQUFZO0lBQ2pDLE1BQU0sS0FBSyxHQUFHLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDaEMsSUFBSSxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQ1gsTUFBTSxJQUFJLEtBQUssQ0FBQyw2QkFBNkIsSUFBSSxrQkFBa0IsQ0FBQyxDQUFDO0lBQ3ZFLENBQUM7SUFDRCxPQUFPLEtBQUssQ0FBQztBQUNmLENBQUM7QUFFRCxTQUFnQixHQUFHLENBQUMsS0FBVSxFQUFFLEdBQUcsSUFBVztJQUM1QyxPQUFPLENBQUMsR0FBRyxDQUFDLHNCQUFzQixFQUFFLEtBQUssRUFBRSxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxPQUFNLENBQUMsQ0FBQyxDQUFDLEtBQUssUUFBUSxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUMsRUFBRSxTQUFTLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDN0gsQ0FBQztBQVNELFNBQWdCLFdBQVcsQ0FBMEIsT0FBcUIsRUFBRSxFQUE0QjtJQUN0RyxPQUFPLEtBQUssRUFBRSxHQUFHLEVBQUssRUFBRSxFQUFFO1FBQ3hCLElBQUksUUFBUSxHQUFHLE9BQU8sQ0FBQyxRQUFRLENBQUM7UUFDaEMsSUFBSSxFQUFFLEdBQUcsT0FBTyxDQUFDLEtBQUssQ0FBQztRQUN2QixPQUFPLElBQUksRUFBRSxDQUFDO1lBQ1osSUFBSSxDQUFDO2dCQUNILE9BQU8sTUFBTSxFQUFFLENBQUMsR0FBRyxFQUFFLENBQUMsQ0FBQztZQUN6QixDQUFDO1lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztnQkFDWCxJQUFJLFFBQVEsRUFBRSxJQUFJLENBQUMsRUFBRSxDQUFDO29CQUNwQixNQUFNLENBQUMsQ0FBQztnQkFDVixDQUFDO2dCQUNELE1BQU0sS0FBSyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUM7Z0JBQzVDLEVBQUUsSUFBSSxDQUFDLENBQUM7WUFDVixDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUMsQ0FBQztBQUNKLENBQUM7QUFFRCxLQUFLLFVBQVUsS0FBSyxDQUFDLEVBQVU7SUFDN0IsT0FBTyxJQUFJLE9BQU8sQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQUMsVUFBVSxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDO0FBQ2pELENBQUM7QUFFRCxTQUFnQixnQkFBZ0IsQ0FBQyxPQUF3RDtJQUN2Rix5RUFBeUU7SUFDekUsOENBQThDO0lBQzlDLE1BQU0sSUFBSSxHQUFHLElBQUksV0FBVyxFQUFFLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxJQUFJLEVBQUUsQ0FBQyxDQUFDLENBQUM7SUFDbEUsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDO1FBQUMsT0FBTyxFQUFHLENBQUM7SUFBQyxDQUFDO0lBQzFCLElBQUksQ0FBQztRQUNILE9BQU8sSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUMxQixDQUFDO0lBQUMsTUFBTSxDQUFDO1FBQ1AsTUFBTSxJQUFJLEtBQUssQ0FBQyxnRUFBZ0UsSUFBSSxHQUFHLENBQUMsQ0FBQztJQUMzRixDQUFDO0FBQ0gsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbIi8qIGVzbGludC1kaXNhYmxlIG5vLWNvbnNvbGUgKi9cblxuZXhwb3J0IGZ1bmN0aW9uIGdldEVudihuYW1lOiBzdHJpbmcpOiBzdHJpbmcge1xuICBjb25zdCB2YWx1ZSA9IHByb2Nlc3MuZW52W25hbWVdO1xuICBpZiAoIXZhbHVlKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKGBUaGUgZW52aXJvbm1lbnQgdmFyaWFibGUgXCIke25hbWV9XCIgaXMgbm90IGRlZmluZWRgKTtcbiAgfVxuICByZXR1cm4gdmFsdWU7XG59XG5cbmV4cG9ydCBmdW5jdGlvbiBsb2codGl0bGU6IGFueSwgLi4uYXJnczogYW55W10pIHtcbiAgY29uc29sZS5sb2coJ1twcm92aWRlci1mcmFtZXdvcmtdJywgdGl0bGUsIC4uLmFyZ3MubWFwKHggPT4gdHlwZW9mKHgpID09PSAnb2JqZWN0JyA/IEpTT04uc3RyaW5naWZ5KHgsIHVuZGVmaW5lZCwgMikgOiB4KSk7XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgUmV0cnlPcHRpb25zIHtcbiAgLyoqIEhvdyBtYW55IHJldHJpZXMgKHdpbGwgYXQgbGVhc3QgdHJ5IG9uY2UpICovXG4gIHJlYWRvbmx5IGF0dGVtcHRzOiBudW1iZXI7XG4gIC8qKiBTbGVlcCBiYXNlLCBpbiBtcyAqL1xuICByZWFkb25seSBzbGVlcDogbnVtYmVyO1xufVxuXG5leHBvcnQgZnVuY3Rpb24gd2l0aFJldHJpZXM8QSBleHRlbmRzIEFycmF5PGFueT4sIEI+KG9wdGlvbnM6IFJldHJ5T3B0aW9ucywgZm46ICguLi54czogQSkgPT4gUHJvbWlzZTxCPik6ICguLi54czogQSkgPT4gUHJvbWlzZTxCPiB7XG4gIHJldHVybiBhc3luYyAoLi4ueHM6IEEpID0+IHtcbiAgICBsZXQgYXR0ZW1wdHMgPSBvcHRpb25zLmF0dGVtcHRzO1xuICAgIGxldCBtcyA9IG9wdGlvbnMuc2xlZXA7XG4gICAgd2hpbGUgKHRydWUpIHtcbiAgICAgIHRyeSB7XG4gICAgICAgIHJldHVybiBhd2FpdCBmbiguLi54cyk7XG4gICAgICB9IGNhdGNoIChlKSB7XG4gICAgICAgIGlmIChhdHRlbXB0cy0tIDw9IDApIHtcbiAgICAgICAgICB0aHJvdyBlO1xuICAgICAgICB9XG4gICAgICAgIGF3YWl0IHNsZWVwKE1hdGguZmxvb3IoTWF0aC5yYW5kb20oKSAqIG1zKSk7XG4gICAgICAgIG1zICo9IDI7XG4gICAgICB9XG4gICAgfVxuICB9O1xufVxuXG5hc3luYyBmdW5jdGlvbiBzbGVlcChtczogbnVtYmVyKTogUHJvbWlzZTx2b2lkPiB7XG4gIHJldHVybiBuZXcgUHJvbWlzZSgob2spID0+IHNldFRpbWVvdXQob2ssIG1zKSk7XG59XG5cbmV4cG9ydCBmdW5jdGlvbiBwYXJzZUpzb25QYXlsb2FkKHBheWxvYWQ6IHN0cmluZyB8IEJ1ZmZlciB8IFVpbnQ4QXJyYXkgfCB1bmRlZmluZWQgfCBudWxsKTogYW55IHtcbiAgLy8gc2RrIHYzIHJldHVybnMgcGF5bG9hZHMgaW4gVWludDhBcnJheSwgZWl0aGVyIGl0IG9yIGEgc3RyaW5nIG9yIEJ1ZmZlclxuICAvLyBjYW4gYmUgY2FzdCBpbnRvIGEgYnVmZmVyIGFuZCB0aGVuIGRlY29kZWQuXG4gIGNvbnN0IHRleHQgPSBuZXcgVGV4dERlY29kZXIoKS5kZWNvZGUoQnVmZmVyLmZyb20ocGF5bG9hZCA/PyAnJykpO1xuICBpZiAoIXRleHQpIHsgcmV0dXJuIHsgfTsgfVxuICB0cnkge1xuICAgIHJldHVybiBKU09OLnBhcnNlKHRleHQpO1xuICB9IGNhdGNoIHtcbiAgICB0aHJvdyBuZXcgRXJyb3IoYHJldHVybiB2YWx1ZXMgZnJvbSB1c2VyLWhhbmRsZXJzIG11c3QgYmUgSlNPTiBvYmplY3RzLiBnb3Q6IFwiJHt0ZXh0fVwiYCk7XG4gIH1cbn1cbiJdfQ== \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.7633376387df35dc59230d4039be5a7b77bfbcb6d38fa9a2c6e53ed61ab00cf0/apply/__init__.py b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.7633376387df35dc59230d4039be5a7b77bfbcb6d38fa9a2c6e53ed61ab00cf0/apply/__init__.py new file mode 100644 index 0000000000000..a62a9a0ceb913 --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.7633376387df35dc59230d4039be5a7b77bfbcb6d38fa9a2c6e53ed61ab00cf0/apply/__init__.py @@ -0,0 +1,93 @@ +import json +import logging +import os +import subprocess + +logger = logging.getLogger() +logger.setLevel(logging.INFO) + +# these are coming from the kubectl layer +os.environ['PATH'] = '/opt/kubectl:/opt/awscli:' + os.environ['PATH'] + +outdir = os.environ.get('TEST_OUTDIR', '/tmp') +kubeconfig = os.path.join(outdir, 'kubeconfig') + + +def apply_handler(event, context): + logger.info(json.dumps(dict(event, ResponseURL='...'))) + + request_type = event['RequestType'] + props = event['ResourceProperties'] + + # resource properties (all required) + cluster_name = props['ClusterName'] + manifest_text = props['Manifest'] + prune_label = props.get('PruneLabel', None) + overwrite = props.get('Overwrite', 'false').lower() == 'true' + skip_validation = props.get('SkipValidation', 'false').lower() == 'true' + + # "log in" to the cluster + cmd = [ 'aws', 'eks', 'update-kubeconfig', + '--name', cluster_name, + '--kubeconfig', kubeconfig + ] + logger.info(f'Running command: {cmd}') + subprocess.check_call(cmd) + + if os.path.isfile(kubeconfig): + os.chmod(kubeconfig, 0o600) + + # write resource manifests in sequence: { r1 }{ r2 }{ r3 } (this is how + # a stream of JSON objects can be included in a k8s manifest). + manifest_list = json.loads(manifest_text) + manifest_file = os.path.join(outdir, 'manifest.yaml') + with open(manifest_file, "w") as f: + f.writelines(map(lambda obj: json.dumps(obj), manifest_list)) + + logger.info("manifest written to: %s" % manifest_file) + + kubectl_opts = [] + if skip_validation: + kubectl_opts.extend(['--validate=false']) + + if request_type == 'Create': + # if "overwrite" is enabled, then we use "apply" for CREATE operations + # which technically means we can determine the desired state of an + # existing resource. + if overwrite: + kubectl('apply', manifest_file, *kubectl_opts) + else: + # --save-config will allow us to use "apply" later + kubectl_opts.extend(['--save-config']) + kubectl('create', manifest_file, *kubectl_opts) + elif request_type == 'Update': + if prune_label is not None: + kubectl_opts.extend(['--prune', '-l', prune_label]) + + kubectl('apply', manifest_file, *kubectl_opts) + elif request_type == "Delete": + try: + kubectl('delete', manifest_file) + except Exception as e: + logger.info("delete error: %s" % e) + + +def kubectl(verb, file, *opts): + maxAttempts = 3 + retry = maxAttempts + while retry > 0: + try: + cmd = ['kubectl', verb, '--kubeconfig', kubeconfig, '-f', file] + list(opts) + logger.info(f'Running command: {cmd}') + output = subprocess.check_output(cmd, stderr=subprocess.STDOUT) + except subprocess.CalledProcessError as exc: + output = exc.output + if b'i/o timeout' in output and retry > 0: + retry = retry - 1 + logger.info("kubectl timed out, retries left: %s" % retry) + else: + raise Exception(output) + else: + logger.info(output) + return + raise Exception(f'Operation failed after {maxAttempts} attempts: {output}') diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.7633376387df35dc59230d4039be5a7b77bfbcb6d38fa9a2c6e53ed61ab00cf0/get/__init__.py b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.7633376387df35dc59230d4039be5a7b77bfbcb6d38fa9a2c6e53ed61ab00cf0/get/__init__.py new file mode 100644 index 0000000000000..2bf22d45f0415 --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.7633376387df35dc59230d4039be5a7b77bfbcb6d38fa9a2c6e53ed61ab00cf0/get/__init__.py @@ -0,0 +1,86 @@ +import json +import logging +import os +import subprocess +import time + +logger = logging.getLogger() +logger.setLevel(logging.INFO) + +# these are coming from the kubectl layer +os.environ['PATH'] = '/opt/kubectl:/opt/awscli:' + os.environ['PATH'] + +outdir = os.environ.get('TEST_OUTDIR', '/tmp') +kubeconfig = os.path.join(outdir, 'kubeconfig') + + +def get_handler(event, context): + logger.info(json.dumps(dict(event, ResponseURL='...'))) + + request_type = event['RequestType'] + props = event['ResourceProperties'] + + # resource properties (all required) + cluster_name = props['ClusterName'] + + # "log in" to the cluster + subprocess.check_call([ 'aws', 'eks', 'update-kubeconfig', + '--name', cluster_name, + '--kubeconfig', kubeconfig + ]) + + if os.path.isfile(kubeconfig): + os.chmod(kubeconfig, 0o600) + + object_type = props['ObjectType'] + object_name = props['ObjectName'] + object_namespace = props['ObjectNamespace'] + json_path = props['JsonPath'] + timeout_seconds = props['TimeoutSeconds'] + + # json path should be surrouded with '{}' + path = '{{{0}}}'.format(json_path) + if request_type == 'Create' or request_type == 'Update': + output = wait_for_output(['get', '-n', object_namespace, object_type, object_name, "-o=jsonpath='{{{0}}}'".format(json_path)], int(timeout_seconds)) + return {'Data': {'Value': output}} + elif request_type == 'Delete': + pass + else: + raise Exception("invalid request type %s" % request_type) + +def wait_for_output(args, timeout_seconds): + + end_time = time.time() + timeout_seconds + error = None + + while time.time() < end_time: + try: + # the output is surrounded with '', so we unquote + output = kubectl(args).decode('utf-8')[1:-1] + if output: + return output + except Exception as e: + error = str(e) + # also a recoverable error + if 'NotFound' in error: + pass + time.sleep(10) + + raise RuntimeError(f'Timeout waiting for output from kubectl command: {args} (last_error={error})') + +def kubectl(args): + retry = 3 + while retry > 0: + try: + cmd = [ 'kubectl', '--kubeconfig', kubeconfig ] + args + output = subprocess.check_output(cmd, stderr=subprocess.PIPE) + except subprocess.CalledProcessError as exc: + output = exc.output + exc.stderr + if b'i/o timeout' in output and retry > 0: + logger.info("kubectl timed out, retries left: %s" % retry) + retry = retry - 1 + else: + raise Exception(output) + else: + logger.info(output) + return output diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.7633376387df35dc59230d4039be5a7b77bfbcb6d38fa9a2c6e53ed61ab00cf0/helm/__init__.py b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.7633376387df35dc59230d4039be5a7b77bfbcb6d38fa9a2c6e53ed61ab00cf0/helm/__init__.py new file mode 100644 index 0000000000000..790d6d386bddb --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.7633376387df35dc59230d4039be5a7b77bfbcb6d38fa9a2c6e53ed61ab00cf0/helm/__init__.py @@ -0,0 +1,201 @@ +import json +import logging +import os +import re +import subprocess +import shutil +import tempfile +import zipfile +import boto3 + +logger = logging.getLogger() +logger.setLevel(logging.INFO) + +# these are coming from the kubectl layer +os.environ['PATH'] = '/opt/helm:/opt/awscli:' + os.environ['PATH'] + +outdir = os.environ.get('TEST_OUTDIR', '/tmp') +kubeconfig = os.path.join(outdir, 'kubeconfig') + +def get_chart_asset_from_url(chart_asset_url): + chart_zip = os.path.join(outdir, 'chart.zip') + shutil.rmtree(chart_zip, ignore_errors=True) + subprocess.check_call(['aws', 's3', 'cp', chart_asset_url, chart_zip]) + chart_dir = os.path.join(outdir, 'chart') + shutil.rmtree(chart_dir, ignore_errors=True) + os.mkdir(chart_dir) + with zipfile.ZipFile(chart_zip, 'r') as zip_ref: + zip_ref.extractall(chart_dir) + return chart_dir + +def is_ecr_public_available(region): + s = boto3.Session() + return s.get_partition_for_region(region) == 'aws' + +def helm_handler(event, context): + logger.info(json.dumps(dict(event, ResponseURL='...'))) + + request_type = event['RequestType'] + props = event['ResourceProperties'] + + # resource properties + cluster_name = props['ClusterName'] + release = props['Release'] + chart = props.get('Chart', None) + chart_asset_url = props.get('ChartAssetURL', None) + version = props.get('Version', None) + wait = props.get('Wait', False) + atomic = props.get('Atomic', False) + timeout = props.get('Timeout', None) + namespace = props.get('Namespace', None) + create_namespace = props.get('CreateNamespace', None) + repository = props.get('Repository', None) + values_text = props.get('Values', None) + skip_crds = props.get('SkipCrds', False) + + # "log in" to the cluster + subprocess.check_call([ 'aws', 'eks', 'update-kubeconfig', + '--name', cluster_name, + '--kubeconfig', kubeconfig + ]) + + if os.path.isfile(kubeconfig): + os.chmod(kubeconfig, 0o600) + + # Write out the values to a file and include them with the install and upgrade + values_file = None + if not request_type == "Delete" and not values_text is None: + values = json.loads(values_text) + values_file = os.path.join(outdir, 'values.yaml') + with open(values_file, "w") as f: + f.write(json.dumps(values, indent=2)) + + if request_type == 'Create' or request_type == 'Update': + # Ensure chart or chart_asset_url are set + if chart == None and chart_asset_url == None: + raise RuntimeError(f'chart or chartAsset must be specified') + + if chart_asset_url != None: + assert(chart==None) + assert(repository==None) + assert(version==None) + if not chart_asset_url.startswith('s3://'): + raise RuntimeError(f'ChartAssetURL must point to as s3 location but is {chart_asset_url}') + # future work: support versions from s3 assets + chart = get_chart_asset_from_url(chart_asset_url) + + if repository is not None and repository.startswith('oci://'): + tmpdir = tempfile.TemporaryDirectory() + chart_dir = get_chart_from_oci(tmpdir.name, repository, version) + chart = chart_dir + + helm('upgrade', release, chart, repository, values_file, namespace, version, wait, timeout, create_namespace, atomic=atomic) + elif request_type == "Delete": + try: + helm('uninstall', release, namespace=namespace, wait=wait, timeout=timeout) + except Exception as e: + logger.info("delete error: %s" % e) + + +def get_oci_cmd(repository, version): + # Generates OCI command based on pattern. Public ECR vs Private ECR are treated differently. + private_ecr_pattern = 'oci://(?P\d+\.dkr\.ecr\.(?P[a-z0-9\-]+)\.(?P[a-z0-9\.-]+))*' + public_ecr_pattern = 'oci://(?Ppublic\.ecr\.aws)*' + + private_registry = re.match(private_ecr_pattern, repository).groupdict() + public_registry = re.match(public_ecr_pattern, repository).groupdict() + + if private_registry['registry'] is not None: + logger.info("Found AWS private repository") + cmnd = [ + f"aws ecr get-login-password --region {private_registry['region']} | " \ + f"helm registry login --username AWS --password-stdin {private_registry['registry']}; helm pull {repository} --version {version} --untar" + ] + elif public_registry['registry'] is not None: + logger.info("Found AWS public repository, will use default region as deployment") + region = os.environ.get('AWS_REGION', 'us-east-1') + + if is_ecr_public_available(region): + cmnd = [ + f"aws ecr-public get-login-password --region us-east-1 | " \ + f"helm registry login --username AWS --password-stdin {public_registry['registry']}; helm pull {repository} --version {version} --untar" + ] + else: + # `aws ecr-public get-login-password` and `helm registry login` not required as ecr public is not available in current region + # see https://helm.sh/docs/helm/helm_registry_login/ + cmnd = [f"helm pull {repository} --version {version} --untar"] + else: + logger.error("OCI repository format not recognized, falling back to helm pull") + cmnd = [f"helm pull {repository} --version {version} --untar"] + + return cmnd + + +def get_chart_from_oci(tmpdir, repository = None, version = None): + + cmnd = get_oci_cmd(repository, version) + + maxAttempts = 3 + retry = maxAttempts + while retry > 0: + try: + logger.info(cmnd) + output = subprocess.check_output(cmnd, stderr=subprocess.STDOUT, cwd=tmpdir, shell=True) + logger.info(output) + + # effectively returns "$tmpDir/$lastPartOfOCIUrl", because this is how helm pull saves OCI artifact. + # Eg. if we have oci://9999999999.dkr.ecr.us-east-1.amazonaws.com/foo/bar/pet-service repository, helm saves artifact under $tmpDir/pet-service + return os.path.join(tmpdir, repository.rpartition('/')[-1]) + except subprocess.CalledProcessError as exc: + output = exc.output + if b'Broken pipe' in output: + retry = retry - 1 + logger.info("Broken pipe, retries left: %s" % retry) + else: + raise Exception(output) + raise Exception(f'Operation failed after {maxAttempts} attempts: {output}') + + +def helm(verb, release, chart = None, repo = None, file = None, namespace = None, version = None, wait = False, timeout = None, create_namespace = None, skip_crds = False, atomic = False): + import subprocess + + cmnd = ['helm', verb, release] + if not chart is None: + cmnd.append(chart) + if verb == 'upgrade': + cmnd.append('--install') + if create_namespace: + cmnd.append('--create-namespace') + if not repo is None: + cmnd.extend(['--repo', repo]) + if not file is None: + cmnd.extend(['--values', file]) + if not version is None: + cmnd.extend(['--version', version]) + if not namespace is None: + cmnd.extend(['--namespace', namespace]) + if wait: + cmnd.append('--wait') + if skip_crds: + cmnd.append('--skip-crds') + if not timeout is None: + cmnd.extend(['--timeout', timeout]) + if atomic: + cmnd.append('--atomic') + cmnd.extend(['--kubeconfig', kubeconfig]) + + maxAttempts = 3 + retry = maxAttempts + while retry > 0: + try: + output = subprocess.check_output(cmnd, stderr=subprocess.STDOUT, cwd=outdir) + logger.info(output) + return + except subprocess.CalledProcessError as exc: + output = exc.output + if b'Broken pipe' in output: + retry = retry - 1 + logger.info("Broken pipe, retries left: %s" % retry) + else: + raise Exception(output) + raise Exception(f'Operation failed after {maxAttempts} attempts: {output}') diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.7633376387df35dc59230d4039be5a7b77bfbcb6d38fa9a2c6e53ed61ab00cf0/index.py b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.7633376387df35dc59230d4039be5a7b77bfbcb6d38fa9a2c6e53ed61ab00cf0/index.py new file mode 100644 index 0000000000000..188ef37d8e1c1 --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.7633376387df35dc59230d4039be5a7b77bfbcb6d38fa9a2c6e53ed61ab00cf0/index.py @@ -0,0 +1,26 @@ +import json +import logging + +from apply import apply_handler +from helm import helm_handler +from patch import patch_handler +from get import get_handler + +def handler(event, context): + print(json.dumps(dict(event, ResponseURL='...'))) + + resource_type = event['ResourceType'] + if resource_type == 'Custom::AWSCDK-EKS-KubernetesResource': + return apply_handler(event, context) + + if resource_type == 'Custom::AWSCDK-EKS-HelmChart': + return helm_handler(event, context) + + if resource_type == 'Custom::AWSCDK-EKS-KubernetesPatch': + return patch_handler(event, context) + + if resource_type == 'Custom::AWSCDK-EKS-KubernetesObjectValue': + return get_handler(event, context) + + raise Exception("unknown resource type %s" % resource_type) + \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.7633376387df35dc59230d4039be5a7b77bfbcb6d38fa9a2c6e53ed61ab00cf0/patch/__init__.py b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.7633376387df35dc59230d4039be5a7b77bfbcb6d38fa9a2c6e53ed61ab00cf0/patch/__init__.py new file mode 100644 index 0000000000000..a8ba4a13cbd06 --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.7633376387df35dc59230d4039be5a7b77bfbcb6d38fa9a2c6e53ed61ab00cf0/patch/__init__.py @@ -0,0 +1,68 @@ +import json +import logging +import os +import subprocess + +logger = logging.getLogger() +logger.setLevel(logging.INFO) + +# these are coming from the kubectl layer +os.environ['PATH'] = '/opt/kubectl:/opt/awscli:' + os.environ['PATH'] + +outdir = os.environ.get('TEST_OUTDIR', '/tmp') +kubeconfig = os.path.join(outdir, 'kubeconfig') + + +def patch_handler(event, context): + logger.info(json.dumps(dict(event, ResponseURL='...'))) + + request_type = event['RequestType'] + props = event['ResourceProperties'] + + # resource properties (all required) + cluster_name = props['ClusterName'] + + # "log in" to the cluster + subprocess.check_call([ 'aws', 'eks', 'update-kubeconfig', + '--name', cluster_name, + '--kubeconfig', kubeconfig + ]) + + if os.path.isfile(kubeconfig): + os.chmod(kubeconfig, 0o600) + + resource_name = props['ResourceName'] + resource_namespace = props['ResourceNamespace'] + apply_patch_json = props['ApplyPatchJson'] + restore_patch_json = props['RestorePatchJson'] + patch_type = props['PatchType'] + + patch_json = None + if request_type == 'Create' or request_type == 'Update': + patch_json = apply_patch_json + elif request_type == 'Delete': + patch_json = restore_patch_json + else: + raise Exception("invalid request type %s" % request_type) + + kubectl([ 'patch', resource_name, '-n', resource_namespace, '-p', patch_json, '--type', patch_type ]) + + +def kubectl(args): + maxAttempts = 3 + retry = maxAttempts + while retry > 0: + try: + cmd = [ 'kubectl', '--kubeconfig', kubeconfig ] + args + output = subprocess.check_output(cmd, stderr=subprocess.STDOUT) + except subprocess.CalledProcessError as exc: + output = exc.output + if b'i/o timeout' in output and retry > 0: + retry = retry - 1 + logger.info("kubectl timed out, retries left: %s" % retry) + else: + raise Exception(output) + else: + logger.info(output) + return + raise Exception(f'Operation failed after {maxAttempts} attempts: {output}') \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c/__entrypoint__.js b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c/__entrypoint__.js new file mode 100644 index 0000000000000..ff3a517fba12d --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c/__entrypoint__.js @@ -0,0 +1,155 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.external = void 0; +exports.handler = handler; +exports.withRetries = withRetries; +const https = require("https"); +const url = require("url"); +// for unit tests +exports.external = { + sendHttpRequest: defaultSendHttpRequest, + log: defaultLog, + includeStackTraces: true, + userHandlerIndex: './index', +}; +const CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; +const MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; +async function handler(event, context) { + const sanitizedEvent = { ...event, ResponseURL: '...' }; + exports.external.log(JSON.stringify(sanitizedEvent, undefined, 2)); + // ignore DELETE event when the physical resource ID is the marker that + // indicates that this DELETE is a subsequent DELETE to a failed CREATE + // operation. + if (event.RequestType === 'Delete' && event.PhysicalResourceId === CREATE_FAILED_PHYSICAL_ID_MARKER) { + exports.external.log('ignoring DELETE event caused by a failed CREATE event'); + await submitResponse('SUCCESS', event); + return; + } + try { + // invoke the user handler. this is intentionally inside the try-catch to + // ensure that if there is an error it's reported as a failure to + // cloudformation (otherwise cfn waits). + // eslint-disable-next-line @typescript-eslint/no-require-imports + const userHandler = require(exports.external.userHandlerIndex).handler; + const result = await userHandler(sanitizedEvent, context); + // validate user response and create the combined event + const responseEvent = renderResponse(event, result); + // submit to cfn as success + await submitResponse('SUCCESS', responseEvent); + } + catch (e) { + const resp = { + ...event, + Reason: exports.external.includeStackTraces ? e.stack : e.message, + }; + if (!resp.PhysicalResourceId) { + // special case: if CREATE fails, which usually implies, we usually don't + // have a physical resource id. in this case, the subsequent DELETE + // operation does not have any meaning, and will likely fail as well. to + // address this, we use a marker so the provider framework can simply + // ignore the subsequent DELETE. + if (event.RequestType === 'Create') { + exports.external.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); + resp.PhysicalResourceId = CREATE_FAILED_PHYSICAL_ID_MARKER; + } + else { + // otherwise, if PhysicalResourceId is not specified, something is + // terribly wrong because all other events should have an ID. + exports.external.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(event)}`); + } + } + // this is an actual error, fail the activity altogether and exist. + await submitResponse('FAILED', resp); + } +} +function renderResponse(cfnRequest, handlerResponse = {}) { + // if physical ID is not returned, we have some defaults for you based + // on the request type. + const physicalResourceId = handlerResponse.PhysicalResourceId ?? cfnRequest.PhysicalResourceId ?? cfnRequest.RequestId; + // if we are in DELETE and physical ID was changed, it's an error. + if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { + throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${handlerResponse.PhysicalResourceId}" during deletion`); + } + // merge request event and result event (result prevails). + return { + ...cfnRequest, + ...handlerResponse, + PhysicalResourceId: physicalResourceId, + }; +} +async function submitResponse(status, event) { + const json = { + Status: status, + Reason: event.Reason ?? status, + StackId: event.StackId, + RequestId: event.RequestId, + PhysicalResourceId: event.PhysicalResourceId || MISSING_PHYSICAL_ID_MARKER, + LogicalResourceId: event.LogicalResourceId, + NoEcho: event.NoEcho, + Data: event.Data, + }; + const parsedUrl = url.parse(event.ResponseURL); + const loggingSafeUrl = `${parsedUrl.protocol}//${parsedUrl.hostname}/${parsedUrl.pathname}?***`; + exports.external.log('submit response to cloudformation', loggingSafeUrl, json); + const responseBody = JSON.stringify(json); + const req = { + hostname: parsedUrl.hostname, + path: parsedUrl.path, + method: 'PUT', + headers: { + 'content-type': '', + 'content-length': Buffer.byteLength(responseBody, 'utf8'), + }, + }; + const retryOptions = { + attempts: 5, + sleep: 1000, + }; + await withRetries(retryOptions, exports.external.sendHttpRequest)(req, responseBody); +} +async function defaultSendHttpRequest(options, requestBody) { + return new Promise((resolve, reject) => { + try { + const request = https.request(options, (response) => { + response.resume(); // Consume the response but don't care about it + if (!response.statusCode || response.statusCode >= 400) { + reject(new Error(`Unsuccessful HTTP response: ${response.statusCode}`)); + } + else { + resolve(); + } + }); + request.on('error', reject); + request.write(requestBody); + request.end(); + } + catch (e) { + reject(e); + } + }); +} +function defaultLog(fmt, ...params) { + // eslint-disable-next-line no-console + console.log(fmt, ...params); +} +function withRetries(options, fn) { + return async (...xs) => { + let attempts = options.attempts; + let ms = options.sleep; + while (true) { + try { + return await fn(...xs); + } + catch (e) { + if (attempts-- <= 0) { + throw e; + } + await sleep(Math.floor(Math.random() * ms)); + ms *= 2; + } + } + }; +} +async function sleep(ms) { + return new Promise((ok) => setTimeout(ok, ms)); +} diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c/index.js b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c/index.js new file mode 100644 index 0000000000000..013bcaffd8fe5 --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c/index.js @@ -0,0 +1 @@ +"use strict";var I=Object.create;var t=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var P=Object.getOwnPropertyNames;var g=Object.getPrototypeOf,l=Object.prototype.hasOwnProperty;var G=(r,e)=>{for(var o in e)t(r,o,{get:e[o],enumerable:!0})},n=(r,e,o,i)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of P(e))!l.call(r,s)&&s!==o&&t(r,s,{get:()=>e[s],enumerable:!(i=y(e,s))||i.enumerable});return r};var R=(r,e,o)=>(o=r!=null?I(g(r)):{},n(e||!r||!r.__esModule?t(o,"default",{value:r,enumerable:!0}):o,r)),S=r=>n(t({},"__esModule",{value:!0}),r);var k={};G(k,{handler:()=>f});module.exports=S(k);var a=R(require("@aws-sdk/client-ec2")),u=new a.EC2({});function c(r,e){return{GroupId:r,IpPermissions:[{UserIdGroupPairs:[{GroupId:r,UserId:e}],IpProtocol:"-1"}]}}function d(r){return{GroupId:r,IpPermissions:[{IpRanges:[{CidrIp:"0.0.0.0/0"}],IpProtocol:"-1"}]}}async function f(r){let e=r.ResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.Account;switch(r.RequestType){case"Create":return p(e,o);case"Update":return h(r);case"Delete":return m(e,o)}}async function h(r){let e=r.OldResourceProperties.DefaultSecurityGroupId,o=r.ResourceProperties.DefaultSecurityGroupId;e!==o&&(await m(e,r.ResourceProperties.Account),await p(o,r.ResourceProperties.Account))}async function p(r,e){try{await u.revokeSecurityGroupEgress(d(r))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}try{await u.revokeSecurityGroupIngress(c(r,e))}catch(o){if(o.name!=="InvalidPermission.NotFound")throw o}}async function m(r,e){await u.authorizeSecurityGroupIngress(c(r,e)),await u.authorizeSecurityGroupEgress(d(r))}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip new file mode 100644 index 0000000000000..d28ed8e86969d Binary files /dev/null and b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/asset.e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip differ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/awscdkeksclusterintegDefaultTestDeployAssertB6AAB3A3.assets.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/awscdkeksclusterintegDefaultTestDeployAssertB6AAB3A3.assets.json new file mode 100644 index 0000000000000..74bbf82d1a290 --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/awscdkeksclusterintegDefaultTestDeployAssertB6AAB3A3.assets.json @@ -0,0 +1,19 @@ +{ + "version": "39.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "awscdkeksclusterintegDefaultTestDeployAssertB6AAB3A3.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/awscdkeksclusterintegDefaultTestDeployAssertB6AAB3A3.template.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/awscdkeksclusterintegDefaultTestDeployAssertB6AAB3A3.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/awscdkeksclusterintegDefaultTestDeployAssertB6AAB3A3.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/cdk.out b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/cdk.out new file mode 100644 index 0000000000000..91e1a8b9901d5 --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"39.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/eks-auto-mode-stack.assets.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/eks-auto-mode-stack.assets.json new file mode 100644 index 0000000000000..72ce1650d895e --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/eks-auto-mode-stack.assets.json @@ -0,0 +1,90 @@ +{ + "version": "39.0.0", + "files": { + "a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c": { + "source": { + "path": "asset.a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c", + "packaging": "zip" + }, + "destinations": { + "current_account-us-east-1": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1", + "objectKey": "a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c.zip", + "region": "us-east-1", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-east-1" + } + } + }, + "25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc": { + "source": { + "path": "asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip", + "packaging": "file" + }, + "destinations": { + "current_account-us-east-1": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1", + "objectKey": "25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip", + "region": "us-east-1", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-east-1" + } + } + }, + "7633376387df35dc59230d4039be5a7b77bfbcb6d38fa9a2c6e53ed61ab00cf0": { + "source": { + "path": "asset.7633376387df35dc59230d4039be5a7b77bfbcb6d38fa9a2c6e53ed61ab00cf0", + "packaging": "zip" + }, + "destinations": { + "current_account-us-east-1": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1", + "objectKey": "7633376387df35dc59230d4039be5a7b77bfbcb6d38fa9a2c6e53ed61ab00cf0.zip", + "region": "us-east-1", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-east-1" + } + } + }, + "e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8": { + "source": { + "path": "asset.e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip", + "packaging": "file" + }, + "destinations": { + "current_account-us-east-1": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1", + "objectKey": "e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip", + "region": "us-east-1", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-east-1" + } + } + }, + "39472b1c2875cf306d4ba429aeccdd34cb49bcf59dbde81f7e6b6cb9deac23a6": { + "source": { + "path": "asset.39472b1c2875cf306d4ba429aeccdd34cb49bcf59dbde81f7e6b6cb9deac23a6", + "packaging": "zip" + }, + "destinations": { + "current_account-us-east-1": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1", + "objectKey": "39472b1c2875cf306d4ba429aeccdd34cb49bcf59dbde81f7e6b6cb9deac23a6.zip", + "region": "us-east-1", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-east-1" + } + } + }, + "2b3141b758a960629455deaa95af4b9d6ffdc38ba62e15b70a46bd3c621b8898": { + "source": { + "path": "eks-auto-mode-stack.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-us-east-1": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1", + "objectKey": "2b3141b758a960629455deaa95af4b9d6ffdc38ba62e15b70a46bd3c621b8898.json", + "region": "us-east-1", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-east-1" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/eks-auto-mode-stack.template.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/eks-auto-mode-stack.template.json new file mode 100644 index 0000000000000..1fae2ac8857c2 --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/eks-auto-mode-stack.template.json @@ -0,0 +1,1312 @@ +{ + "Resources": { + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "eks-auto-mode-stack/Vpc" + } + ] + } + }, + "VpcPublicSubnet1Subnet5C2D37C4": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "eks-auto-mode-stack/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTable6C95E38E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "eks-auto-mode-stack/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTableAssociation97140677": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "VpcPublicSubnet1DefaultRoute3DA9E72A": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet1EIPD7E02669": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "eks-auto-mode-stack/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1NATGateway4D7517AA": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet1EIPD7E02669", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "eks-auto-mode-stack/Vpc/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet1RouteTableAssociation97140677" + ] + }, + "VpcPublicSubnet2Subnet691E08A3": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "eks-auto-mode-stack/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTable94F7E489": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "eks-auto-mode-stack/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTableAssociationDD5762D8": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "VpcPublicSubnet2DefaultRoute97F91067": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPrivateSubnet1Subnet536B997A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "eks-auto-mode-stack/Vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet1RouteTableB2C5B500": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "eks-auto-mode-stack/Vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet1RouteTableAssociation70C59FA6": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + } + }, + "VpcPrivateSubnet1DefaultRouteBE02A9ED": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + } + } + }, + "VpcPrivateSubnet2Subnet3788AAA1": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "eks-auto-mode-stack/Vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet2RouteTableA678073B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "eks-auto-mode-stack/Vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet2RouteTableAssociationA89CAD56": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + } + }, + "VpcPrivateSubnet2DefaultRoute060D2087": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + } + } + }, + "VpcIGWD7BA715C": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "eks-auto-mode-stack/Vpc" + } + ] + } + }, + "VpcVPCGWBF912B6E": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE": { + "Type": "Custom::VpcRestrictDefaultSG", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E", + "Arn" + ] + }, + "DefaultSecurityGroupId": { + "Fn::GetAtt": [ + "Vpc8378EB38", + "DefaultSecurityGroup" + ] + }, + "Account": { + "Ref": "AWS::AccountId" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RevokeSecurityGroupEgress" + ], + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:aws:ec2:us-east-1:", + { + "Ref": "AWS::AccountId" + }, + ":security-group/", + { + "Fn::GetAtt": [ + "Vpc8378EB38", + "DefaultSecurityGroup" + ] + } + ] + ] + } + ] + } + ] + } + } + ] + } + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1" + }, + "S3Key": "a1acfc2b5f4f6b183fd2bb9863f486bc5edef6a357b355a070d9a0e502df418c.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0", + "Arn" + ] + }, + "Runtime": "nodejs20.x", + "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group" + }, + "DependsOn": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + ] + }, + "Role1ABCC5F0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:aws:iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "kubectl290BBFC9": { + "Type": "AWS::Lambda::LayerVersion", + "Properties": { + "Content": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1" + }, + "S3Key": "25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip" + }, + "Description": "/opt/kubectl/kubectl 1.32.0; /opt/helm/helm 3.17.0", + "LicenseInfo": "Apache-2.0" + } + }, + "helloeksRole59C1FE10": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole", + "sts:TagSession" + ], + "Effect": "Allow", + "Principal": { + "Service": "eks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSClusterPolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSComputePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSBlockStoragePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSLoadBalancingPolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSNetworkingPolicy" + ] + ] + } + ] + } + }, + "helloeksControlPlaneSecurityGroup4C2AFE28": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "EKS Control Plane Security Group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "helloekshelloeksnodePoolRole81D93FFB": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSWorkerNodePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + } + ] + } + }, + "helloeksBE273F5A": { + "Type": "AWS::EKS::Cluster", + "Properties": { + "AccessConfig": { + "AuthenticationMode": "API" + }, + "ComputeConfig": { + "Enabled": true, + "NodePools": [ + "system", + "general-purpose" + ], + "NodeRoleArn": { + "Fn::GetAtt": [ + "helloekshelloeksnodePoolRole81D93FFB", + "Arn" + ] + } + }, + "KubernetesNetworkConfig": { + "ElasticLoadBalancing": { + "Enabled": true + }, + "IpFamily": "ipv4" + }, + "ResourcesVpcConfig": { + "EndpointPrivateAccess": true, + "EndpointPublicAccess": true, + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "helloeksControlPlaneSecurityGroup4C2AFE28", + "GroupId" + ] + } + ], + "SubnetIds": [ + { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ] + }, + "RoleArn": { + "Fn::GetAtt": [ + "helloeksRole59C1FE10", + "Arn" + ] + }, + "StorageConfig": { + "BlockStorage": { + "Enabled": true + } + }, + "Version": "1.32" + }, + "DependsOn": [ + "VpcIGWD7BA715C", + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableB2C5B500", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet1Subnet536B997A", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableA678073B", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56", + "VpcPrivateSubnet2Subnet3788AAA1", + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet1EIPD7E02669", + "VpcPublicSubnet1NATGateway4D7517AA", + "VpcPublicSubnet1RouteTable6C95E38E", + "VpcPublicSubnet1RouteTableAssociation97140677", + "VpcPublicSubnet1Subnet5C2D37C4", + "VpcPublicSubnet2DefaultRoute97F91067", + "VpcPublicSubnet2RouteTable94F7E489", + "VpcPublicSubnet2RouteTableAssociationDD5762D8", + "VpcPublicSubnet2Subnet691E08A3", + "Vpc8378EB38", + "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE", + "VpcVPCGWBF912B6E" + ] + }, + "helloeksKubectlReadyBarrierBFD90FAB": { + "Type": "AWS::SSM::Parameter", + "Properties": { + "Type": "String", + "Value": "aws:cdk:eks:kubectl-ready" + }, + "DependsOn": [ + "helloeksBE273F5A" + ] + }, + "helloeksKubectlProviderHandlerServiceRoleFDA38030": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + }, + { + "Fn::If": [ + "helloeksKubectlProviderHandlerHasEcrPublic7C030C34", + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonElasticContainerRegistryPublicReadOnly" + ] + ] + }, + { + "Ref": "AWS::NoValue" + } + ] + } + ] + }, + "DependsOn": [ + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + ] + }, + "helloeksKubectlProviderHandlerServiceRoleDefaultPolicy05FAA1B4": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "eks:DescribeCluster", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "helloeksBE273F5A", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "helloeksKubectlProviderHandlerServiceRoleDefaultPolicy05FAA1B4", + "Roles": [ + { + "Ref": "helloeksKubectlProviderHandlerServiceRoleFDA38030" + } + ] + }, + "DependsOn": [ + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + ] + }, + "helloeksKubectlProviderHandler788A3C17": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1" + }, + "S3Key": "7633376387df35dc59230d4039be5a7b77bfbcb6d38fa9a2c6e53ed61ab00cf0.zip" + }, + "Description": "onEvent handler for EKS kubectl resource provider", + "Environment": { + "Variables": { + "AWS_STS_REGIONAL_ENDPOINTS": "regional" + } + }, + "Handler": "index.handler", + "Layers": [ + { + "Ref": "helloeksKubectlProviderAwsCliLayer2A4F5F3D" + }, + { + "Ref": "kubectl290BBFC9" + } + ], + "MemorySize": 1024, + "Role": { + "Fn::GetAtt": [ + "helloeksKubectlProviderHandlerServiceRoleFDA38030", + "Arn" + ] + }, + "Runtime": "python3.11", + "Timeout": 900, + "VpcConfig": { + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "helloeksBE273F5A", + "ClusterSecurityGroupId" + ] + } + ], + "SubnetIds": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ] + } + }, + "DependsOn": [ + "helloeksKubectlProviderHandlerServiceRoleDefaultPolicy05FAA1B4", + "helloeksKubectlProviderHandlerServiceRoleFDA38030", + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + ] + }, + "helloeksKubectlProviderAwsCliLayer2A4F5F3D": { + "Type": "AWS::Lambda::LayerVersion", + "Properties": { + "Content": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1" + }, + "S3Key": "e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip" + }, + "Description": "/opt/awscli/aws" + } + }, + "helloeksKubectlProviderframeworkonEventServiceRole68309EF1": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ] + ] + } + ] + }, + "DependsOn": [ + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + ] + }, + "helloeksKubectlProviderframeworkonEventServiceRoleDefaultPolicy62B3F050": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "helloeksKubectlProviderHandler788A3C17", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "helloeksKubectlProviderHandler788A3C17", + "Arn" + ] + }, + ":*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "helloeksKubectlProviderframeworkonEventServiceRoleDefaultPolicy62B3F050", + "Roles": [ + { + "Ref": "helloeksKubectlProviderframeworkonEventServiceRole68309EF1" + } + ] + }, + "DependsOn": [ + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + ] + }, + "helloeksKubectlProviderframeworkonEvent1E7B4950": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1" + }, + "S3Key": "39472b1c2875cf306d4ba429aeccdd34cb49bcf59dbde81f7e6b6cb9deac23a6.zip" + }, + "Description": "AWS CDK resource provider framework - onEvent (eks-auto-mode-stack/hello-eks/KubectlProvider/Provider)", + "Environment": { + "Variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "helloeksKubectlProviderHandler788A3C17", + "Arn" + ] + } + } + }, + "Handler": "framework.onEvent", + "Role": { + "Fn::GetAtt": [ + "helloeksKubectlProviderframeworkonEventServiceRole68309EF1", + "Arn" + ] + }, + "Runtime": "nodejs20.x", + "Timeout": 900, + "VpcConfig": { + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "helloeksBE273F5A", + "ClusterSecurityGroupId" + ] + } + ], + "SubnetIds": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ] + } + }, + "DependsOn": [ + "helloeksKubectlProviderframeworkonEventServiceRoleDefaultPolicy62B3F050", + "helloeksKubectlProviderframeworkonEventServiceRole68309EF1", + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + ] + }, + "helloeksKubectlProviderframeworkonEventinlinePolicyAddedToExecutionRole0883D9EBE": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:GetFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "helloeksKubectlProviderHandler788A3C17", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "helloeksKubectlProviderframeworkonEventinlinePolicyAddedToExecutionRole0883D9EBE", + "Roles": [ + { + "Ref": "helloeksKubectlProviderframeworkonEventServiceRole68309EF1" + } + ] + }, + "DependsOn": [ + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + ] + }, + "helloeksClusterAdminRoleAccess3B9D74AE": { + "Type": "AWS::EKS::AccessEntry", + "Properties": { + "AccessPolicies": [ + { + "AccessScope": { + "Type": "cluster" + }, + "PolicyArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy" + ] + ] + } + } + ], + "ClusterName": { + "Ref": "helloeksBE273F5A" + }, + "PrincipalArn": { + "Fn::GetAtt": [ + "helloeksKubectlProviderHandlerServiceRoleFDA38030", + "Arn" + ] + } + } + }, + "helloeksmastersRoleAccessF848B5EF": { + "Type": "AWS::EKS::AccessEntry", + "Properties": { + "AccessPolicies": [ + { + "AccessScope": { + "Type": "cluster" + }, + "PolicyArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy" + ] + ] + } + } + ], + "ClusterName": { + "Ref": "helloeksBE273F5A" + }, + "PrincipalArn": { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + } + } + } + }, + "Conditions": { + "helloeksKubectlProviderHandlerHasEcrPublic7C030C34": { + "Fn::Equals": [ + { + "Ref": "AWS::Partition" + }, + "aws" + ] + } + }, + "Outputs": { + "helloeksConfigCommand9213DBDB": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks update-kubeconfig --name ", + { + "Ref": "helloeksBE273F5A" + }, + " --region us-east-1 --role-arn ", + { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + } + ] + ] + } + }, + "helloeksGetTokenCommandB7A8C164": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks get-token --cluster-name ", + { + "Ref": "helloeksBE273F5A" + }, + " --region us-east-1 --role-arn ", + { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + } + ] + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/integ.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/integ.json new file mode 100644 index 0000000000000..70b8d8fcddd4a --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "39.0.0", + "testCases": { + "aws-cdk-eks-cluster-integ/DefaultTest": { + "stacks": [ + "eks-auto-mode-stack" + ], + "assertionStack": "aws-cdk-eks-cluster-integ/DefaultTest/DeployAssert", + "assertionStackName": "awscdkeksclusterintegDefaultTestDeployAssertB6AAB3A3" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/manifest.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/manifest.json new file mode 100644 index 0000000000000..0d21e3cc6bbf2 --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/manifest.json @@ -0,0 +1,991 @@ +{ + "version": "39.0.0", + "artifacts": { + "eks-auto-mode-stack.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "eks-auto-mode-stack.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "eks-auto-mode-stack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/us-east-1", + "properties": { + "templateFile": "eks-auto-mode-stack.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-us-east-1", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-us-east-1", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1/2b3141b758a960629455deaa95af4b9d6ffdc38ba62e15b70a46bd3c621b8898.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "eks-auto-mode-stack.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-us-east-1", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "eks-auto-mode-stack.assets" + ], + "metadata": { + "/eks-auto-mode-stack/Vpc": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "natGateways": "*" + } + } + ], + "/eks-auto-mode-stack/Vpc/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpc8378EB38" + } + ], + "/eks-auto-mode-stack/Vpc/PublicSubnet1": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": true, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + } + }, + { + "type": "aws:cdk:analytics:construct", + "data": { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": true, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + } + }, + { + "type": "aws:cdk:analytics:method", + "data": {} + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addNatGateway": [ + "*" + ] + } + } + ], + "/eks-auto-mode-stack/Vpc/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1Subnet5C2D37C4" + } + ], + "/eks-auto-mode-stack/Vpc/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTable6C95E38E" + } + ], + "/eks-auto-mode-stack/Vpc/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTableAssociation97140677" + } + ], + "/eks-auto-mode-stack/Vpc/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1DefaultRoute3DA9E72A" + } + ], + "/eks-auto-mode-stack/Vpc/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1EIPD7E02669" + } + ], + "/eks-auto-mode-stack/Vpc/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1NATGateway4D7517AA" + } + ], + "/eks-auto-mode-stack/Vpc/PublicSubnet2": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": true, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + } + }, + { + "type": "aws:cdk:analytics:construct", + "data": { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": true, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + } + }, + { + "type": "aws:cdk:analytics:method", + "data": {} + } + ], + "/eks-auto-mode-stack/Vpc/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2Subnet691E08A3" + } + ], + "/eks-auto-mode-stack/Vpc/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTable94F7E489" + } + ], + "/eks-auto-mode-stack/Vpc/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTableAssociationDD5762D8" + } + ], + "/eks-auto-mode-stack/Vpc/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2DefaultRoute97F91067" + } + ], + "/eks-auto-mode-stack/Vpc/PrivateSubnet1": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": false, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + } + }, + { + "type": "aws:cdk:analytics:construct", + "data": { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": false, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + } + }, + { + "type": "aws:cdk:analytics:method", + "data": {} + } + ], + "/eks-auto-mode-stack/Vpc/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1Subnet536B997A" + } + ], + "/eks-auto-mode-stack/Vpc/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1RouteTableB2C5B500" + } + ], + "/eks-auto-mode-stack/Vpc/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1RouteTableAssociation70C59FA6" + } + ], + "/eks-auto-mode-stack/Vpc/PrivateSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1DefaultRouteBE02A9ED" + } + ], + "/eks-auto-mode-stack/Vpc/PrivateSubnet2": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": false, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + } + }, + { + "type": "aws:cdk:analytics:construct", + "data": { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": false, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + } + }, + { + "type": "aws:cdk:analytics:method", + "data": {} + } + ], + "/eks-auto-mode-stack/Vpc/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2Subnet3788AAA1" + } + ], + "/eks-auto-mode-stack/Vpc/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2RouteTableA678073B" + } + ], + "/eks-auto-mode-stack/Vpc/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + } + ], + "/eks-auto-mode-stack/Vpc/PrivateSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2DefaultRoute060D2087" + } + ], + "/eks-auto-mode-stack/Vpc/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIGWD7BA715C" + } + ], + "/eks-auto-mode-stack/Vpc/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcVPCGWBF912B6E" + } + ], + "/eks-auto-mode-stack/Vpc/RestrictDefaultSecurityGroupCustomResource": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/eks-auto-mode-stack/Vpc/RestrictDefaultSecurityGroupCustomResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE" + } + ], + "/eks-auto-mode-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider": [ + { + "type": "aws:cdk:is-custom-resource-handler-customResourceProvider", + "data": true + } + ], + "/eks-auto-mode-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + } + ], + "/eks-auto-mode-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E" + } + ], + "/eks-auto-mode-stack/Role": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + } + } + } + ], + "/eks-auto-mode-stack/Role/ImportRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/eks-auto-mode-stack/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Role1ABCC5F0" + } + ], + "/eks-auto-mode-stack/kubectl": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/eks-auto-mode-stack/kubectl/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "kubectl290BBFC9" + } + ], + "/eks-auto-mode-stack/hello-eks": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + }, + { + "type": "aws:cdk:analytics:method", + "data": "*" + }, + { + "type": "aws:cdk:analytics:method", + "data": "*" + } + ], + "/eks-auto-mode-stack/hello-eks/Role": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + }, + "managedPolicies": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + } + ], + "/eks-auto-mode-stack/hello-eks/Role/ImportRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/eks-auto-mode-stack/hello-eks/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "helloeksRole59C1FE10" + } + ], + "/eks-auto-mode-stack/hello-eks/ControlPlaneSecurityGroup": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "vpc": "*", + "description": "*" + } + } + ], + "/eks-auto-mode-stack/hello-eks/ControlPlaneSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "helloeksControlPlaneSecurityGroup4C2AFE28" + } + ], + "/eks-auto-mode-stack/hello-eks/hello-eksnodePoolRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + }, + "managedPolicies": [ + { + "managedPolicyArn": "*" + }, + { + "managedPolicyArn": "*" + } + ] + } + } + ], + "/eks-auto-mode-stack/hello-eks/hello-eksnodePoolRole/Importhello-eksnodePoolRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/eks-auto-mode-stack/hello-eks/hello-eksnodePoolRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "helloekshelloeksnodePoolRole81D93FFB" + } + ], + "/eks-auto-mode-stack/hello-eks/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "helloeksBE273F5A" + } + ], + "/eks-auto-mode-stack/hello-eks/KubectlReadyBarrier": [ + { + "type": "aws:cdk:logicalId", + "data": "helloeksKubectlReadyBarrierBFD90FAB" + } + ], + "/eks-auto-mode-stack/hello-eks/KubectlProvider/Handler": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "timeout": "*", + "description": "*", + "memorySize": "*", + "environment": "*", + "role": "*", + "code": "*", + "handler": "*", + "runtime": "*", + "vpc": "*", + "securityGroups": [ + "*" + ], + "vpcSubnets": { + "subnets": [ + "*", + "*" + ] + } + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addEnvironment": [ + "*", + "*" + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addLayers": [ + "*" + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addLayers": [ + "*" + ] + } + } + ], + "/eks-auto-mode-stack/hello-eks/KubectlProvider/Handler/ServiceRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + }, + "managedPolicies": [ + { + "managedPolicyArn": "*" + }, + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addToPrincipalPolicy": [ + {} + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "attachInlinePolicy": [ + "*" + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "attachInlinePolicy": [ + "*" + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + "*" + ] + } + } + ], + "/eks-auto-mode-stack/hello-eks/KubectlProvider/Handler/ServiceRole/ImportServiceRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/eks-auto-mode-stack/hello-eks/KubectlProvider/Handler/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "helloeksKubectlProviderHandlerServiceRoleFDA38030" + } + ], + "/eks-auto-mode-stack/hello-eks/KubectlProvider/Handler/ServiceRole/DefaultPolicy": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "attachToRole": [ + "*" + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "attachToRole": [ + "*" + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addStatements": [ + {} + ] + } + } + ], + "/eks-auto-mode-stack/hello-eks/KubectlProvider/Handler/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "helloeksKubectlProviderHandlerServiceRoleDefaultPolicy05FAA1B4" + } + ], + "/eks-auto-mode-stack/hello-eks/KubectlProvider/Handler/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "helloeksKubectlProviderHandler788A3C17" + } + ], + "/eks-auto-mode-stack/hello-eks/KubectlProvider/Handler/HasEcrPublic": [ + { + "type": "aws:cdk:logicalId", + "data": "helloeksKubectlProviderHandlerHasEcrPublic7C030C34" + } + ], + "/eks-auto-mode-stack/hello-eks/KubectlProvider/AwsCliLayer": [ + { + "type": "aws:cdk:analytics:construct", + "data": {} + } + ], + "/eks-auto-mode-stack/hello-eks/KubectlProvider/AwsCliLayer/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "helloeksKubectlProviderAwsCliLayer2A4F5F3D" + } + ], + "/eks-auto-mode-stack/hello-eks/KubectlProvider/Provider/framework-onEvent": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "code": "*", + "description": "*", + "runtime": "*", + "handler": "*", + "timeout": "*", + "logGroup": "*", + "vpc": "*", + "vpcSubnets": { + "subnets": [ + "*", + "*" + ] + }, + "securityGroups": [ + "*" + ], + "role": "*", + "functionName": "*", + "environmentEncryption": "*" + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addEnvironment": [ + "*", + "*" + ] + } + } + ], + "/eks-auto-mode-stack/hello-eks/KubectlProvider/Provider/framework-onEvent/ServiceRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + }, + "managedPolicies": [ + { + "managedPolicyArn": "*" + }, + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addToPrincipalPolicy": [ + {} + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "attachInlinePolicy": [ + "*" + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "attachInlinePolicy": [ + "*" + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "attachInlinePolicy": [ + "*" + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "attachInlinePolicy": [ + "*" + ] + } + } + ], + "/eks-auto-mode-stack/hello-eks/KubectlProvider/Provider/framework-onEvent/ServiceRole/ImportServiceRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/eks-auto-mode-stack/hello-eks/KubectlProvider/Provider/framework-onEvent/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "helloeksKubectlProviderframeworkonEventServiceRole68309EF1" + } + ], + "/eks-auto-mode-stack/hello-eks/KubectlProvider/Provider/framework-onEvent/ServiceRole/DefaultPolicy": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "attachToRole": [ + "*" + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "attachToRole": [ + "*" + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addStatements": [ + {} + ] + } + } + ], + "/eks-auto-mode-stack/hello-eks/KubectlProvider/Provider/framework-onEvent/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "helloeksKubectlProviderframeworkonEventServiceRoleDefaultPolicy62B3F050" + } + ], + "/eks-auto-mode-stack/hello-eks/KubectlProvider/Provider/framework-onEvent/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "helloeksKubectlProviderframeworkonEvent1E7B4950" + } + ], + "/eks-auto-mode-stack/hello-eks/KubectlProvider/Provider/framework-onEvent/inlinePolicyAddedToExecutionRole-0": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "statements": "*" + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addStatements": [ + {} + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "attachToRole": [ + "*" + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "attachToRole": [ + "*" + ] + } + } + ], + "/eks-auto-mode-stack/hello-eks/KubectlProvider/Provider/framework-onEvent/inlinePolicyAddedToExecutionRole-0/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "helloeksKubectlProviderframeworkonEventinlinePolicyAddedToExecutionRole0883D9EBE" + } + ], + "/eks-auto-mode-stack/hello-eks/ClusterAdminRoleAccess": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/eks-auto-mode-stack/hello-eks/ClusterAdminRoleAccess/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "helloeksClusterAdminRoleAccess3B9D74AE" + } + ], + "/eks-auto-mode-stack/hello-eks/mastersRoleAccess": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/eks-auto-mode-stack/hello-eks/mastersRoleAccess/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "helloeksmastersRoleAccessF848B5EF" + } + ], + "/eks-auto-mode-stack/hello-eks/ConfigCommand": [ + { + "type": "aws:cdk:logicalId", + "data": "helloeksConfigCommand9213DBDB" + } + ], + "/eks-auto-mode-stack/hello-eks/GetTokenCommand": [ + { + "type": "aws:cdk:logicalId", + "data": "helloeksGetTokenCommandB7A8C164" + } + ], + "/eks-auto-mode-stack/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/eks-auto-mode-stack/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "eks-auto-mode-stack" + }, + "awscdkeksclusterintegDefaultTestDeployAssertB6AAB3A3.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "awscdkeksclusterintegDefaultTestDeployAssertB6AAB3A3.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "awscdkeksclusterintegDefaultTestDeployAssertB6AAB3A3": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "awscdkeksclusterintegDefaultTestDeployAssertB6AAB3A3.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "awscdkeksclusterintegDefaultTestDeployAssertB6AAB3A3.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "awscdkeksclusterintegDefaultTestDeployAssertB6AAB3A3.assets" + ], + "metadata": { + "/aws-cdk-eks-cluster-integ/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-eks-cluster-integ/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-eks-cluster-integ/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/tree.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/tree.json new file mode 100644 index 0000000000000..b09a09ddfee08 --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.js.snapshot/tree.json @@ -0,0 +1,2359 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "eks-auto-mode-stack": { + "id": "eks-auto-mode-stack", + "path": "eks-auto-mode-stack", + "children": { + "Vpc": { + "id": "Vpc", + "path": "eks-auto-mode-stack/Vpc", + "children": { + "Resource": { + "id": "Resource", + "path": "eks-auto-mode-stack/Vpc/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "eks-auto-mode-stack/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "eks-auto-mode-stack/Vpc/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "eks-auto-mode-stack/Vpc/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "kubernetes.io/role/elb", + "value": "1" + }, + { + "key": "Name", + "value": "eks-auto-mode-stack/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "eks-auto-mode-stack/Vpc/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0", + "metadata": [] + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "eks-auto-mode-stack/Vpc/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "kubernetes.io/role/elb", + "value": "1" + }, + { + "key": "Name", + "value": "eks-auto-mode-stack/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "eks-auto-mode-stack/Vpc/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "eks-auto-mode-stack/Vpc/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "eks-auto-mode-stack/Vpc/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "kubernetes.io/role/elb", + "value": "1" + }, + { + "key": "Name", + "value": "eks-auto-mode-stack/Vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "eks-auto-mode-stack/Vpc/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet1EIPD7E02669", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "tags": [ + { + "key": "kubernetes.io/role/elb", + "value": "1" + }, + { + "key": "Name", + "value": "eks-auto-mode-stack/Vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0", + "metadata": [ + { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": true, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + }, + { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": true, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + }, + {}, + { + "addNatGateway": [ + "*" + ] + } + ] + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "eks-auto-mode-stack/Vpc/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "eks-auto-mode-stack/Vpc/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "kubernetes.io/role/elb", + "value": "1" + }, + { + "key": "Name", + "value": "eks-auto-mode-stack/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "eks-auto-mode-stack/Vpc/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0", + "metadata": [] + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "eks-auto-mode-stack/Vpc/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "kubernetes.io/role/elb", + "value": "1" + }, + { + "key": "Name", + "value": "eks-auto-mode-stack/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "eks-auto-mode-stack/Vpc/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "subnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "eks-auto-mode-stack/Vpc/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "0.0.0", + "metadata": [ + { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": true, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + }, + { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": true, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + }, + {} + ] + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "eks-auto-mode-stack/Vpc/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "eks-auto-mode-stack/Vpc/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "kubernetes.io/role/internal-elb", + "value": "1" + }, + { + "key": "Name", + "value": "eks-auto-mode-stack/Vpc/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "eks-auto-mode-stack/Vpc/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0", + "metadata": [] + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "eks-auto-mode-stack/Vpc/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "kubernetes.io/role/internal-elb", + "value": "1" + }, + { + "key": "Name", + "value": "eks-auto-mode-stack/Vpc/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "eks-auto-mode-stack/Vpc/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "subnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "eks-auto-mode-stack/Vpc/PrivateSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "routeTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0", + "metadata": [ + { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": false, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + }, + { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": false, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + }, + {} + ] + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "eks-auto-mode-stack/Vpc/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "eks-auto-mode-stack/Vpc/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "kubernetes.io/role/internal-elb", + "value": "1" + }, + { + "key": "Name", + "value": "eks-auto-mode-stack/Vpc/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "eks-auto-mode-stack/Vpc/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0", + "metadata": [] + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "eks-auto-mode-stack/Vpc/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "kubernetes.io/role/internal-elb", + "value": "1" + }, + { + "key": "Name", + "value": "eks-auto-mode-stack/Vpc/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "eks-auto-mode-stack/Vpc/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "subnetId": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "eks-auto-mode-stack/Vpc/PrivateSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "routeTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "0.0.0", + "metadata": [ + { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": false, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + }, + { + "availabilityZone": "*", + "vpcId": "*", + "cidrBlock": "*", + "mapPublicIpOnLaunch": false, + "ipv6CidrBlock": "*", + "assignIpv6AddressOnCreation": "*" + }, + {} + ] + } + }, + "IGW": { + "id": "IGW", + "path": "eks-auto-mode-stack/Vpc/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "eks-auto-mode-stack/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "eks-auto-mode-stack/Vpc/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + }, + "RestrictDefaultSecurityGroupCustomResource": { + "id": "RestrictDefaultSecurityGroupCustomResource", + "path": "eks-auto-mode-stack/Vpc/RestrictDefaultSecurityGroupCustomResource", + "children": { + "Default": { + "id": "Default", + "path": "eks-auto-mode-stack/Vpc/RestrictDefaultSecurityGroupCustomResource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0", + "metadata": [ + "*" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "0.0.0", + "metadata": [ + { + "natGateways": "*" + } + ] + } + }, + "Custom::VpcRestrictDefaultSGCustomResourceProvider": { + "id": "Custom::VpcRestrictDefaultSGCustomResourceProvider", + "path": "eks-auto-mode-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "eks-auto-mode-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "eks-auto-mode-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "eks-auto-mode-stack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResourceProviderBase", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "eks-auto-mode-stack/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "eks-auto-mode-stack/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0", + "metadata": [ + "*" + ] + } + }, + "Resource": { + "id": "Resource", + "path": "eks-auto-mode-stack/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:aws:iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0", + "metadata": [ + { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + } + } + ] + } + }, + "kubectl": { + "id": "kubectl", + "path": "eks-auto-mode-stack/kubectl", + "children": { + "Code": { + "id": "Code", + "path": "eks-auto-mode-stack/kubectl/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "eks-auto-mode-stack/kubectl/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "eks-auto-mode-stack/kubectl/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0", + "metadata": [] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "eks-auto-mode-stack/kubectl/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::LayerVersion", + "aws:cdk:cloudformation:props": { + "content": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1" + }, + "s3Key": "25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip" + }, + "description": "/opt/kubectl/kubectl 1.32.0; /opt/helm/helm 3.17.0", + "licenseInfo": "Apache-2.0" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnLayerVersion", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/lambda-layer-kubectl-v32.KubectlV32Layer", + "version": "2.0.2", + "metadata": [ + "*" + ] + } + }, + "hello-eks": { + "id": "hello-eks", + "path": "eks-auto-mode-stack/hello-eks", + "children": { + "Role": { + "id": "Role", + "path": "eks-auto-mode-stack/hello-eks/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "eks-auto-mode-stack/hello-eks/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0", + "metadata": [ + "*" + ] + } + }, + "Resource": { + "id": "Resource", + "path": "eks-auto-mode-stack/hello-eks/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole", + "sts:TagSession" + ], + "Effect": "Allow", + "Principal": { + "Service": "eks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSClusterPolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSComputePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSBlockStoragePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSLoadBalancingPolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSNetworkingPolicy" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0", + "metadata": [ + { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + }, + "managedPolicies": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + ] + } + }, + "ControlPlaneSecurityGroup": { + "id": "ControlPlaneSecurityGroup", + "path": "eks-auto-mode-stack/hello-eks/ControlPlaneSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "eks-auto-mode-stack/hello-eks/ControlPlaneSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "EKS Control Plane Security Group", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "0.0.0", + "metadata": [ + { + "vpc": "*", + "description": "*" + } + ] + } + }, + "hello-eksnodePoolRole": { + "id": "hello-eksnodePoolRole", + "path": "eks-auto-mode-stack/hello-eks/hello-eksnodePoolRole", + "children": { + "Importhello-eksnodePoolRole": { + "id": "Importhello-eksnodePoolRole", + "path": "eks-auto-mode-stack/hello-eks/hello-eksnodePoolRole/Importhello-eksnodePoolRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0", + "metadata": [ + "*" + ] + } + }, + "Resource": { + "id": "Resource", + "path": "eks-auto-mode-stack/hello-eks/hello-eksnodePoolRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSWorkerNodePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0", + "metadata": [ + { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + }, + "managedPolicies": [ + { + "managedPolicyArn": "*" + }, + { + "managedPolicyArn": "*" + } + ] + } + ] + } + }, + "Resource": { + "id": "Resource", + "path": "eks-auto-mode-stack/hello-eks/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EKS::Cluster", + "aws:cdk:cloudformation:props": { + "accessConfig": { + "authenticationMode": "API" + }, + "computeConfig": { + "enabled": true, + "nodePools": [ + "system", + "general-purpose" + ], + "nodeRoleArn": { + "Fn::GetAtt": [ + "helloekshelloeksnodePoolRole81D93FFB", + "Arn" + ] + } + }, + "kubernetesNetworkConfig": { + "ipFamily": "ipv4", + "elasticLoadBalancing": { + "enabled": true + } + }, + "resourcesVpcConfig": { + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "helloeksControlPlaneSecurityGroup4C2AFE28", + "GroupId" + ] + } + ], + "subnetIds": [ + { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ], + "endpointPrivateAccess": true, + "endpointPublicAccess": true + }, + "roleArn": { + "Fn::GetAtt": [ + "helloeksRole59C1FE10", + "Arn" + ] + }, + "storageConfig": { + "blockStorage": { + "enabled": true + } + }, + "version": "1.32" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_eks.CfnCluster", + "version": "0.0.0" + } + }, + "KubectlReadyBarrier": { + "id": "KubectlReadyBarrier", + "path": "eks-auto-mode-stack/hello-eks/KubectlReadyBarrier", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "ClusterSecurityGroup": { + "id": "ClusterSecurityGroup", + "path": "eks-auto-mode-stack/hello-eks/ClusterSecurityGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0", + "metadata": [] + } + }, + "KubectlProvider": { + "id": "KubectlProvider", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider", + "children": { + "Handler": { + "id": "Handler", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Handler", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Handler/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Handler/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0", + "metadata": [ + "*" + ] + } + }, + "Resource": { + "id": "Resource", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Handler/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + }, + { + "Fn::If": [ + "helloeksKubectlProviderHandlerHasEcrPublic7C030C34", + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonElasticContainerRegistryPublicReadOnly" + ] + ] + }, + { + "Ref": "AWS::NoValue" + } + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Handler/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Handler/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "eks:DescribeCluster", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "helloeksBE273F5A", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "helloeksKubectlProviderHandlerServiceRoleDefaultPolicy05FAA1B4", + "roles": [ + { + "Ref": "helloeksKubectlProviderHandlerServiceRoleFDA38030" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0", + "metadata": [ + "*", + { + "attachToRole": [ + "*" + ] + }, + { + "attachToRole": [ + "*" + ] + }, + { + "addStatements": [ + {} + ] + } + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0", + "metadata": [ + { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + }, + "managedPolicies": [ + { + "managedPolicyArn": "*" + }, + { + "managedPolicyArn": "*" + } + ] + }, + { + "addToPrincipalPolicy": [ + {} + ] + }, + { + "attachInlinePolicy": [ + "*" + ] + }, + { + "attachInlinePolicy": [ + "*" + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + "*" + ] + } + ] + } + }, + "Code": { + "id": "Code", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Handler/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Handler/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Handler/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0", + "metadata": [] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Handler/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1" + }, + "s3Key": "7633376387df35dc59230d4039be5a7b77bfbcb6d38fa9a2c6e53ed61ab00cf0.zip" + }, + "description": "onEvent handler for EKS kubectl resource provider", + "environment": { + "variables": { + "AWS_STS_REGIONAL_ENDPOINTS": "regional" + } + }, + "handler": "index.handler", + "layers": [ + { + "Ref": "helloeksKubectlProviderAwsCliLayer2A4F5F3D" + }, + { + "Ref": "kubectl290BBFC9" + } + ], + "memorySize": 1024, + "role": { + "Fn::GetAtt": [ + "helloeksKubectlProviderHandlerServiceRoleFDA38030", + "Arn" + ] + }, + "runtime": "python3.11", + "timeout": 900, + "vpcConfig": { + "subnetIds": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ], + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "helloeksBE273F5A", + "ClusterSecurityGroupId" + ] + } + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" + } + }, + "HasEcrPublic": { + "id": "HasEcrPublic", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Handler/HasEcrPublic", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnCondition", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0", + "metadata": [ + { + "timeout": "*", + "description": "*", + "memorySize": "*", + "environment": "*", + "role": "*", + "code": "*", + "handler": "*", + "runtime": "*", + "vpc": "*", + "securityGroups": [ + "*" + ], + "vpcSubnets": { + "subnets": [ + "*", + "*" + ] + } + }, + { + "addEnvironment": [ + "*", + "*" + ] + }, + { + "addLayers": [ + "*" + ] + }, + { + "addLayers": [ + "*" + ] + } + ] + } + }, + "AwsCliLayer": { + "id": "AwsCliLayer", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/AwsCliLayer", + "children": { + "Code": { + "id": "Code", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/AwsCliLayer/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/AwsCliLayer/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/AwsCliLayer/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0", + "metadata": [] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/AwsCliLayer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::LayerVersion", + "aws:cdk:cloudformation:props": { + "content": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1" + }, + "s3Key": "e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip" + }, + "description": "/opt/awscli/aws" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnLayerVersion", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.lambda_layer_awscli.AwsCliLayer", + "version": "0.0.0", + "metadata": [ + {} + ] + } + }, + "ConditionalPolicyArn": { + "id": "ConditionalPolicyArn", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/ConditionalPolicyArn", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0", + "metadata": [] + } + }, + "conditionalPolicy": { + "id": "conditionalPolicy", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/conditionalPolicy", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0", + "metadata": [] + } + }, + "Provider": { + "id": "Provider", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Provider", + "children": { + "framework-onEvent": { + "id": "framework-onEvent", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Provider/framework-onEvent", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Provider/framework-onEvent/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Provider/framework-onEvent/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0", + "metadata": [ + "*" + ] + } + }, + "Resource": { + "id": "Resource", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Provider/framework-onEvent/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Provider/framework-onEvent/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Provider/framework-onEvent/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "helloeksKubectlProviderHandler788A3C17", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "helloeksKubectlProviderHandler788A3C17", + "Arn" + ] + }, + ":*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "helloeksKubectlProviderframeworkonEventServiceRoleDefaultPolicy62B3F050", + "roles": [ + { + "Ref": "helloeksKubectlProviderframeworkonEventServiceRole68309EF1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0", + "metadata": [ + "*", + { + "attachToRole": [ + "*" + ] + }, + { + "attachToRole": [ + "*" + ] + }, + { + "addStatements": [ + {} + ] + } + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0", + "metadata": [ + { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + }, + "managedPolicies": [ + { + "managedPolicyArn": "*" + }, + { + "managedPolicyArn": "*" + } + ] + }, + { + "addToPrincipalPolicy": [ + {} + ] + }, + { + "attachInlinePolicy": [ + "*" + ] + }, + { + "attachInlinePolicy": [ + "*" + ] + }, + { + "attachInlinePolicy": [ + "*" + ] + }, + { + "attachInlinePolicy": [ + "*" + ] + } + ] + } + }, + "Code": { + "id": "Code", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Provider/framework-onEvent/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Provider/framework-onEvent/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Provider/framework-onEvent/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "0.0.0", + "metadata": [] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Provider/framework-onEvent/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1" + }, + "s3Key": "39472b1c2875cf306d4ba429aeccdd34cb49bcf59dbde81f7e6b6cb9deac23a6.zip" + }, + "description": "AWS CDK resource provider framework - onEvent (eks-auto-mode-stack/hello-eks/KubectlProvider/Provider)", + "environment": { + "variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "helloeksKubectlProviderHandler788A3C17", + "Arn" + ] + } + } + }, + "handler": "framework.onEvent", + "role": { + "Fn::GetAtt": [ + "helloeksKubectlProviderframeworkonEventServiceRole68309EF1", + "Arn" + ] + }, + "runtime": "nodejs20.x", + "timeout": 900, + "vpcConfig": { + "subnetIds": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ], + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "helloeksBE273F5A", + "ClusterSecurityGroupId" + ] + } + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "0.0.0" + } + }, + "inlinePolicyAddedToExecutionRole-0": { + "id": "inlinePolicyAddedToExecutionRole-0", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Provider/framework-onEvent/inlinePolicyAddedToExecutionRole-0", + "children": { + "Resource": { + "id": "Resource", + "path": "eks-auto-mode-stack/hello-eks/KubectlProvider/Provider/framework-onEvent/inlinePolicyAddedToExecutionRole-0/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "lambda:GetFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "helloeksKubectlProviderHandler788A3C17", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "helloeksKubectlProviderframeworkonEventinlinePolicyAddedToExecutionRole0883D9EBE", + "roles": [ + { + "Ref": "helloeksKubectlProviderframeworkonEventServiceRole68309EF1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0", + "metadata": [ + { + "statements": "*" + }, + { + "addStatements": [ + {} + ] + }, + { + "attachToRole": [ + "*" + ] + }, + { + "attachToRole": [ + "*" + ] + } + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "0.0.0", + "metadata": [ + { + "code": "*", + "description": "*", + "runtime": "*", + "handler": "*", + "timeout": "*", + "logGroup": "*", + "vpc": "*", + "vpcSubnets": { + "subnets": [ + "*", + "*" + ] + }, + "securityGroups": [ + "*" + ], + "role": "*", + "functionName": "*", + "environmentEncryption": "*" + }, + { + "addEnvironment": [ + "*", + "*" + ] + } + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.custom_resources.Provider", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-eks-v2-alpha.KubectlProvider", + "version": "0.0.0" + } + }, + "ClusterAdminRoleAccess": { + "id": "ClusterAdminRoleAccess", + "path": "eks-auto-mode-stack/hello-eks/ClusterAdminRoleAccess", + "children": { + "Resource": { + "id": "Resource", + "path": "eks-auto-mode-stack/hello-eks/ClusterAdminRoleAccess/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EKS::AccessEntry", + "aws:cdk:cloudformation:props": { + "accessPolicies": [ + { + "accessScope": { + "type": "cluster" + }, + "policyArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy" + ] + ] + } + } + ], + "clusterName": { + "Ref": "helloeksBE273F5A" + }, + "principalArn": { + "Fn::GetAtt": [ + "helloeksKubectlProviderHandlerServiceRoleFDA38030", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_eks.CfnAccessEntry", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-eks-v2-alpha.AccessEntry", + "version": "0.0.0", + "metadata": [ + "*" + ] + } + }, + "mastersRoleAccess": { + "id": "mastersRoleAccess", + "path": "eks-auto-mode-stack/hello-eks/mastersRoleAccess", + "children": { + "Resource": { + "id": "Resource", + "path": "eks-auto-mode-stack/hello-eks/mastersRoleAccess/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EKS::AccessEntry", + "aws:cdk:cloudformation:props": { + "accessPolicies": [ + { + "accessScope": { + "type": "cluster" + }, + "policyArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":eks::aws:cluster-access-policy/AmazonEKSClusterAdminPolicy" + ] + ] + } + } + ], + "clusterName": { + "Ref": "helloeksBE273F5A" + }, + "principalArn": { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_eks.CfnAccessEntry", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-eks-v2-alpha.AccessEntry", + "version": "0.0.0", + "metadata": [ + "*" + ] + } + }, + "ConfigCommand": { + "id": "ConfigCommand", + "path": "eks-auto-mode-stack/hello-eks/ConfigCommand", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, + "GetTokenCommand": { + "id": "GetTokenCommand", + "path": "eks-auto-mode-stack/hello-eks/GetTokenCommand", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-eks-v2-alpha.Cluster", + "version": "0.0.0", + "metadata": [ + "*", + "*", + "*" + ] + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "eks-auto-mode-stack/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "eks-auto-mode-stack/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-eks-cluster-integ": { + "id": "aws-cdk-eks-cluster-integ", + "path": "aws-cdk-eks-cluster-integ", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "aws-cdk-eks-cluster-integ/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "aws-cdk-eks-cluster-integ/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "aws-cdk-eks-cluster-integ/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "aws-cdk-eks-cluster-integ/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "aws-cdk-eks-cluster-integ/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.ts b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.ts new file mode 100644 index 0000000000000..45522bf1ebf03 --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-auto.ts @@ -0,0 +1,36 @@ +import * as ec2 from 'aws-cdk-lib/aws-ec2'; +import * as iam from 'aws-cdk-lib/aws-iam'; +import { App, Stack, StackProps } from 'aws-cdk-lib'; +import { KubectlV32Layer } from '@aws-cdk/lambda-layer-kubectl-v32'; +import * as eks from '../lib'; +import { Construct } from 'constructs'; +import * as integ from '@aws-cdk/integ-tests-alpha'; + +export class EksAutoModeCluster extends Stack { + constructor(scope: Construct, id: string, props: StackProps) { + super(scope, id, props); + + const vpc = new ec2.Vpc(this, 'Vpc', { natGateways: 1 }); + const mastersRole = new iam.Role(this, 'Role', { + assumedBy: new iam.AccountRootPrincipal(), + }); + + new eks.Cluster(this, 'hello-eks', { + vpc, + mastersRole, + version: eks.KubernetesVersion.V1_32, + kubectlProviderOptions: { + kubectlLayer: new KubectlV32Layer(this, 'kubectl'), + }, + defaultCapacityType: eks.DefaultCapacityType.AUTOMODE, + }); + } +} + +const app = new App(); + +const stack = new EksAutoModeCluster(app, 'eks-auto-mode-stack', { env: { region: 'us-east-1' } }); + +new integ.IntegTest(app, 'aws-cdk-eks-cluster-integ', { + testCases: [stack], +}); diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip new file mode 100644 index 0000000000000..0a8e7ba83b46f Binary files /dev/null and b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip differ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.js.snapshot/aws-cdk-eks-import-cluster-test.assets.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.js.snapshot/aws-cdk-eks-import-cluster-test.assets.json index bd6c47c0fa323..3a71d091117d3 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.js.snapshot/aws-cdk-eks-import-cluster-test.assets.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.js.snapshot/aws-cdk-eks-import-cluster-test.assets.json @@ -92,7 +92,7 @@ } } }, - "ef2000106394eb71528d699ca54af0fcc86b6d4797d919fabbf9588a0c68216a": { + "474a9ee85c3b3f43f856d0e61a48cf226608269c31c6a1257266942b224bd0d6": { "source": { "path": "aws-cdk-eks-import-cluster-test.template.json", "packaging": "file" @@ -100,7 +100,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "ef2000106394eb71528d699ca54af0fcc86b6d4797d919fabbf9588a0c68216a.json", + "objectKey": "474a9ee85c3b3f43f856d0e61a48cf226608269c31c6a1257266942b224bd0d6.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.js.snapshot/aws-cdk-eks-import-cluster-test.template.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.js.snapshot/aws-cdk-eks-import-cluster-test.template.json index 55f7b080ac6bc..33c98e80da1d1 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.js.snapshot/aws-cdk-eks-import-cluster-test.template.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.js.snapshot/aws-cdk-eks-import-cluster-test.template.json @@ -494,7 +494,13 @@ "AccessConfig": { "AuthenticationMode": "API" }, + "ComputeConfig": { + "Enabled": false + }, "KubernetesNetworkConfig": { + "ElasticLoadBalancing": { + "Enabled": false + }, "IpFamily": "ipv4" }, "ResourcesVpcConfig": { @@ -529,6 +535,11 @@ "Arn" ] }, + "StorageConfig": { + "BlockStorage": { + "Enabled": false + } + }, "Version": "1.32" }, "DependsOn": [ @@ -1674,6 +1685,72 @@ ] } }, + "Outputs": { + "ClusterConfigCommand43AAE40F": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks update-kubeconfig --name ", + { + "Ref": "ClusterEB0386A7" + }, + " --region ", + { + "Ref": "AWS::Region" + }, + " --role-arn ", + { + "Fn::GetAtt": [ + "EksAdminRole1C96C514", + "Arn" + ] + } + ] + ] + } + }, + "ClusterGetTokenCommand06AE992E": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks get-token --cluster-name ", + { + "Ref": "ClusterEB0386A7" + }, + " --region ", + { + "Ref": "AWS::Region" + }, + " --role-arn ", + { + "Fn::GetAtt": [ + "EksAdminRole1C96C514", + "Arn" + ] + } + ] + ] + } + }, + "ClusterRole": { + "Value": { + "Fn::GetAtt": [ + "ClusterRoleFA261979", + "Arn" + ] + } + }, + "EksMastersRoleOutput": { + "Value": { + "Fn::GetAtt": [ + "EksAdminRole1C96C514", + "Arn" + ] + } + } + }, "Mappings": { "LatestNodeRuntimeMap": { "af-south-1": { @@ -1798,24 +1875,6 @@ } } }, - "Outputs": { - "ClusterRole": { - "Value": { - "Fn::GetAtt": [ - "ClusterRoleFA261979", - "Arn" - ] - } - }, - "EksMastersRoleOutput": { - "Value": { - "Fn::GetAtt": [ - "EksAdminRole1C96C514", - "Arn" - ] - } - } - }, "Parameters": { "BootstrapVersion": { "Type": "AWS::SSM::Parameter::Value", diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.js.snapshot/manifest.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.js.snapshot/manifest.json index 35abe48216395..f6f27c8994b8b 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ef2000106394eb71528d699ca54af0fcc86b6d4797d919fabbf9588a0c68216a.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/474a9ee85c3b3f43f856d0e61a48cf226608269c31c6a1257266942b224bd0d6.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -390,7 +390,10 @@ "/aws-cdk-eks-import-cluster-test/Cluster/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterEB0386A7" + "data": "ClusterEB0386A7", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-import-cluster-test/Cluster/KubectlReadyBarrier": [ @@ -803,7 +806,10 @@ "/aws-cdk-eks-import-cluster-test/Cluster/ClusterAdminRoleAccess/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterClusterAdminRoleAccessF2BFF759" + "data": "ClusterClusterAdminRoleAccessF2BFF759", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-import-cluster-test/Cluster/mastersRoleAccess": [ @@ -815,7 +821,10 @@ "/aws-cdk-eks-import-cluster-test/Cluster/mastersRoleAccess/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClustermastersRoleAccess698EBA51" + "data": "ClustermastersRoleAccess698EBA51", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-import-cluster-test/Cluster/NodegroupDefaultCapacity": [ @@ -880,7 +889,22 @@ "/aws-cdk-eks-import-cluster-test/Cluster/NodegroupDefaultCapacity/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupDefaultCapacityDA0920A3" + "data": "ClusterNodegroupDefaultCapacityDA0920A3", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] + } + ], + "/aws-cdk-eks-import-cluster-test/Cluster/ConfigCommand": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterConfigCommand43AAE40F" + } + ], + "/aws-cdk-eks-import-cluster-test/Cluster/GetTokenCommand": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterGetTokenCommand06AE992E" } ], "/aws-cdk-eks-import-cluster-test/Cluster/OpenIdConnectProvider": [ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.js.snapshot/tree.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.js.snapshot/tree.json index f22c347d7d327..74ede9fa532eb 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.js.snapshot/tree.json @@ -993,8 +993,14 @@ "accessConfig": { "authenticationMode": "API" }, + "computeConfig": { + "enabled": false + }, "kubernetesNetworkConfig": { - "ipFamily": "ipv4" + "ipFamily": "ipv4", + "elasticLoadBalancing": { + "enabled": false + } }, "resourcesVpcConfig": { "securityGroupIds": [ @@ -1028,6 +1034,11 @@ "Arn" ] }, + "storageConfig": { + "blockStorage": { + "enabled": false + } + }, "version": "1.32" } }, @@ -2222,6 +2233,22 @@ ] } }, + "ConfigCommand": { + "id": "ConfigCommand", + "path": "aws-cdk-eks-import-cluster-test/Cluster/ConfigCommand", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, + "GetTokenCommand": { + "id": "GetTokenCommand", + "path": "aws-cdk-eks-import-cluster-test/Cluster/GetTokenCommand", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, "OpenIdConnectProvider": { "id": "OpenIdConnectProvider", "path": "aws-cdk-eks-import-cluster-test/Cluster/OpenIdConnectProvider", diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.ts b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.ts index 56b5e76ae44ba..7ae3b6f5af88f 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.ts +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-imported.ts @@ -40,6 +40,7 @@ class EksClusterStack extends Stack { // create the cluster with a default nodegroup capacity this.cluster = new eks.Cluster(this, 'Cluster', { vpc: this.vpc, + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, defaultCapacity: 2, version: eks.KubernetesVersion.V1_32, kubectlProviderOptions: { diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip new file mode 100644 index 0000000000000..0a8e7ba83b46f Binary files /dev/null and b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip differ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/asset.2e670e0c40dc05a34d602c35c948edefcb81afaeea05b9f6240341173af6164e.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/asset.2e670e0c40dc05a34d602c35c948edefcb81afaeea05b9f6240341173af6164e.zip deleted file mode 100644 index 3075cb9cf9d6b..0000000000000 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/asset.2e670e0c40dc05a34d602c35c948edefcb81afaeea05b9f6240341173af6164e.zip +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a1ed5f76941f23885a2e2a3991022df194a6c8c4b407b8aeca46728fbbea8f63 -size 34441651 diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/asset.e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/asset.e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip index 33cd69e8824d5..d28ed8e86969d 100644 Binary files a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/asset.e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip and b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/asset.e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip differ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/aws-cdk-eks-cluster-private-endpoint-test.assets.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/aws-cdk-eks-cluster-private-endpoint-test.assets.json index e0ed4065604e2..9e1bfaf726687 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/aws-cdk-eks-cluster-private-endpoint-test.assets.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/aws-cdk-eks-cluster-private-endpoint-test.assets.json @@ -53,7 +53,7 @@ } } }, - "47252d6db832cfad393edc51abb4a70d0ef9ee1dea80ce69c7d89c1f1d21cf38": { + "29073dbdb7659149c126e8485f80b201da0ca1ec43353837a1261b112cdea210": { "source": { "path": "aws-cdk-eks-cluster-private-endpoint-test.template.json", "packaging": "file" @@ -61,7 +61,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "47252d6db832cfad393edc51abb4a70d0ef9ee1dea80ce69c7d89c1f1d21cf38.json", + "objectKey": "29073dbdb7659149c126e8485f80b201da0ca1ec43353837a1261b112cdea210.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/aws-cdk-eks-cluster-private-endpoint-test.template.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/aws-cdk-eks-cluster-private-endpoint-test.template.json index c000703a566fa..fa04e4166cc5e 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/aws-cdk-eks-cluster-private-endpoint-test.template.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/aws-cdk-eks-cluster-private-endpoint-test.template.json @@ -446,7 +446,10 @@ "AssumeRolePolicyDocument": { "Statement": [ { - "Action": "sts:AssumeRole", + "Action": [ + "sts:AssumeRole", + "sts:TagSession" + ], "Effect": "Allow", "Principal": { "Service": "eks.amazonaws.com" @@ -467,6 +470,54 @@ ":iam::aws:policy/AmazonEKSClusterPolicy" ] ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSComputePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSBlockStoragePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSLoadBalancingPolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSNetworkingPolicy" + ] + ] } ] } @@ -487,13 +538,72 @@ } } }, + "ClusterClusternodePoolRole69276141": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSWorkerNodePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + } + ] + } + }, "ClusterEB0386A7": { "Type": "AWS::EKS::Cluster", "Properties": { "AccessConfig": { "AuthenticationMode": "API" }, + "ComputeConfig": { + "Enabled": true, + "NodePools": [ + "system", + "general-purpose" + ], + "NodeRoleArn": { + "Fn::GetAtt": [ + "ClusterClusternodePoolRole69276141", + "Arn" + ] + } + }, "KubernetesNetworkConfig": { + "ElasticLoadBalancing": { + "Enabled": true + }, "IpFamily": "ipv4" }, "ResourcesVpcConfig": { @@ -528,6 +638,11 @@ "Arn" ] }, + "StorageConfig": { + "BlockStorage": { + "Enabled": true + } + }, "Version": "1.32" }, "DependsOn": [ @@ -1010,93 +1125,6 @@ } } }, - "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ec2.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSWorkerNodePolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKS_CNI_Policy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - ] - ] - } - ] - } - }, - "ClusterNodegroupDefaultCapacityDA0920A3": { - "Type": "AWS::EKS::Nodegroup", - "Properties": { - "AmiType": "AL2_x86_64", - "ClusterName": { - "Ref": "ClusterEB0386A7" - }, - "ForceUpdateEnabled": true, - "InstanceTypes": [ - "m5.large" - ], - "NodeRole": { - "Fn::GetAtt": [ - "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", - "Arn" - ] - }, - "ScalingConfig": { - "DesiredSize": 2, - "MaxSize": 2, - "MinSize": 2 - }, - "Subnets": [ - { - "Ref": "VpcPrivateSubnet1Subnet536B997A" - }, - { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1" - } - ] - } - }, "Clustermanifestconfigmap3F180550": { "Type": "Custom::AWSCDK-EKS-KubernetesResource", "Properties": { @@ -1129,6 +1157,56 @@ ] } }, + "Outputs": { + "ClusterConfigCommand43AAE40F": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks update-kubeconfig --name ", + { + "Ref": "ClusterEB0386A7" + }, + " --region ", + { + "Ref": "AWS::Region" + }, + " --role-arn ", + { + "Fn::GetAtt": [ + "AdminRole38563C57", + "Arn" + ] + } + ] + ] + } + }, + "ClusterGetTokenCommand06AE992E": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks get-token --cluster-name ", + { + "Ref": "ClusterEB0386A7" + }, + " --region ", + { + "Ref": "AWS::Region" + }, + " --role-arn ", + { + "Fn::GetAtt": [ + "AdminRole38563C57", + "Arn" + ] + } + ] + ] + } + } + }, "Mappings": { "LatestNodeRuntimeMap": { "af-south-1": { diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/manifest.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/manifest.json index 3998d9c03843a..3d0d569272f5f 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/47252d6db832cfad393edc51abb4a70d0ef9ee1dea80ce69c7d89c1f1d21cf38.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/29073dbdb7659149c126e8485f80b201da0ca1ec43353837a1261b112cdea210.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -334,10 +334,6 @@ "type": "aws:cdk:analytics:method", "data": "*" }, - { - "type": "aws:cdk:analytics:method", - "data": "*" - }, { "type": "aws:cdk:analytics:method", "data": "*" @@ -357,6 +353,56 @@ } ] } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } } ], "/aws-cdk-eks-cluster-private-endpoint-test/Cluster/Role/ImportRole": [ @@ -386,6 +432,37 @@ "data": "ClusterControlPlaneSecurityGroupD274242C" } ], + "/aws-cdk-eks-cluster-private-endpoint-test/Cluster/ClusternodePoolRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + }, + "managedPolicies": [ + { + "managedPolicyArn": "*" + }, + { + "managedPolicyArn": "*" + } + ] + } + } + ], + "/aws-cdk-eks-cluster-private-endpoint-test/Cluster/ClusternodePoolRole/ImportClusternodePoolRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-eks-cluster-private-endpoint-test/Cluster/ClusternodePoolRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterClusternodePoolRole69276141" + } + ], "/aws-cdk-eks-cluster-private-endpoint-test/Cluster/Resource": [ { "type": "aws:cdk:logicalId", @@ -801,69 +878,16 @@ "data": "ClustermastersRoleAccess698EBA51" } ], - "/aws-cdk-eks-cluster-private-endpoint-test/Cluster/NodegroupDefaultCapacity": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - } - ], - "/aws-cdk-eks-cluster-private-endpoint-test/Cluster/NodegroupDefaultCapacity/NodeGroupRole": [ - { - "type": "aws:cdk:analytics:construct", - "data": { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - } - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - } - }, - { - "type": "aws:cdk:analytics:method", - "data": { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - } - } - ], - "/aws-cdk-eks-cluster-private-endpoint-test/Cluster/NodegroupDefaultCapacity/NodeGroupRole/ImportNodeGroupRole": [ - { - "type": "aws:cdk:analytics:construct", - "data": "*" - } - ], - "/aws-cdk-eks-cluster-private-endpoint-test/Cluster/NodegroupDefaultCapacity/NodeGroupRole/Resource": [ + "/aws-cdk-eks-cluster-private-endpoint-test/Cluster/ConfigCommand": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04" + "data": "ClusterConfigCommand43AAE40F" } ], - "/aws-cdk-eks-cluster-private-endpoint-test/Cluster/NodegroupDefaultCapacity/Resource": [ + "/aws-cdk-eks-cluster-private-endpoint-test/Cluster/GetTokenCommand": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupDefaultCapacityDA0920A3" + "data": "ClusterGetTokenCommand06AE992E" } ], "/aws-cdk-eks-cluster-private-endpoint-test/Cluster/manifest-config-map/Resource": [ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/tree.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/tree.json index 431d8de0ae1e6..326dd232dbbfe 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster-private-endpoint.js.snapshot/tree.json @@ -893,7 +893,10 @@ "assumeRolePolicyDocument": { "Statement": [ { - "Action": "sts:AssumeRole", + "Action": [ + "sts:AssumeRole", + "sts:TagSession" + ], "Effect": "Allow", "Principal": { "Service": "eks.amazonaws.com" @@ -914,6 +917,54 @@ ":iam::aws:policy/AmazonEKSClusterPolicy" ] ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSComputePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSBlockStoragePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSLoadBalancingPolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSNetworkingPolicy" + ] + ] } ] } @@ -938,6 +989,41 @@ "managedPolicyArn": "*" } ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] } ] } @@ -982,6 +1068,94 @@ ] } }, + "ClusternodePoolRole": { + "id": "ClusternodePoolRole", + "path": "aws-cdk-eks-cluster-private-endpoint-test/Cluster/ClusternodePoolRole", + "children": { + "ImportClusternodePoolRole": { + "id": "ImportClusternodePoolRole", + "path": "aws-cdk-eks-cluster-private-endpoint-test/Cluster/ClusternodePoolRole/ImportClusternodePoolRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0", + "metadata": [ + "*" + ] + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-eks-cluster-private-endpoint-test/Cluster/ClusternodePoolRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSWorkerNodePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0", + "metadata": [ + { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + }, + "managedPolicies": [ + { + "managedPolicyArn": "*" + }, + { + "managedPolicyArn": "*" + } + ] + } + ] + } + }, "Resource": { "id": "Resource", "path": "aws-cdk-eks-cluster-private-endpoint-test/Cluster/Resource", @@ -991,8 +1165,24 @@ "accessConfig": { "authenticationMode": "API" }, + "computeConfig": { + "enabled": true, + "nodePools": [ + "system", + "general-purpose" + ], + "nodeRoleArn": { + "Fn::GetAtt": [ + "ClusterClusternodePoolRole69276141", + "Arn" + ] + } + }, "kubernetesNetworkConfig": { - "ipFamily": "ipv4" + "ipFamily": "ipv4", + "elasticLoadBalancing": { + "enabled": true + } }, "resourcesVpcConfig": { "securityGroupIds": [ @@ -1026,6 +1216,11 @@ "Arn" ] }, + "storageConfig": { + "blockStorage": { + "enabled": true + } + }, "version": "1.32" } }, @@ -2003,170 +2198,20 @@ ] } }, - "NodegroupDefaultCapacity": { - "id": "NodegroupDefaultCapacity", - "path": "aws-cdk-eks-cluster-private-endpoint-test/Cluster/NodegroupDefaultCapacity", - "children": { - "NodeGroupRole": { - "id": "NodeGroupRole", - "path": "aws-cdk-eks-cluster-private-endpoint-test/Cluster/NodegroupDefaultCapacity/NodeGroupRole", - "children": { - "ImportNodeGroupRole": { - "id": "ImportNodeGroupRole", - "path": "aws-cdk-eks-cluster-private-endpoint-test/Cluster/NodegroupDefaultCapacity/NodeGroupRole/ImportNodeGroupRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0", - "metadata": [ - "*" - ] - } - }, - "Resource": { - "id": "Resource", - "path": "aws-cdk-eks-cluster-private-endpoint-test/Cluster/NodegroupDefaultCapacity/NodeGroupRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ec2.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "managedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSWorkerNodePolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKS_CNI_Policy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - ] - ] - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0", - "metadata": [ - { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - } - }, - { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - }, - { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - }, - { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - } - ] - } - }, - "Resource": { - "id": "Resource", - "path": "aws-cdk-eks-cluster-private-endpoint-test/Cluster/NodegroupDefaultCapacity/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EKS::Nodegroup", - "aws:cdk:cloudformation:props": { - "amiType": "AL2_x86_64", - "clusterName": { - "Ref": "ClusterEB0386A7" - }, - "forceUpdateEnabled": true, - "instanceTypes": [ - "m5.large" - ], - "nodeRole": { - "Fn::GetAtt": [ - "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", - "Arn" - ] - }, - "scalingConfig": { - "desiredSize": 2, - "maxSize": 2, - "minSize": 2 - }, - "subnets": [ - { - "Ref": "VpcPrivateSubnet1Subnet536B997A" - }, - { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_eks.CfnNodegroup", - "version": "0.0.0" - } - } - }, + "ConfigCommand": { + "id": "ConfigCommand", + "path": "aws-cdk-eks-cluster-private-endpoint-test/Cluster/ConfigCommand", "constructInfo": { - "fqn": "@aws-cdk/aws-eks-v2-alpha.Nodegroup", - "version": "0.0.0", - "metadata": [ - "*" - ] + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, + "GetTokenCommand": { + "id": "GetTokenCommand", + "path": "aws-cdk-eks-cluster-private-endpoint-test/Cluster/GetTokenCommand", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" } }, "manifest-config-map": { @@ -2205,7 +2250,6 @@ "fqn": "@aws-cdk/aws-eks-v2-alpha.Cluster", "version": "0.0.0", "metadata": [ - "*", "*", "*", "*" diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip new file mode 100644 index 0000000000000..0a8e7ba83b46f Binary files /dev/null and b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip differ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster.assets.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster.assets.json index f1bd01a1d73ae..eca96503ee61b 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster.assets.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster.assets.json @@ -99,7 +99,7 @@ } } }, - "a651d68bfff218ab4bca4c5a91af18728555db9dcca4f9d3b8ba36656ed1f430": { + "6c85634b78db955cb3c5762270b2bf523bf32a83e6baaee83c38082a0c10cd91": { "source": { "path": "aws-cdk-eks-cluster.template.json", "packaging": "file" @@ -107,7 +107,7 @@ "destinations": { "current_account-us-east-1": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1", - "objectKey": "a651d68bfff218ab4bca4c5a91af18728555db9dcca4f9d3b8ba36656ed1f430.json", + "objectKey": "6c85634b78db955cb3c5762270b2bf523bf32a83e6baaee83c38082a0c10cd91.json", "region": "us-east-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-us-east-1" } diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster.template.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster.template.json index 018ee5ef607e3..8248bf6f67653 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster.template.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster.template.json @@ -625,6 +625,9 @@ "AccessConfig": { "AuthenticationMode": "API" }, + "ComputeConfig": { + "Enabled": false + }, "EncryptionConfig": [ { "Provider": { @@ -641,6 +644,9 @@ } ], "KubernetesNetworkConfig": { + "ElasticLoadBalancing": { + "Enabled": false + }, "IpFamily": "ipv4" }, "Logging": { @@ -690,6 +696,11 @@ "Arn" ] }, + "StorageConfig": { + "BlockStorage": { + "Enabled": false + } + }, "Tags": [ { "Key": "foo", @@ -4354,6 +4365,46 @@ } }, "Outputs": { + "ClusterConfigCommand43AAE40F": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks update-kubeconfig --name ", + { + "Ref": "ClusterEB0386A7" + }, + " --region us-east-1 --role-arn ", + { + "Fn::GetAtt": [ + "AdminRole38563C57", + "Arn" + ] + } + ] + ] + } + }, + "ClusterGetTokenCommand06AE992E": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks get-token --cluster-name ", + { + "Ref": "ClusterEB0386A7" + }, + " --region us-east-1 --role-arn ", + { + "Fn::GetAtt": [ + "AdminRole38563C57", + "Arn" + ] + } + ] + ] + } + }, "ClusterNodesInstanceRoleARN4BC4C7FB": { "Value": { "Fn::GetAtt": [ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.js.snapshot/manifest.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.js.snapshot/manifest.json index 24ba91779aa3a..254225bc086a1 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-us-east-1", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-us-east-1", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1/a651d68bfff218ab4bca4c5a91af18728555db9dcca4f9d3b8ba36656ed1f430.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-us-east-1/6c85634b78db955cb3c5762270b2bf523bf32a83e6baaee83c38082a0c10cd91.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -715,7 +715,10 @@ "/aws-cdk-eks-cluster/Cluster/ControlPlaneSecurityGroup/from awscdkeksclusterClusterClusterSecurityGroup9876E2FB:443": [ { "type": "aws:cdk:logicalId", - "data": "ClusterControlPlaneSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB443F9FFB776" + "data": "ClusterControlPlaneSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB443F9FFB776", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/ControlPlaneSecurityGroup/from awscdkeksclusterClusterNodesArmInstanceSecurityGroup37959CA0:443": [ @@ -739,7 +742,10 @@ "/aws-cdk-eks-cluster/Cluster/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterEB0386A7" + "data": "ClusterEB0386A7", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/KubectlReadyBarrier": [ @@ -751,79 +757,118 @@ "/aws-cdk-eks-cluster/Cluster/ClusterSecurityGroup/from awscdkeksclusterClusterNodesInstanceSecurityGroup06345DB9:443": [ { "type": "aws:cdk:logicalId", - "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterNodesInstanceSecurityGroup06345DB9443044D5D58" + "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterNodesInstanceSecurityGroup06345DB9443044D5D58", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/ClusterSecurityGroup/from awscdkeksclusterClusterNodesInstanceSecurityGroup06345DB9:ALL TRAFFIC": [ { "type": "aws:cdk:logicalId", - "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterNodesInstanceSecurityGroup06345DB9ALLTRAFFICA10925E8" + "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterNodesInstanceSecurityGroup06345DB9ALLTRAFFICA10925E8", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/ClusterSecurityGroup/from awscdkeksclusterClusterClusterSecurityGroup9876E2FB:443": [ { "type": "aws:cdk:logicalId", - "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB44359E5731B" + "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB44359E5731B", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/ClusterSecurityGroup/from awscdkeksclusterClusterControlPlaneSecurityGroupA0FC1FC2:443": [ { "type": "aws:cdk:logicalId", - "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterControlPlaneSecurityGroupA0FC1FC24433FCB8BDC" + "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterControlPlaneSecurityGroupA0FC1FC24433FCB8BDC", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/ClusterSecurityGroup/from awscdkeksclusterClusterClusterSecurityGroup9876E2FB:1025-65535": [ { "type": "aws:cdk:logicalId", - "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB10256553577EF745F" + "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB10256553577EF745F", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/ClusterSecurityGroup/from awscdkeksclusterClusterControlPlaneSecurityGroupA0FC1FC2:1025-65535": [ { "type": "aws:cdk:logicalId", - "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterControlPlaneSecurityGroupA0FC1FC2102565535968F394F" + "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterControlPlaneSecurityGroupA0FC1FC2102565535968F394F", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/ClusterSecurityGroup/from awscdkeksclusterClusterClusterSecurityGroup9876E2FB:ALL TRAFFIC": [ { "type": "aws:cdk:logicalId", - "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FBALLTRAFFIC686814EE" + "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FBALLTRAFFIC686814EE", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/ClusterSecurityGroup/from awscdkeksclusterClusterNodesArmInstanceSecurityGroup37959CA0:443": [ { "type": "aws:cdk:logicalId", - "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterNodesArmInstanceSecurityGroup37959CA044332E6754D" + "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterNodesArmInstanceSecurityGroup37959CA044332E6754D", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/ClusterSecurityGroup/from awscdkeksclusterClusterNodesArmInstanceSecurityGroup37959CA0:ALL TRAFFIC": [ { "type": "aws:cdk:logicalId", - "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterNodesArmInstanceSecurityGroup37959CA0ALLTRAFFIC78B62941" + "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterNodesArmInstanceSecurityGroup37959CA0ALLTRAFFIC78B62941", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/ClusterSecurityGroup/from awscdkeksclusterClusterBottlerocketNodesInstanceSecurityGroupCDA88166:443": [ { "type": "aws:cdk:logicalId", - "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterBottlerocketNodesInstanceSecurityGroupCDA8816644354A69768" + "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterBottlerocketNodesInstanceSecurityGroupCDA8816644354A69768", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/ClusterSecurityGroup/from awscdkeksclusterClusterBottlerocketNodesInstanceSecurityGroupCDA88166:ALL TRAFFIC": [ { "type": "aws:cdk:logicalId", - "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterBottlerocketNodesInstanceSecurityGroupCDA88166ALLTRAFFICFA41CA81" + "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterBottlerocketNodesInstanceSecurityGroupCDA88166ALLTRAFFICFA41CA81", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/ClusterSecurityGroup/from awscdkeksclusterClusterspotInstanceSecurityGroup888199F5:443": [ { "type": "aws:cdk:logicalId", - "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterspotInstanceSecurityGroup888199F54434B07B11A" + "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterspotInstanceSecurityGroup888199F54434B07B11A", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/ClusterSecurityGroup/from awscdkeksclusterClusterspotInstanceSecurityGroup888199F5:ALL TRAFFIC": [ { "type": "aws:cdk:logicalId", - "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterspotInstanceSecurityGroup888199F5ALLTRAFFICF3C40C11" + "data": "ClusterClusterSecurityGroupfromawscdkeksclusterClusterspotInstanceSecurityGroup888199F5ALLTRAFFICF3C40C11", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/KubectlProvider/Handler": [ @@ -1230,7 +1275,10 @@ "/aws-cdk-eks-cluster/Cluster/ClusterAdminRoleAccess/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterClusterAdminRoleAccessF2BFF759" + "data": "ClusterClusterAdminRoleAccessF2BFF759", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/mastersRoleAccess": [ @@ -1242,7 +1290,10 @@ "/aws-cdk-eks-cluster/Cluster/mastersRoleAccess/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClustermastersRoleAccess698EBA51" + "data": "ClustermastersRoleAccess698EBA51", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/NodegroupDefaultCapacity": [ @@ -1307,7 +1358,22 @@ "/aws-cdk-eks-cluster/Cluster/NodegroupDefaultCapacity/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupDefaultCapacityDA0920A3" + "data": "ClusterNodegroupDefaultCapacityDA0920A3", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] + } + ], + "/aws-cdk-eks-cluster/Cluster/ConfigCommand": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterConfigCommand43AAE40F" + } + ], + "/aws-cdk-eks-cluster/Cluster/GetTokenCommand": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterGetTokenCommand06AE992E" } ], "/aws-cdk-eks-cluster/Cluster/fargate-profile-default/PodExecutionRole": [ @@ -1341,7 +1407,10 @@ "/aws-cdk-eks-cluster/Cluster/fargate-profile-default/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterfargateprofiledefaultEFC59F14" + "data": "ClusterfargateprofiledefaultEFC59F14", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/Nodes": [ @@ -1575,7 +1644,10 @@ "/aws-cdk-eks-cluster/Cluster/Nodes/InstanceSecurityGroup/from awscdkeksclusterClusterClusterSecurityGroup9876E2FB:443": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodesInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB4430EB7A739" + "data": "ClusterNodesInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB4430EB7A739", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/Nodes/InstanceSecurityGroup/from awscdkeksclusterClusterControlPlaneSecurityGroupA0FC1FC2:443": [ @@ -1587,7 +1659,10 @@ "/aws-cdk-eks-cluster/Cluster/Nodes/InstanceSecurityGroup/from awscdkeksclusterClusterClusterSecurityGroup9876E2FB:1025-65535": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodesInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB10256553571B4A6CF" + "data": "ClusterNodesInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB10256553571B4A6CF", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/Nodes/InstanceSecurityGroup/from awscdkeksclusterClusterControlPlaneSecurityGroupA0FC1FC2:1025-65535": [ @@ -1599,7 +1674,10 @@ "/aws-cdk-eks-cluster/Cluster/Nodes/InstanceSecurityGroup/from awscdkeksclusterClusterClusterSecurityGroup9876E2FB:ALL TRAFFIC": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodesInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FBALLTRAFFIC92388917" + "data": "ClusterNodesInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FBALLTRAFFIC92388917", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/Nodes/InstanceRole": [ @@ -1936,7 +2014,10 @@ "/aws-cdk-eks-cluster/Cluster/NodesArm/InstanceSecurityGroup/from awscdkeksclusterClusterClusterSecurityGroup9876E2FB:443": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodesArmInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB443198ACE9A" + "data": "ClusterNodesArmInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB443198ACE9A", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/NodesArm/InstanceSecurityGroup/from awscdkeksclusterClusterControlPlaneSecurityGroupA0FC1FC2:443": [ @@ -1948,7 +2029,10 @@ "/aws-cdk-eks-cluster/Cluster/NodesArm/InstanceSecurityGroup/from awscdkeksclusterClusterClusterSecurityGroup9876E2FB:1025-65535": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodesArmInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB102565535B76A7664" + "data": "ClusterNodesArmInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB102565535B76A7664", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/NodesArm/InstanceSecurityGroup/from awscdkeksclusterClusterControlPlaneSecurityGroupA0FC1FC2:1025-65535": [ @@ -1960,7 +2044,10 @@ "/aws-cdk-eks-cluster/Cluster/NodesArm/InstanceSecurityGroup/from awscdkeksclusterClusterClusterSecurityGroup9876E2FB:ALL TRAFFIC": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodesArmInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FBALLTRAFFIC23E1D3F4" + "data": "ClusterNodesArmInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FBALLTRAFFIC23E1D3F4", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/NodesArm/InstanceRole": [ @@ -2298,7 +2385,10 @@ "/aws-cdk-eks-cluster/Cluster/BottlerocketNodes/InstanceSecurityGroup/from awscdkeksclusterClusterClusterSecurityGroup9876E2FB:443": [ { "type": "aws:cdk:logicalId", - "data": "ClusterBottlerocketNodesInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB443B4C61AB5" + "data": "ClusterBottlerocketNodesInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB443B4C61AB5", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/BottlerocketNodes/InstanceSecurityGroup/from awscdkeksclusterClusterControlPlaneSecurityGroupA0FC1FC2:443": [ @@ -2310,7 +2400,10 @@ "/aws-cdk-eks-cluster/Cluster/BottlerocketNodes/InstanceSecurityGroup/from awscdkeksclusterClusterClusterSecurityGroup9876E2FB:1025-65535": [ { "type": "aws:cdk:logicalId", - "data": "ClusterBottlerocketNodesInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB1025655351D98A2F9" + "data": "ClusterBottlerocketNodesInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB1025655351D98A2F9", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/BottlerocketNodes/InstanceSecurityGroup/from awscdkeksclusterClusterControlPlaneSecurityGroupA0FC1FC2:1025-65535": [ @@ -2322,7 +2415,10 @@ "/aws-cdk-eks-cluster/Cluster/BottlerocketNodes/InstanceSecurityGroup/from awscdkeksclusterClusterClusterSecurityGroup9876E2FB:ALL TRAFFIC": [ { "type": "aws:cdk:logicalId", - "data": "ClusterBottlerocketNodesInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FBALLTRAFFICF9F24F38" + "data": "ClusterBottlerocketNodesInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FBALLTRAFFICF9F24F38", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/BottlerocketNodes/InstanceRole": [ @@ -2660,7 +2756,10 @@ "/aws-cdk-eks-cluster/Cluster/spot/InstanceSecurityGroup/from awscdkeksclusterClusterClusterSecurityGroup9876E2FB:443": [ { "type": "aws:cdk:logicalId", - "data": "ClusterspotInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB443404B4B15" + "data": "ClusterspotInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB443404B4B15", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/spot/InstanceSecurityGroup/from awscdkeksclusterClusterControlPlaneSecurityGroupA0FC1FC2:443": [ @@ -2672,7 +2771,10 @@ "/aws-cdk-eks-cluster/Cluster/spot/InstanceSecurityGroup/from awscdkeksclusterClusterClusterSecurityGroup9876E2FB:1025-65535": [ { "type": "aws:cdk:logicalId", - "data": "ClusterspotInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB1025655351D199728" + "data": "ClusterspotInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FB1025655351D199728", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/spot/InstanceSecurityGroup/from awscdkeksclusterClusterControlPlaneSecurityGroupA0FC1FC2:1025-65535": [ @@ -2684,7 +2786,10 @@ "/aws-cdk-eks-cluster/Cluster/spot/InstanceSecurityGroup/from awscdkeksclusterClusterClusterSecurityGroup9876E2FB:ALL TRAFFIC": [ { "type": "aws:cdk:logicalId", - "data": "ClusterspotInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FBALLTRAFFICCFAD665D" + "data": "ClusterspotInstanceSecurityGroupfromawscdkeksclusterClusterClusterSecurityGroup9876E2FBALLTRAFFICCFAD665D", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/spot/InstanceRole": [ @@ -2854,7 +2959,10 @@ "/aws-cdk-eks-cluster/Cluster/Nodegroupextra-ng/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupextrangF9406A09" + "data": "ClusterNodegroupextrangF9406A09", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/Nodegroupextra-ng-spot": [ @@ -2919,7 +3027,10 @@ "/aws-cdk-eks-cluster/Cluster/Nodegroupextra-ng-spot/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupextrangspotB327AE6B" + "data": "ClusterNodegroupextrangspotB327AE6B", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/Nodegroupextra-ng-arm": [ @@ -2984,7 +3095,10 @@ "/aws-cdk-eks-cluster/Cluster/Nodegroupextra-ng-arm/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupextrangarm7773987A" + "data": "ClusterNodegroupextrangarm7773987A", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/Nodegroupextra-ng-arm3": [ @@ -3049,7 +3163,10 @@ "/aws-cdk-eks-cluster/Cluster/Nodegroupextra-ng-arm3/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupextrangarm327128311" + "data": "ClusterNodegroupextrangarm327128311", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/Nodegroupextra-ng2": [ @@ -3061,7 +3178,10 @@ "/aws-cdk-eks-cluster/Cluster/Nodegroupextra-ng2/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupextrang2F1FB0D40" + "data": "ClusterNodegroupextrang2F1FB0D40", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/Nodegroupextra-ng-gpu": [ @@ -3126,7 +3246,10 @@ "/aws-cdk-eks-cluster/Cluster/Nodegroupextra-ng-gpu/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupextranggpu928E9016" + "data": "ClusterNodegroupextranggpu928E9016", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster/Cluster/manifest-HelloApp/Resource": [ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.js.snapshot/tree.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.js.snapshot/tree.json index 1d0ba9bb9000a..e75c4d9108cf7 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.js.snapshot/tree.json @@ -1374,6 +1374,9 @@ "accessConfig": { "authenticationMode": "API" }, + "computeConfig": { + "enabled": false + }, "encryptionConfig": [ { "provider": { @@ -1390,7 +1393,10 @@ } ], "kubernetesNetworkConfig": { - "ipFamily": "ipv4" + "ipFamily": "ipv4", + "elasticLoadBalancing": { + "enabled": false + } }, "logging": { "clusterLogging": { @@ -1439,6 +1445,11 @@ "Arn" ] }, + "storageConfig": { + "blockStorage": { + "enabled": false + } + }, "tags": [ { "key": "foo", @@ -2992,6 +3003,22 @@ ] } }, + "ConfigCommand": { + "id": "ConfigCommand", + "path": "aws-cdk-eks-cluster/Cluster/ConfigCommand", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, + "GetTokenCommand": { + "id": "GetTokenCommand", + "path": "aws-cdk-eks-cluster/Cluster/GetTokenCommand", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, "fargate-profile-default": { "id": "fargate-profile-default", "path": "aws-cdk-eks-cluster/Cluster/fargate-profile-default", diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.ts b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.ts index eb5aed10baf4f..26ee673a2ab63 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.ts +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-cluster.ts @@ -42,6 +42,7 @@ class EksClusterStack extends Stack { vpc: this.vpc, vpcSubnets, mastersRole, + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, defaultCapacity: 2, version: eks.KubernetesVersion.V1_32, secretsEncryptionKey, diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.0d94926290549a70008a6e1e24fe1f1b29c5b53364bc1c09c60ef9cb02f562ca/__entrypoint__.js b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.0d94926290549a70008a6e1e24fe1f1b29c5b53364bc1c09c60ef9cb02f562ca/__entrypoint__.js new file mode 100644 index 0000000000000..ff3a517fba12d --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.0d94926290549a70008a6e1e24fe1f1b29c5b53364bc1c09c60ef9cb02f562ca/__entrypoint__.js @@ -0,0 +1,155 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.external = void 0; +exports.handler = handler; +exports.withRetries = withRetries; +const https = require("https"); +const url = require("url"); +// for unit tests +exports.external = { + sendHttpRequest: defaultSendHttpRequest, + log: defaultLog, + includeStackTraces: true, + userHandlerIndex: './index', +}; +const CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; +const MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; +async function handler(event, context) { + const sanitizedEvent = { ...event, ResponseURL: '...' }; + exports.external.log(JSON.stringify(sanitizedEvent, undefined, 2)); + // ignore DELETE event when the physical resource ID is the marker that + // indicates that this DELETE is a subsequent DELETE to a failed CREATE + // operation. + if (event.RequestType === 'Delete' && event.PhysicalResourceId === CREATE_FAILED_PHYSICAL_ID_MARKER) { + exports.external.log('ignoring DELETE event caused by a failed CREATE event'); + await submitResponse('SUCCESS', event); + return; + } + try { + // invoke the user handler. this is intentionally inside the try-catch to + // ensure that if there is an error it's reported as a failure to + // cloudformation (otherwise cfn waits). + // eslint-disable-next-line @typescript-eslint/no-require-imports + const userHandler = require(exports.external.userHandlerIndex).handler; + const result = await userHandler(sanitizedEvent, context); + // validate user response and create the combined event + const responseEvent = renderResponse(event, result); + // submit to cfn as success + await submitResponse('SUCCESS', responseEvent); + } + catch (e) { + const resp = { + ...event, + Reason: exports.external.includeStackTraces ? e.stack : e.message, + }; + if (!resp.PhysicalResourceId) { + // special case: if CREATE fails, which usually implies, we usually don't + // have a physical resource id. in this case, the subsequent DELETE + // operation does not have any meaning, and will likely fail as well. to + // address this, we use a marker so the provider framework can simply + // ignore the subsequent DELETE. + if (event.RequestType === 'Create') { + exports.external.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); + resp.PhysicalResourceId = CREATE_FAILED_PHYSICAL_ID_MARKER; + } + else { + // otherwise, if PhysicalResourceId is not specified, something is + // terribly wrong because all other events should have an ID. + exports.external.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(event)}`); + } + } + // this is an actual error, fail the activity altogether and exist. + await submitResponse('FAILED', resp); + } +} +function renderResponse(cfnRequest, handlerResponse = {}) { + // if physical ID is not returned, we have some defaults for you based + // on the request type. + const physicalResourceId = handlerResponse.PhysicalResourceId ?? cfnRequest.PhysicalResourceId ?? cfnRequest.RequestId; + // if we are in DELETE and physical ID was changed, it's an error. + if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { + throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${handlerResponse.PhysicalResourceId}" during deletion`); + } + // merge request event and result event (result prevails). + return { + ...cfnRequest, + ...handlerResponse, + PhysicalResourceId: physicalResourceId, + }; +} +async function submitResponse(status, event) { + const json = { + Status: status, + Reason: event.Reason ?? status, + StackId: event.StackId, + RequestId: event.RequestId, + PhysicalResourceId: event.PhysicalResourceId || MISSING_PHYSICAL_ID_MARKER, + LogicalResourceId: event.LogicalResourceId, + NoEcho: event.NoEcho, + Data: event.Data, + }; + const parsedUrl = url.parse(event.ResponseURL); + const loggingSafeUrl = `${parsedUrl.protocol}//${parsedUrl.hostname}/${parsedUrl.pathname}?***`; + exports.external.log('submit response to cloudformation', loggingSafeUrl, json); + const responseBody = JSON.stringify(json); + const req = { + hostname: parsedUrl.hostname, + path: parsedUrl.path, + method: 'PUT', + headers: { + 'content-type': '', + 'content-length': Buffer.byteLength(responseBody, 'utf8'), + }, + }; + const retryOptions = { + attempts: 5, + sleep: 1000, + }; + await withRetries(retryOptions, exports.external.sendHttpRequest)(req, responseBody); +} +async function defaultSendHttpRequest(options, requestBody) { + return new Promise((resolve, reject) => { + try { + const request = https.request(options, (response) => { + response.resume(); // Consume the response but don't care about it + if (!response.statusCode || response.statusCode >= 400) { + reject(new Error(`Unsuccessful HTTP response: ${response.statusCode}`)); + } + else { + resolve(); + } + }); + request.on('error', reject); + request.write(requestBody); + request.end(); + } + catch (e) { + reject(e); + } + }); +} +function defaultLog(fmt, ...params) { + // eslint-disable-next-line no-console + console.log(fmt, ...params); +} +function withRetries(options, fn) { + return async (...xs) => { + let attempts = options.attempts; + let ms = options.sleep; + while (true) { + try { + return await fn(...xs); + } + catch (e) { + if (attempts-- <= 0) { + throw e; + } + await sleep(Math.floor(Math.random() * ms)); + ms *= 2; + } + } + }; +} +async function sleep(ms) { + return new Promise((ok) => setTimeout(ok, ms)); +} diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.0d94926290549a70008a6e1e24fe1f1b29c5b53364bc1c09c60ef9cb02f562ca/index.js b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.0d94926290549a70008a6e1e24fe1f1b29c5b53364bc1c09c60ef9cb02f562ca/index.js new file mode 100644 index 0000000000000..db4f4fc8b037f --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.0d94926290549a70008a6e1e24fe1f1b29c5b53364bc1c09c60ef9cb02f562ca/index.js @@ -0,0 +1 @@ +"use strict";var u=Object.defineProperty;var a=Object.getOwnPropertyDescriptor;var c=Object.getOwnPropertyNames;var i=Object.prototype.hasOwnProperty;var C=(e,r)=>{for(var o in r)u(e,o,{get:r[o],enumerable:!0})},S=(e,r,o,t)=>{if(r&&typeof r=="object"||typeof r=="function")for(let n of c(r))!i.call(e,n)&&n!==o&&u(e,n,{get:()=>r[n],enumerable:!(t=a(r,n))||t.enumerable});return e};var f=e=>S(u({},"__esModule",{value:!0}),e);var l={};C(l,{CfnUtilsResourceType:()=>s,handler:()=>m});module.exports=f(l);var s=(o=>(o.CFN_JSON="Custom::AWSCDKCfnJson",o.CFN_JSON_STRINGIFY="Custom::AWSCDKCfnJsonStringify",o))(s||{});async function m(e){if(e.ResourceType==="Custom::AWSCDKCfnJson")return N(e);if(e.ResourceType==="Custom::AWSCDKCfnJsonStringify")return d(e);throw new Error(`unexpected resource type "${e.ResourceType}"`)}function N(e){return{Data:{Value:JSON.parse(e.ResourceProperties.Value)}}}function d(e){return{Data:{Value:JSON.stringify(e.ResourceProperties.Value)}}}0&&(module.exports={CfnUtilsResourceType,handler}); diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip new file mode 100644 index 0000000000000..0a8e7ba83b46f Binary files /dev/null and b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip differ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.2e670e0c40dc05a34d602c35c948edefcb81afaeea05b9f6240341173af6164e.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.2e670e0c40dc05a34d602c35c948edefcb81afaeea05b9f6240341173af6164e.zip deleted file mode 100644 index 3075cb9cf9d6b..0000000000000 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.2e670e0c40dc05a34d602c35c948edefcb81afaeea05b9f6240341173af6164e.zip +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:a1ed5f76941f23885a2e2a3991022df194a6c8c4b407b8aeca46728fbbea8f63 -size 34441651 diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.2ef56be7a7906182ed8d1a8479be348cf836b925a9956cafededbd08199ba5c4/__entrypoint__.js b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.2ef56be7a7906182ed8d1a8479be348cf836b925a9956cafededbd08199ba5c4/__entrypoint__.js new file mode 100644 index 0000000000000..ff3a517fba12d --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.2ef56be7a7906182ed8d1a8479be348cf836b925a9956cafededbd08199ba5c4/__entrypoint__.js @@ -0,0 +1,155 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.external = void 0; +exports.handler = handler; +exports.withRetries = withRetries; +const https = require("https"); +const url = require("url"); +// for unit tests +exports.external = { + sendHttpRequest: defaultSendHttpRequest, + log: defaultLog, + includeStackTraces: true, + userHandlerIndex: './index', +}; +const CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; +const MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; +async function handler(event, context) { + const sanitizedEvent = { ...event, ResponseURL: '...' }; + exports.external.log(JSON.stringify(sanitizedEvent, undefined, 2)); + // ignore DELETE event when the physical resource ID is the marker that + // indicates that this DELETE is a subsequent DELETE to a failed CREATE + // operation. + if (event.RequestType === 'Delete' && event.PhysicalResourceId === CREATE_FAILED_PHYSICAL_ID_MARKER) { + exports.external.log('ignoring DELETE event caused by a failed CREATE event'); + await submitResponse('SUCCESS', event); + return; + } + try { + // invoke the user handler. this is intentionally inside the try-catch to + // ensure that if there is an error it's reported as a failure to + // cloudformation (otherwise cfn waits). + // eslint-disable-next-line @typescript-eslint/no-require-imports + const userHandler = require(exports.external.userHandlerIndex).handler; + const result = await userHandler(sanitizedEvent, context); + // validate user response and create the combined event + const responseEvent = renderResponse(event, result); + // submit to cfn as success + await submitResponse('SUCCESS', responseEvent); + } + catch (e) { + const resp = { + ...event, + Reason: exports.external.includeStackTraces ? e.stack : e.message, + }; + if (!resp.PhysicalResourceId) { + // special case: if CREATE fails, which usually implies, we usually don't + // have a physical resource id. in this case, the subsequent DELETE + // operation does not have any meaning, and will likely fail as well. to + // address this, we use a marker so the provider framework can simply + // ignore the subsequent DELETE. + if (event.RequestType === 'Create') { + exports.external.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); + resp.PhysicalResourceId = CREATE_FAILED_PHYSICAL_ID_MARKER; + } + else { + // otherwise, if PhysicalResourceId is not specified, something is + // terribly wrong because all other events should have an ID. + exports.external.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(event)}`); + } + } + // this is an actual error, fail the activity altogether and exist. + await submitResponse('FAILED', resp); + } +} +function renderResponse(cfnRequest, handlerResponse = {}) { + // if physical ID is not returned, we have some defaults for you based + // on the request type. + const physicalResourceId = handlerResponse.PhysicalResourceId ?? cfnRequest.PhysicalResourceId ?? cfnRequest.RequestId; + // if we are in DELETE and physical ID was changed, it's an error. + if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { + throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${handlerResponse.PhysicalResourceId}" during deletion`); + } + // merge request event and result event (result prevails). + return { + ...cfnRequest, + ...handlerResponse, + PhysicalResourceId: physicalResourceId, + }; +} +async function submitResponse(status, event) { + const json = { + Status: status, + Reason: event.Reason ?? status, + StackId: event.StackId, + RequestId: event.RequestId, + PhysicalResourceId: event.PhysicalResourceId || MISSING_PHYSICAL_ID_MARKER, + LogicalResourceId: event.LogicalResourceId, + NoEcho: event.NoEcho, + Data: event.Data, + }; + const parsedUrl = url.parse(event.ResponseURL); + const loggingSafeUrl = `${parsedUrl.protocol}//${parsedUrl.hostname}/${parsedUrl.pathname}?***`; + exports.external.log('submit response to cloudformation', loggingSafeUrl, json); + const responseBody = JSON.stringify(json); + const req = { + hostname: parsedUrl.hostname, + path: parsedUrl.path, + method: 'PUT', + headers: { + 'content-type': '', + 'content-length': Buffer.byteLength(responseBody, 'utf8'), + }, + }; + const retryOptions = { + attempts: 5, + sleep: 1000, + }; + await withRetries(retryOptions, exports.external.sendHttpRequest)(req, responseBody); +} +async function defaultSendHttpRequest(options, requestBody) { + return new Promise((resolve, reject) => { + try { + const request = https.request(options, (response) => { + response.resume(); // Consume the response but don't care about it + if (!response.statusCode || response.statusCode >= 400) { + reject(new Error(`Unsuccessful HTTP response: ${response.statusCode}`)); + } + else { + resolve(); + } + }); + request.on('error', reject); + request.write(requestBody); + request.end(); + } + catch (e) { + reject(e); + } + }); +} +function defaultLog(fmt, ...params) { + // eslint-disable-next-line no-console + console.log(fmt, ...params); +} +function withRetries(options, fn) { + return async (...xs) => { + let attempts = options.attempts; + let ms = options.sleep; + while (true) { + try { + return await fn(...xs); + } + catch (e) { + if (attempts-- <= 0) { + throw e; + } + await sleep(Math.floor(Math.random() * ms)); + ms *= 2; + } + } + }; +} +async function sleep(ms) { + return new Promise((ok) => setTimeout(ok, ms)); +} diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.2ef56be7a7906182ed8d1a8479be348cf836b925a9956cafededbd08199ba5c4/index.js b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.2ef56be7a7906182ed8d1a8479be348cf836b925a9956cafededbd08199ba5c4/index.js new file mode 100644 index 0000000000000..83d106fd4d4b5 --- /dev/null +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.2ef56be7a7906182ed8d1a8479be348cf836b925a9956cafededbd08199ba5c4/index.js @@ -0,0 +1 @@ +"use strict";var v=Object.create;var l=Object.defineProperty;var y=Object.getOwnPropertyDescriptor;var O=Object.getOwnPropertyNames;var w=Object.getPrototypeOf,R=Object.prototype.hasOwnProperty;var A=(e,r)=>{for(var t in r)l(e,t,{get:r[t],enumerable:!0})},D=(e,r,t,i)=>{if(r&&typeof r=="object"||typeof r=="function")for(let o of O(r))!R.call(e,o)&&o!==t&&l(e,o,{get:()=>r[o],enumerable:!(i=y(r,o))||i.enumerable});return e};var m=(e,r,t)=>(t=e!=null?v(w(e)):{},D(r||!e||!e.__esModule?l(t,"default",{value:e,enumerable:!0}):t,e)),$=e=>D(l({},"__esModule",{value:!0}),e);var j={};A(j,{handler:()=>x});module.exports=$(j);function h(e,r){let t=new Set(e),i=new Set;for(let o of new Set(r))t.has(o)?t.delete(o):i.add(o);return{adds:Array.from(i),deletes:Array.from(t)}}var g=m(require("tls")),P=m(require("url")),T=m(require("@aws-sdk/client-iam")),C;function u(){return C||(C=new T.IAM({})),C}function U(e,...r){console.log(e,...r)}async function L(e,r){return new Promise((t,i)=>{let o=P.parse(e),p=o.port?parseInt(o.port,10):443;if(!o.host)return i(new Error(`unable to determine host from issuer url ${e}`));n.log(`Fetching x509 certificate chain from issuer ${e}`);let s=g.connect(p,o.host,{rejectUnauthorized:r,servername:o.host});s.once("error",i),s.once("secureConnect",()=>{let a=s.getPeerX509Certificate();if(!a)throw new Error(`Unable to retrieve X509 certificate from host ${o.host}`);for(;a.issuerCertificate;)E(a),a=a.issuerCertificate;let d=new Date(a.validTo),c=S(d);if(c<0)return i(new Error(`The certificate has already expired on: ${d.toUTCString()}`));c<180&&console.warn(`The root certificate obtained would expire in ${c} days!`),s.end();let I=f(a);n.log(`Certificate Authority thumbprint for ${e} is ${I}`),t(I)})})}function f(e){return e.fingerprint.split(":").join("")}function E(e){n.log("-------------BEGIN CERT----------------"),n.log(`Thumbprint: ${f(e)}`),n.log(`Valid To: ${e.validTo}`),e.issuerCertificate&&n.log(`Issuer Thumbprint: ${f(e.issuerCertificate)}`),n.log(`Issuer: ${e.issuer}`),n.log(`Subject: ${e.subject}`),n.log("-------------END CERT------------------")}function S(e){let t=new Date;return Math.round((e.getTime()-t.getTime())/864e5)}var n={downloadThumbprint:L,log:U,createOpenIDConnectProvider:e=>u().createOpenIDConnectProvider(e),deleteOpenIDConnectProvider:e=>u().deleteOpenIDConnectProvider(e),updateOpenIDConnectProviderThumbprint:e=>u().updateOpenIDConnectProviderThumbprint(e),addClientIDToOpenIDConnectProvider:e=>u().addClientIDToOpenIDConnectProvider(e),removeClientIDFromOpenIDConnectProvider:e=>u().removeClientIDFromOpenIDConnectProvider(e)};async function x(e){if(e.RequestType==="Create")return b(e);if(e.RequestType==="Update")return F(e);if(e.RequestType==="Delete")return k(e);throw new Error("invalid request type")}async function b(e){let r=e.ResourceProperties.Url,t=(e.ResourceProperties.ThumbprintList??[]).sort(),i=(e.ResourceProperties.ClientIDList??[]).sort(),o=e.ResourceProperties.RejectUnauthorized??!1;return t.length===0&&t.push(await n.downloadThumbprint(r,o)),{PhysicalResourceId:(await n.createOpenIDConnectProvider({Url:r,ClientIDList:i,ThumbprintList:t})).OpenIDConnectProviderArn,Data:{Thumbprints:JSON.stringify(t)}}}async function F(e){let r=e.ResourceProperties.Url,t=(e.ResourceProperties.ThumbprintList??[]).sort(),i=(e.ResourceProperties.ClientIDList??[]).sort(),o=e.ResourceProperties.RejectUnauthorized??!1;if(e.OldResourceProperties.Url!==r)return b({...e,RequestType:"Create"});let s=e.PhysicalResourceId;t.length===0&&t.push(await n.downloadThumbprint(r,o)),n.log("updating thumbprint to",t),await n.updateOpenIDConnectProviderThumbprint({OpenIDConnectProviderArn:s,ThumbprintList:t});let a=(e.OldResourceProperties.ClientIDList||[]).sort(),d=h(a,i);n.log(`client ID diff: ${JSON.stringify(d)}`);for(let c of d.adds)n.log(`adding client id "${c}" to provider ${s}`),await n.addClientIDToOpenIDConnectProvider({OpenIDConnectProviderArn:s,ClientID:c});for(let c of d.deletes)n.log(`removing client id "${c}" from provider ${s}`),await n.removeClientIDFromOpenIDConnectProvider({OpenIDConnectProviderArn:s,ClientID:c});return{Data:{Thumbprints:JSON.stringify(t)}}}async function k(e){await n.deleteOpenIDConnectProvider({OpenIDConnectProviderArn:e.PhysicalResourceId})}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip index 33cd69e8824d5..d28ed8e86969d 100644 Binary files a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip and b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/asset.e42a736be21cd3134b9bff4e71e3afa99a4cc900ae489e9a7f7025c8d258f9b8.zip differ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.assets.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.assets.json index d371d2e5a6fc0..56642a35a5d29 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.assets.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.assets.json @@ -66,7 +66,33 @@ } } }, - "b02ff4ffd818fda104bf4ceb0da58f037312c1a5743d2b3a76f81da8ce6cfc10": { + "2ef56be7a7906182ed8d1a8479be348cf836b925a9956cafededbd08199ba5c4": { + "source": { + "path": "asset.2ef56be7a7906182ed8d1a8479be348cf836b925a9956cafededbd08199ba5c4", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "2ef56be7a7906182ed8d1a8479be348cf836b925a9956cafededbd08199ba5c4.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "0d94926290549a70008a6e1e24fe1f1b29c5b53364bc1c09c60ef9cb02f562ca": { + "source": { + "path": "asset.0d94926290549a70008a6e1e24fe1f1b29c5b53364bc1c09c60ef9cb02f562ca", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "0d94926290549a70008a6e1e24fe1f1b29c5b53364bc1c09c60ef9cb02f562ca.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "c40caf7f4fbdcc6a69a3e831ed0e4749d8a80f4147b45429bbb385d684ae01ea": { "source": { "path": "aws-cdk-eks-helm-test.template.json", "packaging": "file" @@ -74,7 +100,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "b02ff4ffd818fda104bf4ceb0da58f037312c1a5743d2b3a76f81da8ce6cfc10.json", + "objectKey": "c40caf7f4fbdcc6a69a3e831ed0e4749d8a80f4147b45429bbb385d684ae01ea.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.template.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.template.json index d23d9fadeea56..4c9d2ce777229 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.template.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.template.json @@ -446,7 +446,10 @@ "AssumeRolePolicyDocument": { "Statement": [ { - "Action": "sts:AssumeRole", + "Action": [ + "sts:AssumeRole", + "sts:TagSession" + ], "Effect": "Allow", "Principal": { "Service": "eks.amazonaws.com" @@ -467,6 +470,54 @@ ":iam::aws:policy/AmazonEKSClusterPolicy" ] ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSComputePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSBlockStoragePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSLoadBalancingPolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSNetworkingPolicy" + ] + ] } ] } @@ -487,13 +538,72 @@ } } }, + "ClusterClusternodePoolRole69276141": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSWorkerNodePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + } + ] + } + }, "ClusterEB0386A7": { "Type": "AWS::EKS::Cluster", "Properties": { "AccessConfig": { "AuthenticationMode": "API" }, + "ComputeConfig": { + "Enabled": true, + "NodePools": [ + "system", + "general-purpose" + ], + "NodeRoleArn": { + "Fn::GetAtt": [ + "ClusterClusternodePoolRole69276141", + "Arn" + ] + } + }, "KubernetesNetworkConfig": { + "ElasticLoadBalancing": { + "Enabled": true + }, "IpFamily": "ipv4" }, "ResourcesVpcConfig": { @@ -528,6 +638,11 @@ "Arn" ] }, + "StorageConfig": { + "BlockStorage": { + "Enabled": true + } + }, "Version": "1.32" }, "DependsOn": [ @@ -1051,93 +1166,6 @@ } } }, - "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ec2.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSWorkerNodePolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKS_CNI_Policy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - ] - ] - } - ] - } - }, - "ClusterNodegroupDefaultCapacityDA0920A3": { - "Type": "AWS::EKS::Nodegroup", - "Properties": { - "AmiType": "AL2_x86_64", - "ClusterName": { - "Ref": "ClusterEB0386A7" - }, - "ForceUpdateEnabled": true, - "InstanceTypes": [ - "m5.large" - ], - "NodeRole": { - "Fn::GetAtt": [ - "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", - "Arn" - ] - }, - "ScalingConfig": { - "DesiredSize": 2, - "MaxSize": 2, - "MinSize": 2 - }, - "Subnets": [ - { - "Ref": "VpcPrivateSubnet1Subnet536B997A" - }, - { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1" - } - ] - } - }, "Clustercharttestchart9FD698EB": { "Type": "Custom::AWSCDK-EKS-HelmChart", "Properties": { @@ -1275,6 +1303,162 @@ "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, + "Clusterec2controllersaConditionJson93A80A33": { + "Type": "Custom::AWSCDKCfnJson", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "AWSCDKCfnUtilsProviderCustomResourceProviderHandlerCF82AA57", + "Arn" + ] + }, + "Value": { + "Fn::Join": [ + "", + [ + "{\"", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":oidc-provider/", + { + "Ref": "ClusterOpenIdConnectProviderE7EB0530" + } + ] + } + ] + }, + ":aud\":\"sts.amazonaws.com\",\"", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":oidc-provider/", + { + "Ref": "ClusterOpenIdConnectProviderE7EB0530" + } + ] + } + ] + }, + ":sub\":\"system:serviceaccount:ack-system:awscdkekshelmtestclusterec2controllersa091fd101\"}" + ] + ] + } + }, + "DependsOn": [ + "ClustercharttestskipcrdinstallationB8323954" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "Clusterec2controllersaRole1DE83C2D": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRoleWithWebIdentity", + "Condition": { + "StringEquals": { + "Fn::GetAtt": [ + "Clusterec2controllersaConditionJson93A80A33", + "Value" + ] + } + }, + "Effect": "Allow", + "Principal": { + "Federated": { + "Ref": "ClusterOpenIdConnectProviderE7EB0530" + } + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2FullAccess" + ] + ] + } + ] + }, + "DependsOn": [ + "ClustercharttestskipcrdinstallationB8323954" + ] + }, + "Clusterec2controllersamanifestec2controllersaServiceAccountResource90211140": { + "Type": "Custom::AWSCDK-EKS-KubernetesResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "ClusterKubectlProviderframeworkonEvent68E0CF80", + "Arn" + ] + }, + "Manifest": { + "Fn::Join": [ + "", + [ + "[{\"apiVersion\":\"v1\",\"kind\":\"ServiceAccount\",\"metadata\":{\"name\":\"awscdkekshelmtestclusterec2controllersa091fd101\",\"namespace\":\"ack-system\",\"labels\":{\"aws.cdk.eks/prune-c821e718a8b33d4c46414e77b9f9f05e76fc714e10\":\"\",\"app.kubernetes.io/name\":\"awscdkekshelmtestclusterec2controllersa091fd101\"},\"annotations\":{\"eks.amazonaws.com/role-arn\":\"", + { + "Fn::GetAtt": [ + "Clusterec2controllersaRole1DE83C2D", + "Arn" + ] + }, + "\"}}}]" + ] + ] + }, + "ClusterName": { + "Ref": "ClusterEB0386A7" + }, + "PruneLabel": "aws.cdk.eks/prune-c821e718a8b33d4c46414e77b9f9f05e76fc714e10" + }, + "DependsOn": [ + "ClustercharttestskipcrdinstallationB8323954", + "ClusterKubectlReadyBarrier200052AF" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClusterOpenIdConnectProviderE7EB0530": { + "Type": "Custom::AWSCDKOpenIdConnectProvider", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0", + "Arn" + ] + }, + "ClientIDList": [ + "sts.amazonaws.com" + ], + "Url": { + "Fn::GetAtt": [ + "ClusterEB0386A7", + "OpenIdConnectIssuerUrl" + ] + }, + "RejectUnauthorized": true, + "CodeHash": "2ef56be7a7906182ed8d1a8479be348cf836b925a9956cafededbd08199ba5c4" + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, "ClustercharttestatomicinstallationB879263E": { "Type": "Custom::AWSCDK-EKS-HelmChart", "Properties": { @@ -1298,7 +1482,14 @@ { "Ref": "AWS::Region" }, - "\"}}" + "\"},\"serviceAccount\":{\"name\":\"awscdkekshelmtestclusterec2controllersa091fd101\",\"create\":false,\"annotations\":{\"eks.amazonaws.com/role-arn\":\"", + { + "Fn::GetAtt": [ + "Clusterec2controllersaRole1DE83C2D", + "Arn" + ] + }, + "\"}}}" ] ] }, @@ -1338,6 +1529,135 @@ ], "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" + }, + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": "*", + "Action": [ + "iam:CreateOpenIDConnectProvider", + "iam:DeleteOpenIDConnectProvider", + "iam:UpdateOpenIDConnectProviderThumbprint", + "iam:AddClientIDToOpenIDConnectProvider", + "iam:RemoveClientIDFromOpenIDConnectProvider" + ] + } + ] + } + } + ] + } + }, + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "2ef56be7a7906182ed8d1a8479be348cf836b925a9956cafededbd08199ba5c4.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65", + "Arn" + ] + }, + "Runtime": { + "Fn::FindInMap": [ + "LatestNodeRuntimeMap", + { + "Ref": "AWS::Region" + }, + "value" + ] + } + }, + "DependsOn": [ + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65" + ] + }, + "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "AWSCDKCfnUtilsProviderCustomResourceProviderHandlerCF82AA57": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "0d94926290549a70008a6e1e24fe1f1b29c5b53364bc1c09c60ef9cb02f562ca.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867", + "Arn" + ] + }, + "Runtime": { + "Fn::FindInMap": [ + "LatestNodeRuntimeMap", + { + "Ref": "AWS::Region" + }, + "value" + ] + } + }, + "DependsOn": [ + "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867" + ] } }, "Conditions": { @@ -1350,6 +1670,56 @@ ] } }, + "Outputs": { + "ClusterConfigCommand43AAE40F": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks update-kubeconfig --name ", + { + "Ref": "ClusterEB0386A7" + }, + " --region ", + { + "Ref": "AWS::Region" + }, + " --role-arn ", + { + "Fn::GetAtt": [ + "AdminRole38563C57", + "Arn" + ] + } + ] + ] + } + }, + "ClusterGetTokenCommand06AE992E": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks get-token --cluster-name ", + { + "Ref": "ClusterEB0386A7" + }, + " --region ", + { + "Ref": "AWS::Region" + }, + " --role-arn ", + { + "Fn::GetAtt": [ + "AdminRole38563C57", + "Arn" + ] + } + ] + ] + } + } + }, "Mappings": { "LatestNodeRuntimeMap": { "af-south-1": { diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/manifest.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/manifest.json index 8f604ced93a75..0510c3e138d6b 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/b02ff4ffd818fda104bf4ceb0da58f037312c1a5743d2b3a76f81da8ce6cfc10.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/c40caf7f4fbdcc6a69a3e831ed0e4749d8a80f4147b45429bbb385d684ae01ea.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -333,10 +333,6 @@ "type": "aws:cdk:analytics:method", "data": "*" }, - { - "type": "aws:cdk:analytics:method", - "data": "*" - }, { "type": "aws:cdk:analytics:method", "data": "*" @@ -356,6 +352,56 @@ } ] } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + }, + { + "type": "aws:cdk:analytics:method", + "data": { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } } ], "/aws-cdk-eks-helm-test/Cluster/Role/ImportRole": [ @@ -385,6 +431,37 @@ "data": "ClusterControlPlaneSecurityGroupD274242C" } ], + "/aws-cdk-eks-helm-test/Cluster/ClusternodePoolRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + }, + "managedPolicies": [ + { + "managedPolicyArn": "*" + }, + { + "managedPolicyArn": "*" + } + ] + } + } + ], + "/aws-cdk-eks-helm-test/Cluster/ClusternodePoolRole/ImportClusternodePoolRole": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-eks-helm-test/Cluster/ClusternodePoolRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterClusternodePoolRole69276141" + } + ], "/aws-cdk-eks-helm-test/Cluster/Resource": [ { "type": "aws:cdk:logicalId", @@ -816,40 +893,90 @@ "data": "ClustermastersRoleAccess698EBA51" } ], - "/aws-cdk-eks-helm-test/Cluster/NodegroupDefaultCapacity": [ + "/aws-cdk-eks-helm-test/Cluster/ConfigCommand": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterConfigCommand43AAE40F" + } + ], + "/aws-cdk-eks-helm-test/Cluster/GetTokenCommand": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterGetTokenCommand06AE992E" + } + ], + "/aws-cdk-eks-helm-test/Cluster/chart-test-chart/Resource": [ { "type": "aws:cdk:analytics:construct", "data": "*" } ], - "/aws-cdk-eks-helm-test/Cluster/NodegroupDefaultCapacity/NodeGroupRole": [ + "/aws-cdk-eks-helm-test/Cluster/chart-test-chart/Resource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "Clustercharttestchart9FD698EB" + } + ], + "/aws-cdk-eks-helm-test/Cluster/chart-test-oci-chart/Resource": [ { "type": "aws:cdk:analytics:construct", - "data": { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - } - } - }, + "data": "*" + } + ], + "/aws-cdk-eks-helm-test/Cluster/chart-test-oci-chart/Resource/Default": [ { - "type": "aws:cdk:analytics:method", - "data": { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - } + "type": "aws:cdk:logicalId", + "data": "Clustercharttestocichart9C188967" + } + ], + "/aws-cdk-eks-helm-test/Cluster/chart-test-oci-chart-different-release-name/Resource": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-eks-helm-test/Cluster/chart-test-oci-chart-different-release-name/Resource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "Clustercharttestocichartdifferentreleasename6D3FD1A1" + } + ], + "/aws-cdk-eks-helm-test/Cluster/chart-test-skip-crd-installation/Resource": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" + } + ], + "/aws-cdk-eks-helm-test/Cluster/chart-test-skip-crd-installation/Resource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "ClustercharttestskipcrdinstallationB8323954" + } + ], + "/aws-cdk-eks-helm-test/Cluster/ec2-controller-sa/ConditionJson/Resource": [ + { + "type": "aws:cdk:analytics:construct", + "data": "*" }, { "type": "aws:cdk:analytics:method", + "data": "*" + } + ], + "/aws-cdk-eks-helm-test/Cluster/ec2-controller-sa/ConditionJson/Resource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "Clusterec2controllersaConditionJson93A80A33" + } + ], + "/aws-cdk-eks-helm-test/Cluster/ec2-controller-sa/Role": [ + { + "type": "aws:cdk:analytics:construct", "data": { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + } } }, { @@ -863,70 +990,54 @@ } } ], - "/aws-cdk-eks-helm-test/Cluster/NodegroupDefaultCapacity/NodeGroupRole/ImportNodeGroupRole": [ + "/aws-cdk-eks-helm-test/Cluster/ec2-controller-sa/Role/ImportRole": [ { "type": "aws:cdk:analytics:construct", "data": "*" } ], - "/aws-cdk-eks-helm-test/Cluster/NodegroupDefaultCapacity/NodeGroupRole/Resource": [ + "/aws-cdk-eks-helm-test/Cluster/ec2-controller-sa/Role/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04" + "data": "Clusterec2controllersaRole1DE83C2D" } ], - "/aws-cdk-eks-helm-test/Cluster/NodegroupDefaultCapacity/Resource": [ - { - "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupDefaultCapacityDA0920A3" - } - ], - "/aws-cdk-eks-helm-test/Cluster/chart-test-chart/Resource": [ + "/aws-cdk-eks-helm-test/Cluster/ec2-controller-sa/manifest-ec2-controller-saServiceAccountResource/Resource": [ { "type": "aws:cdk:analytics:construct", "data": "*" } ], - "/aws-cdk-eks-helm-test/Cluster/chart-test-chart/Resource/Default": [ + "/aws-cdk-eks-helm-test/Cluster/ec2-controller-sa/manifest-ec2-controller-saServiceAccountResource/Resource/Default": [ { "type": "aws:cdk:logicalId", - "data": "Clustercharttestchart9FD698EB" + "data": "Clusterec2controllersamanifestec2controllersaServiceAccountResource90211140" } ], - "/aws-cdk-eks-helm-test/Cluster/chart-test-oci-chart/Resource": [ + "/aws-cdk-eks-helm-test/Cluster/OpenIdConnectProvider": [ { "type": "aws:cdk:analytics:construct", "data": "*" - } - ], - "/aws-cdk-eks-helm-test/Cluster/chart-test-oci-chart/Resource/Default": [ - { - "type": "aws:cdk:logicalId", - "data": "Clustercharttestocichart9C188967" - } - ], - "/aws-cdk-eks-helm-test/Cluster/chart-test-oci-chart-different-release-name/Resource": [ + }, { "type": "aws:cdk:analytics:construct", "data": "*" } ], - "/aws-cdk-eks-helm-test/Cluster/chart-test-oci-chart-different-release-name/Resource/Default": [ - { - "type": "aws:cdk:logicalId", - "data": "Clustercharttestocichartdifferentreleasename6D3FD1A1" - } - ], - "/aws-cdk-eks-helm-test/Cluster/chart-test-skip-crd-installation/Resource": [ + "/aws-cdk-eks-helm-test/Cluster/OpenIdConnectProvider/Resource": [ { "type": "aws:cdk:analytics:construct", "data": "*" + }, + { + "type": "aws:cdk:analytics:method", + "data": "*" } ], - "/aws-cdk-eks-helm-test/Cluster/chart-test-skip-crd-installation/Resource/Default": [ + "/aws-cdk-eks-helm-test/Cluster/OpenIdConnectProvider/Resource/Default": [ { "type": "aws:cdk:logicalId", - "data": "ClustercharttestskipcrdinstallationB8323954" + "data": "ClusterOpenIdConnectProviderE7EB0530" } ], "/aws-cdk-eks-helm-test/Cluster/chart-test-atomic-installation/Resource": [ @@ -959,6 +1070,42 @@ "data": "LatestNodeRuntimeMap" } ], + "/aws-cdk-eks-helm-test/Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider": [ + { + "type": "aws:cdk:is-custom-resource-handler-customResourceProvider", + "data": true + } + ], + "/aws-cdk-eks-helm-test/Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65" + } + ], + "/aws-cdk-eks-helm-test/Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0" + } + ], + "/aws-cdk-eks-helm-test/AWSCDKCfnUtilsProviderCustomResourceProvider": [ + { + "type": "aws:cdk:is-custom-resource-handler-customResourceProvider", + "data": true + } + ], + "/aws-cdk-eks-helm-test/AWSCDKCfnUtilsProviderCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867" + } + ], + "/aws-cdk-eks-helm-test/AWSCDKCfnUtilsProviderCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "AWSCDKCfnUtilsProviderCustomResourceProviderHandlerCF82AA57" + } + ], "/aws-cdk-eks-helm-test/BootstrapVersion": [ { "type": "aws:cdk:logicalId", diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/tree.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/tree.json index 488b9792b4b94..e5ca63a30e7d9 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.js.snapshot/tree.json @@ -892,7 +892,10 @@ "assumeRolePolicyDocument": { "Statement": [ { - "Action": "sts:AssumeRole", + "Action": [ + "sts:AssumeRole", + "sts:TagSession" + ], "Effect": "Allow", "Principal": { "Service": "eks.amazonaws.com" @@ -913,6 +916,54 @@ ":iam::aws:policy/AmazonEKSClusterPolicy" ] ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSComputePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSBlockStoragePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSLoadBalancingPolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSNetworkingPolicy" + ] + ] } ] } @@ -937,6 +988,41 @@ "managedPolicyArn": "*" } ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] } ] } @@ -981,6 +1067,94 @@ ] } }, + "ClusternodePoolRole": { + "id": "ClusternodePoolRole", + "path": "aws-cdk-eks-helm-test/Cluster/ClusternodePoolRole", + "children": { + "ImportClusternodePoolRole": { + "id": "ImportClusternodePoolRole", + "path": "aws-cdk-eks-helm-test/Cluster/ClusternodePoolRole/ImportClusternodePoolRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0", + "metadata": [ + "*" + ] + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-eks-helm-test/Cluster/ClusternodePoolRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ec2.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSWorkerNodePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0", + "metadata": [ + { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + }, + "managedPolicies": [ + { + "managedPolicyArn": "*" + }, + { + "managedPolicyArn": "*" + } + ] + } + ] + } + }, "Resource": { "id": "Resource", "path": "aws-cdk-eks-helm-test/Cluster/Resource", @@ -990,8 +1164,24 @@ "accessConfig": { "authenticationMode": "API" }, + "computeConfig": { + "enabled": true, + "nodePools": [ + "system", + "general-purpose" + ], + "nodeRoleArn": { + "Fn::GetAtt": [ + "ClusterClusternodePoolRole69276141", + "Arn" + ] + } + }, "kubernetesNetworkConfig": { - "ipFamily": "ipv4" + "ipFamily": "ipv4", + "elasticLoadBalancing": { + "enabled": true + } }, "resourcesVpcConfig": { "securityGroupIds": [ @@ -1025,6 +1215,11 @@ "Arn" ] }, + "storageConfig": { + "blockStorage": { + "enabled": true + } + }, "version": "1.32" } }, @@ -2053,170 +2248,20 @@ ] } }, - "NodegroupDefaultCapacity": { - "id": "NodegroupDefaultCapacity", - "path": "aws-cdk-eks-helm-test/Cluster/NodegroupDefaultCapacity", - "children": { - "NodeGroupRole": { - "id": "NodeGroupRole", - "path": "aws-cdk-eks-helm-test/Cluster/NodegroupDefaultCapacity/NodeGroupRole", - "children": { - "ImportNodeGroupRole": { - "id": "ImportNodeGroupRole", - "path": "aws-cdk-eks-helm-test/Cluster/NodegroupDefaultCapacity/NodeGroupRole/ImportNodeGroupRole", - "constructInfo": { - "fqn": "aws-cdk-lib.Resource", - "version": "0.0.0", - "metadata": [ - "*" - ] - } - }, - "Resource": { - "id": "Resource", - "path": "aws-cdk-eks-helm-test/Cluster/NodegroupDefaultCapacity/NodeGroupRole/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::IAM::Role", - "aws:cdk:cloudformation:props": { - "assumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ec2.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "managedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKSWorkerNodePolicy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEKS_CNI_Policy" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" - ] - ] - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.CfnRole", - "version": "0.0.0" - } - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_iam.Role", - "version": "0.0.0", - "metadata": [ - { - "assumedBy": { - "principalAccount": "*", - "assumeRoleAction": "*" - } - }, - { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - }, - { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - }, - { - "addManagedPolicy": [ - { - "managedPolicyArn": "*" - } - ] - } - ] - } - }, - "Resource": { - "id": "Resource", - "path": "aws-cdk-eks-helm-test/Cluster/NodegroupDefaultCapacity/Resource", - "attributes": { - "aws:cdk:cloudformation:type": "AWS::EKS::Nodegroup", - "aws:cdk:cloudformation:props": { - "amiType": "AL2_x86_64", - "clusterName": { - "Ref": "ClusterEB0386A7" - }, - "forceUpdateEnabled": true, - "instanceTypes": [ - "m5.large" - ], - "nodeRole": { - "Fn::GetAtt": [ - "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", - "Arn" - ] - }, - "scalingConfig": { - "desiredSize": 2, - "maxSize": 2, - "minSize": 2 - }, - "subnets": [ - { - "Ref": "VpcPrivateSubnet1Subnet536B997A" - }, - { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1" - } - ] - } - }, - "constructInfo": { - "fqn": "aws-cdk-lib.aws_eks.CfnNodegroup", - "version": "0.0.0" - } - } - }, + "ConfigCommand": { + "id": "ConfigCommand", + "path": "aws-cdk-eks-helm-test/Cluster/ConfigCommand", "constructInfo": { - "fqn": "@aws-cdk/aws-eks-v2-alpha.Nodegroup", - "version": "0.0.0", - "metadata": [ - "*" - ] + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, + "GetTokenCommand": { + "id": "GetTokenCommand", + "path": "aws-cdk-eks-helm-test/Cluster/GetTokenCommand", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" } }, "chart-test-chart": { @@ -2343,6 +2388,200 @@ "version": "0.0.0" } }, + "ec2-controller-sa": { + "id": "ec2-controller-sa", + "path": "aws-cdk-eks-helm-test/Cluster/ec2-controller-sa", + "children": { + "ConditionJson": { + "id": "ConditionJson", + "path": "aws-cdk-eks-helm-test/Cluster/ec2-controller-sa/ConditionJson", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-eks-helm-test/Cluster/ec2-controller-sa/ConditionJson/Resource", + "children": { + "Default": { + "id": "Default", + "path": "aws-cdk-eks-helm-test/Cluster/ec2-controller-sa/ConditionJson/Resource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0", + "metadata": [ + "*", + "*" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CfnJson", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "aws-cdk-eks-helm-test/Cluster/ec2-controller-sa/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "aws-cdk-eks-helm-test/Cluster/ec2-controller-sa/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0", + "metadata": [ + "*" + ] + } + }, + "Resource": { + "id": "Resource", + "path": "aws-cdk-eks-helm-test/Cluster/ec2-controller-sa/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRoleWithWebIdentity", + "Condition": { + "StringEquals": { + "Fn::GetAtt": [ + "Clusterec2controllersaConditionJson93A80A33", + "Value" + ] + } + }, + "Effect": "Allow", + "Principal": { + "Federated": { + "Ref": "ClusterOpenIdConnectProviderE7EB0530" + } + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2FullAccess" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0", + "metadata": [ + { + "assumedBy": { + "principalAccount": "*", + "assumeRoleAction": "*" + } + }, + { + "addManagedPolicy": [ + { + "managedPolicyArn": "*" + } + ] + } + ] + } + }, + "manifest-ec2-controller-saServiceAccountResource": { + "id": "manifest-ec2-controller-saServiceAccountResource", + "path": "aws-cdk-eks-helm-test/Cluster/ec2-controller-sa/manifest-ec2-controller-saServiceAccountResource", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-eks-helm-test/Cluster/ec2-controller-sa/manifest-ec2-controller-saServiceAccountResource/Resource", + "children": { + "Default": { + "id": "Default", + "path": "aws-cdk-eks-helm-test/Cluster/ec2-controller-sa/manifest-ec2-controller-saServiceAccountResource/Resource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0", + "metadata": [ + "*" + ] + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-eks-v2-alpha.KubernetesManifest", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-eks-v2-alpha.ServiceAccount", + "version": "0.0.0" + } + }, + "OpenIdConnectProvider": { + "id": "OpenIdConnectProvider", + "path": "aws-cdk-eks-helm-test/Cluster/OpenIdConnectProvider", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-cdk-eks-helm-test/Cluster/OpenIdConnectProvider/Resource", + "children": { + "Default": { + "id": "Default", + "path": "aws-cdk-eks-helm-test/Cluster/OpenIdConnectProvider/Resource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "0.0.0", + "metadata": [ + "*", + "*" + ] + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-eks-v2-alpha.OpenIdConnectProvider", + "version": "0.0.0", + "metadata": [ + "*", + "*" + ] + } + }, "chart-test-atomic-installation": { "id": "chart-test-atomic-installation", "path": "aws-cdk-eks-helm-test/Cluster/chart-test-atomic-installation", @@ -2410,7 +2649,6 @@ "fqn": "@aws-cdk/aws-eks-v2-alpha.Cluster", "version": "0.0.0", "metadata": [ - "*", "*", "*", "*" @@ -2452,6 +2690,74 @@ "version": "0.0.0" } }, + "Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider": { + "id": "Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider", + "path": "aws-cdk-eks-helm-test/Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "aws-cdk-eks-helm-test/Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "aws-cdk-eks-helm-test/Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "aws-cdk-eks-helm-test/Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResourceProviderBase", + "version": "0.0.0" + } + }, + "AWSCDKCfnUtilsProviderCustomResourceProvider": { + "id": "AWSCDKCfnUtilsProviderCustomResourceProvider", + "path": "aws-cdk-eks-helm-test/AWSCDKCfnUtilsProviderCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "aws-cdk-eks-helm-test/AWSCDKCfnUtilsProviderCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "aws-cdk-eks-helm-test/AWSCDKCfnUtilsProviderCustomResourceProvider/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "aws-cdk-eks-helm-test/AWSCDKCfnUtilsProviderCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResourceProviderBase", + "version": "0.0.0" + } + }, "BootstrapVersion": { "id": "BootstrapVersion", "path": "aws-cdk-eks-helm-test/BootstrapVersion", diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.ts b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.ts index 5ad16028b6b6c..4f110f3978e08 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.ts +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-helm-asset.ts @@ -69,7 +69,7 @@ class EksClusterStack extends Stack { // testing the disable mechanism of the installation of CRDs // https://gallery.ecr.aws/aws-controllers-k8s/rds-chart - this.cluster.addHelmChart('test-skip-crd-installation', { + const rdsChart = this.cluster.addHelmChart('test-skip-crd-installation', { chart: 'rds-chart', release: 'rds-chart-release', repository: 'oci://public.ecr.aws/aws-controllers-k8s/rds-chart', @@ -82,6 +82,18 @@ class EksClusterStack extends Stack { // testing installation with atomic flag set to true // https://gallery.ecr.aws/aws-controllers-k8s/sns-chart + // this service account has to be created in `ack-system` + // we need to ensure that the namespace is created before the service account + const sa = this.cluster.addServiceAccount('ec2-controller-sa', { + namespace: 'ack-system', + }); + + // rdsChart should create the namespace `ack-system` if not available + // adding the dependency ensures that the namespace is created before the service account + sa.node.addDependency(rdsChart); + + sa.role.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonEC2FullAccess')); + this.cluster.addHelmChart('test-atomic-installation', { chart: 'ec2-chart', release: 'ec2-chart-release', @@ -91,7 +103,17 @@ class EksClusterStack extends Stack { createNamespace: true, skipCrds: true, atomic: true, - values: { aws: { region: this.region } }, + values: { + aws: { region: this.region }, + serviceAccount: { + name: sa.serviceAccountName, + create: false, + annotations: { + // implicit dependency on the service account + 'eks.amazonaws.com/role-arn': sa.role.roleArn, + }, + }, + }, }); // https://github.com/orgs/grafana-operator/packages/container/package/helm-charts%2Fgrafana-operator diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip new file mode 100644 index 0000000000000..0a8e7ba83b46f Binary files /dev/null and b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip differ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.js.snapshot/aws-cdk-eks-cluster-inference-nodegroup.assets.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.js.snapshot/aws-cdk-eks-cluster-inference-nodegroup.assets.json index 0878e3d070389..13ea10e413194 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.js.snapshot/aws-cdk-eks-cluster-inference-nodegroup.assets.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.js.snapshot/aws-cdk-eks-cluster-inference-nodegroup.assets.json @@ -79,7 +79,7 @@ } } }, - "5f23caeefeeb423c06f4fdc27eb3a6804455b152cf6001ab37cde74b11ca07f6": { + "b917aa7f15fe7521b923019fb76804ea4d8ac0be343d2045c3cb9b15df1d06c7": { "source": { "path": "aws-cdk-eks-cluster-inference-nodegroup.template.json", "packaging": "file" @@ -87,7 +87,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "5f23caeefeeb423c06f4fdc27eb3a6804455b152cf6001ab37cde74b11ca07f6.json", + "objectKey": "b917aa7f15fe7521b923019fb76804ea4d8ac0be343d2045c3cb9b15df1d06c7.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.js.snapshot/aws-cdk-eks-cluster-inference-nodegroup.template.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.js.snapshot/aws-cdk-eks-cluster-inference-nodegroup.template.json index 3f187b4104598..e14e223bdcbca 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.js.snapshot/aws-cdk-eks-cluster-inference-nodegroup.template.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.js.snapshot/aws-cdk-eks-cluster-inference-nodegroup.template.json @@ -461,7 +461,13 @@ "AccessConfig": { "AuthenticationMode": "API" }, + "ComputeConfig": { + "Enabled": false + }, "KubernetesNetworkConfig": { + "ElasticLoadBalancing": { + "Enabled": false + }, "IpFamily": "ipv4" }, "ResourcesVpcConfig": { @@ -496,6 +502,11 @@ "Arn" ] }, + "StorageConfig": { + "BlockStorage": { + "Enabled": false + } + }, "Version": "1.32" }, "DependsOn": [ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.js.snapshot/manifest.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.js.snapshot/manifest.json index eb8904c8fa719..30b0095ec531a 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/5f23caeefeeb423c06f4fdc27eb3a6804455b152cf6001ab37cde74b11ca07f6.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/b917aa7f15fe7521b923019fb76804ea4d8ac0be343d2045c3cb9b15df1d06c7.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -370,7 +370,10 @@ "/aws-cdk-eks-cluster-inference-nodegroup/Cluster/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterEB0386A7" + "data": "ClusterEB0386A7", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster-inference-nodegroup/Cluster/KubectlReadyBarrier": [ @@ -767,7 +770,10 @@ "/aws-cdk-eks-cluster-inference-nodegroup/Cluster/ClusterAdminRoleAccess/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterClusterAdminRoleAccessF2BFF759" + "data": "ClusterClusterAdminRoleAccessF2BFF759", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster-inference-nodegroup/Cluster/OpenIdConnectProvider": [ @@ -858,7 +864,10 @@ "/aws-cdk-eks-cluster-inference-nodegroup/Cluster/NodegroupDefaultCapacity/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupDefaultCapacityDA0920A3" + "data": "ClusterNodegroupDefaultCapacityDA0920A3", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster-inference-nodegroup/Cluster/manifest-NeuronDevicePlugin/Resource": [ @@ -935,7 +944,10 @@ "/aws-cdk-eks-cluster-inference-nodegroup/Cluster/NodegroupInferenceInstances/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupInferenceInstances3C846611" + "data": "ClusterNodegroupInferenceInstances3C846611", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster-inference-nodegroup/Cluster/NodegroupInference2Instances": [ @@ -1000,7 +1012,10 @@ "/aws-cdk-eks-cluster-inference-nodegroup/Cluster/NodegroupInference2Instances/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupInference2InstancesEE502FE8" + "data": "ClusterNodegroupInference2InstancesEE502FE8", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster-inference-nodegroup/LatestNodeRuntimeMap": [ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.js.snapshot/tree.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.js.snapshot/tree.json index 327930689ea80..6f698f03eb2f6 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.js.snapshot/tree.json @@ -922,8 +922,14 @@ "accessConfig": { "authenticationMode": "API" }, + "computeConfig": { + "enabled": false + }, "kubernetesNetworkConfig": { - "ipFamily": "ipv4" + "ipFamily": "ipv4", + "elasticLoadBalancing": { + "enabled": false + } }, "resourcesVpcConfig": { "securityGroupIds": [ @@ -957,6 +963,11 @@ "Arn" ] }, + "storageConfig": { + "blockStorage": { + "enabled": false + } + }, "version": "1.32" } }, diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.ts b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.ts index 81d0399b2853b..14720d6f4ae85 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.ts +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-inference-nodegroup.ts @@ -22,6 +22,7 @@ class EksClusterInferenceStack extends Stack { albController: { version: eks.AlbControllerVersion.V2_8_2, }, + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, }); cluster.addNodegroupCapacity('InferenceInstances', { diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.js.snapshot/EKSStandardAccessEntry.assets.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.js.snapshot/EKSStandardAccessEntry.assets.json index 60891eacc1981..fc9f20a139387 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.js.snapshot/EKSStandardAccessEntry.assets.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.js.snapshot/EKSStandardAccessEntry.assets.json @@ -53,7 +53,7 @@ } } }, - "2add7ccb56d8982722080b744445c7bc74e968f7622e065e8eff8307f46edc9d": { + "e21db2643d9181f260c6a7c2809bf4ec3aa6bea3c31194c00499b6c4d84a0162": { "source": { "path": "EKSStandardAccessEntry.template.json", "packaging": "file" @@ -61,7 +61,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "2add7ccb56d8982722080b744445c7bc74e968f7622e065e8eff8307f46edc9d.json", + "objectKey": "e21db2643d9181f260c6a7c2809bf4ec3aa6bea3c31194c00499b6c4d84a0162.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.js.snapshot/EKSStandardAccessEntry.template.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.js.snapshot/EKSStandardAccessEntry.template.json index 334e529691e61..c7e310fdc8b2e 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.js.snapshot/EKSStandardAccessEntry.template.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.js.snapshot/EKSStandardAccessEntry.template.json @@ -461,7 +461,13 @@ "AccessConfig": { "AuthenticationMode": "API" }, + "ComputeConfig": { + "Enabled": false + }, "KubernetesNetworkConfig": { + "ElasticLoadBalancing": { + "Enabled": false + }, "IpFamily": "ipv4" }, "ResourcesVpcConfig": { @@ -496,6 +502,11 @@ "Arn" ] }, + "StorageConfig": { + "BlockStorage": { + "Enabled": false + } + }, "Version": "1.32" }, "DependsOn": [ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip new file mode 100644 index 0000000000000..0a8e7ba83b46f Binary files /dev/null and b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip differ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.js.snapshot/manifest.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.js.snapshot/manifest.json index 8f0b817e0b6f5..6c16417676ca8 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/2add7ccb56d8982722080b744445c7bc74e968f7622e065e8eff8307f46edc9d.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/e21db2643d9181f260c6a7c2809bf4ec3aa6bea3c31194c00499b6c4d84a0162.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -358,7 +358,10 @@ "/EKSStandardAccessEntry/Cluster/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterEB0386A7" + "data": "ClusterEB0386A7", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/EKSStandardAccessEntry/Cluster/KubectlReadyBarrier": [ @@ -755,7 +758,10 @@ "/EKSStandardAccessEntry/Cluster/ClusterAdminRoleAccess/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterClusterAdminRoleAccessF2BFF759" + "data": "ClusterClusterAdminRoleAccessF2BFF759", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/EKSStandardAccessEntry/LatestNodeRuntimeMap": [ @@ -796,7 +802,10 @@ "/EKSStandardAccessEntry/AccessEntry/Resource": [ { "type": "aws:cdk:logicalId", - "data": "AccessEntry5263FF03" + "data": "AccessEntry5263FF03", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/EKSStandardAccessEntry/BootstrapVersion": [ @@ -810,6 +819,15 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } + ], + "ClusterClusternodePoolRole69276141": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterClusternodePoolRole69276141", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } ] }, "displayName": "EKSStandardAccessEntry" diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.js.snapshot/tree.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.js.snapshot/tree.json index 1ad634e93c2b2..05d6aa531b9a2 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.js.snapshot/tree.json @@ -922,8 +922,14 @@ "accessConfig": { "authenticationMode": "API" }, + "computeConfig": { + "enabled": false + }, "kubernetesNetworkConfig": { - "ipFamily": "ipv4" + "ipFamily": "ipv4", + "elasticLoadBalancing": { + "enabled": false + } }, "resourcesVpcConfig": { "securityGroupIds": [ @@ -957,6 +963,11 @@ "Arn" ] }, + "storageConfig": { + "blockStorage": { + "enabled": false + } + }, "version": "1.32" } }, diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.ts b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.ts index ed767a43c7458..2be0aec5078d3 100755 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.ts +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-standard-access-entry.ts @@ -17,6 +17,7 @@ class EksStandardAccessEntry extends Stack { }); const cluster = new eks.Cluster(this, 'Cluster', { vpc, + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, defaultCapacity: 0, version: eks.KubernetesVersion.V1_32, kubectlProviderOptions: { diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip new file mode 100644 index 0000000000000..0a8e7ba83b46f Binary files /dev/null and b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip differ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.js.snapshot/aws-cdk-eks-cluster-stack.assets.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.js.snapshot/aws-cdk-eks-cluster-stack.assets.json index afdae7576e03b..6e027b7facab7 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.js.snapshot/aws-cdk-eks-cluster-stack.assets.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.js.snapshot/aws-cdk-eks-cluster-stack.assets.json @@ -66,7 +66,7 @@ } } }, - "c852102e04aa2f2dfde6434e2595d107fa4b002608b0e9864a7e4c4ea488f637": { + "17c24959dd3daa34b71244ee99b9f9ff9b49c1ff2f8e3d67f3d9d23994abb699": { "source": { "path": "aws-cdk-eks-cluster-stack.template.json", "packaging": "file" @@ -74,7 +74,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "c852102e04aa2f2dfde6434e2595d107fa4b002608b0e9864a7e4c4ea488f637.json", + "objectKey": "17c24959dd3daa34b71244ee99b9f9ff9b49c1ff2f8e3d67f3d9d23994abb699.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.js.snapshot/aws-cdk-eks-cluster-stack.template.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.js.snapshot/aws-cdk-eks-cluster-stack.template.json index d3165069eb95c..1f65566dc58a6 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.js.snapshot/aws-cdk-eks-cluster-stack.template.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.js.snapshot/aws-cdk-eks-cluster-stack.template.json @@ -585,7 +585,13 @@ "AccessConfig": { "AuthenticationMode": "API" }, + "ComputeConfig": { + "Enabled": false + }, "KubernetesNetworkConfig": { + "ElasticLoadBalancing": { + "Enabled": false + }, "IpFamily": "ipv4" }, "ResourcesVpcConfig": { @@ -614,6 +620,11 @@ "Arn" ] }, + "StorageConfig": { + "BlockStorage": { + "Enabled": false + } + }, "Version": "1.32" } }, diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.js.snapshot/manifest.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.js.snapshot/manifest.json index bd5276e25c9c9..cfc0df489e51b 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/c852102e04aa2f2dfde6434e2595d107fa4b002608b0e9864a7e4c4ea488f637.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/17c24959dd3daa34b71244ee99b9f9ff9b49c1ff2f8e3d67f3d9d23994abb699.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -392,7 +392,10 @@ "/aws-cdk-eks-cluster-stack/Cluster/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterEB0386A7" + "data": "ClusterEB0386A7", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster-stack/Cluster/KubectlReadyBarrier": [ @@ -779,7 +782,10 @@ "/aws-cdk-eks-cluster-stack/Cluster/ClusterAdminRoleAccess/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterClusterAdminRoleAccessF2BFF759" + "data": "ClusterClusterAdminRoleAccessF2BFF759", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster-stack/BootstrapVersion": [ @@ -793,6 +799,15 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } + ], + "ClusterClusternodePoolRole69276141": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterClusternodePoolRole69276141", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" + ] + } ] }, "displayName": "aws-cdk-eks-cluster-stack" diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.js.snapshot/tree.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.js.snapshot/tree.json index 1283fdb56207c..1dee840871884 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.js.snapshot/tree.json @@ -983,8 +983,14 @@ "accessConfig": { "authenticationMode": "API" }, + "computeConfig": { + "enabled": false + }, "kubernetesNetworkConfig": { - "ipFamily": "ipv4" + "ipFamily": "ipv4", + "elasticLoadBalancing": { + "enabled": false + } }, "resourcesVpcConfig": { "securityGroupIds": [ @@ -1012,6 +1018,11 @@ "Arn" ] }, + "storageConfig": { + "blockStorage": { + "enabled": false + } + }, "version": "1.32" } }, diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.ts b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.ts index 63481d433bbde..cf90d80559a05 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.ts +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-subnet-updates.ts @@ -15,6 +15,7 @@ class EksClusterStack extends Stack { kubectlProviderOptions: { kubectlLayer: new KubectlV32Layer(this, 'kubectlLayer'), }, + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, defaultCapacity: 0, endpointAccess: eks.EndpointAccess.PUBLIC_AND_PRIVATE, vpcSubnets: [{ subnetType: ec2.SubnetType.PUBLIC }], diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip new file mode 100644 index 0000000000000..0a8e7ba83b46f Binary files /dev/null and b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip differ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.js.snapshot/aws-cdk-eks-cluster-windows-ng-test.assets.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.js.snapshot/aws-cdk-eks-cluster-windows-ng-test.assets.json index b6cb0a9868e98..c064feb39ad36 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.js.snapshot/aws-cdk-eks-cluster-windows-ng-test.assets.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.js.snapshot/aws-cdk-eks-cluster-windows-ng-test.assets.json @@ -66,7 +66,7 @@ } } }, - "6bc2472d729656bbbabd5e93cdd1fbd16b06ccffa5935a7c806ed942514108c5": { + "26cd3b39729353a618fdd92d4cb6a0b004748ec7efe7c8b57d9e66e2bf010480": { "source": { "path": "aws-cdk-eks-cluster-windows-ng-test.template.json", "packaging": "file" @@ -74,7 +74,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "6bc2472d729656bbbabd5e93cdd1fbd16b06ccffa5935a7c806ed942514108c5.json", + "objectKey": "26cd3b39729353a618fdd92d4cb6a0b004748ec7efe7c8b57d9e66e2bf010480.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.js.snapshot/aws-cdk-eks-cluster-windows-ng-test.template.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.js.snapshot/aws-cdk-eks-cluster-windows-ng-test.template.json index fa39eecf67f11..09e211a76152d 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.js.snapshot/aws-cdk-eks-cluster-windows-ng-test.template.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.js.snapshot/aws-cdk-eks-cluster-windows-ng-test.template.json @@ -617,7 +617,13 @@ "AccessConfig": { "AuthenticationMode": "API" }, + "ComputeConfig": { + "Enabled": false + }, "KubernetesNetworkConfig": { + "ElasticLoadBalancing": { + "Enabled": false + }, "IpFamily": "ipv4" }, "ResourcesVpcConfig": { @@ -652,6 +658,11 @@ "Arn" ] }, + "StorageConfig": { + "BlockStorage": { + "Enabled": false + } + }, "Version": "1.32" }, "DependsOn": [ @@ -1445,6 +1456,56 @@ ] } }, + "Outputs": { + "ClusterConfigCommand43AAE40F": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks update-kubeconfig --name ", + { + "Ref": "ClusterEB0386A7" + }, + " --region ", + { + "Ref": "AWS::Region" + }, + " --role-arn ", + { + "Fn::GetAtt": [ + "AdminRole38563C57", + "Arn" + ] + } + ] + ] + } + }, + "ClusterGetTokenCommand06AE992E": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks get-token --cluster-name ", + { + "Ref": "ClusterEB0386A7" + }, + " --region ", + { + "Ref": "AWS::Region" + }, + " --role-arn ", + { + "Fn::GetAtt": [ + "AdminRole38563C57", + "Arn" + ] + } + ] + ] + } + } + }, "Parameters": { "BootstrapVersion": { "Type": "AWS::SSM::Parameter::Value", diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.js.snapshot/manifest.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.js.snapshot/manifest.json index 5b51eaadee974..1d063bbe36ac6 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/6bc2472d729656bbbabd5e93cdd1fbd16b06ccffa5935a7c806ed942514108c5.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/26cd3b39729353a618fdd92d4cb6a0b004748ec7efe7c8b57d9e66e2bf010480.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -427,7 +427,10 @@ "/aws-cdk-eks-cluster-windows-ng-test/Cluster/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterEB0386A7" + "data": "ClusterEB0386A7", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster-windows-ng-test/Cluster/KubectlReadyBarrier": [ @@ -824,7 +827,10 @@ "/aws-cdk-eks-cluster-windows-ng-test/Cluster/ClusterAdminRoleAccess/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterClusterAdminRoleAccessF2BFF759" + "data": "ClusterClusterAdminRoleAccessF2BFF759", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster-windows-ng-test/Cluster/mastersRoleAccess": [ @@ -836,7 +842,22 @@ "/aws-cdk-eks-cluster-windows-ng-test/Cluster/mastersRoleAccess/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClustermastersRoleAccess698EBA51" + "data": "ClustermastersRoleAccess698EBA51", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] + } + ], + "/aws-cdk-eks-cluster-windows-ng-test/Cluster/ConfigCommand": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterConfigCommand43AAE40F" + } + ], + "/aws-cdk-eks-cluster-windows-ng-test/Cluster/GetTokenCommand": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterGetTokenCommand06AE992E" } ], "/aws-cdk-eks-cluster-windows-ng-test/Cluster/NodegroupLinuxNodegroup": [ @@ -901,7 +922,10 @@ "/aws-cdk-eks-cluster-windows-ng-test/Cluster/NodegroupLinuxNodegroup/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupLinuxNodegroup8D946039" + "data": "ClusterNodegroupLinuxNodegroup8D946039", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster-windows-ng-test/Cluster/NodegroupWindowsNodegroup": [ @@ -966,7 +990,10 @@ "/aws-cdk-eks-cluster-windows-ng-test/Cluster/NodegroupWindowsNodegroup/Resource": [ { "type": "aws:cdk:logicalId", - "data": "ClusterNodegroupWindowsNodegroup4D72A84B" + "data": "ClusterNodegroupWindowsNodegroup4D72A84B", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/aws-cdk-eks-cluster-windows-ng-test/BootstrapVersion": [ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.js.snapshot/tree.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.js.snapshot/tree.json index 090f48a3563e8..c6f05034e0ba0 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.js.snapshot/tree.json @@ -1052,8 +1052,14 @@ "accessConfig": { "authenticationMode": "API" }, + "computeConfig": { + "enabled": false + }, "kubernetesNetworkConfig": { - "ipFamily": "ipv4" + "ipFamily": "ipv4", + "elasticLoadBalancing": { + "enabled": false + } }, "resourcesVpcConfig": { "securityGroupIds": [ @@ -1087,6 +1093,11 @@ "Arn" ] }, + "storageConfig": { + "blockStorage": { + "enabled": false + } + }, "version": "1.32" } }, @@ -2064,6 +2075,22 @@ ] } }, + "ConfigCommand": { + "id": "ConfigCommand", + "path": "aws-cdk-eks-cluster-windows-ng-test/Cluster/ConfigCommand", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, + "GetTokenCommand": { + "id": "GetTokenCommand", + "path": "aws-cdk-eks-cluster-windows-ng-test/Cluster/GetTokenCommand", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "0.0.0" + } + }, "NodegroupLinuxNodegroup": { "id": "NodegroupLinuxNodegroup", "path": "aws-cdk-eks-cluster-windows-ng-test/Cluster/NodegroupLinuxNodegroup", diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.ts b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.ts index 44fa8305b8c80..2f9b58367fe08 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.ts +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.eks-windows-ng.ts @@ -31,6 +31,7 @@ class EksClusterStack extends Stack { kubectlProviderOptions: { kubectlLayer: new KubectlV32Layer(this, 'kubectlLayer'), }, + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, }); this.cluster.addNodegroupCapacity('LinuxNodegroup', { diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip new file mode 100644 index 0000000000000..0a8e7ba83b46f Binary files /dev/null and b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/asset.25c16d2ab30e35800b3ea63c44c93deb85584076eb09a2db9f971803252b22dc.zip differ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/eks-fargate-cluster-test-stack.assets.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/eks-fargate-cluster-test-stack.assets.json index 87698d4905739..5583acc476803 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/eks-fargate-cluster-test-stack.assets.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/eks-fargate-cluster-test-stack.assets.json @@ -66,7 +66,7 @@ } } }, - "a7dd63219dc266006d9fdfe0c1c5f7a77b1341c6400fecde7274e5dec4873537": { + "7a6bcbf9eeec018eed54563f9ef3fbfa3e3b143620fc5ffd4a32ee78d50755f5": { "source": { "path": "eks-fargate-cluster-test-stack.template.json", "packaging": "file" @@ -74,7 +74,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "a7dd63219dc266006d9fdfe0c1c5f7a77b1341c6400fecde7274e5dec4873537.json", + "objectKey": "7a6bcbf9eeec018eed54563f9ef3fbfa3e3b143620fc5ffd4a32ee78d50755f5.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/eks-fargate-cluster-test-stack.template.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/eks-fargate-cluster-test-stack.template.json index 2ad738af09c1c..59168d9da6cec 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/eks-fargate-cluster-test-stack.template.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/eks-fargate-cluster-test-stack.template.json @@ -527,7 +527,13 @@ "AccessConfig": { "AuthenticationMode": "API" }, + "ComputeConfig": { + "Enabled": false + }, "KubernetesNetworkConfig": { + "ElasticLoadBalancing": { + "Enabled": false + }, "IpFamily": "ipv4" }, "ResourcesVpcConfig": { @@ -562,6 +568,11 @@ "Arn" ] }, + "StorageConfig": { + "BlockStorage": { + "Enabled": false + } + }, "Version": "1.32" }, "DependsOn": [ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/manifest.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/manifest.json index 061ca98697449..757d5489f8973 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/a7dd63219dc266006d9fdfe0c1c5f7a77b1341c6400fecde7274e5dec4873537.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/7a6bcbf9eeec018eed54563f9ef3fbfa3e3b143620fc5ffd4a32ee78d50755f5.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -394,7 +394,10 @@ "/eks-fargate-cluster-test-stack/FargateTestCluster/Resource": [ { "type": "aws:cdk:logicalId", - "data": "FargateTestClusterCAF9262D" + "data": "FargateTestClusterCAF9262D", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/eks-fargate-cluster-test-stack/FargateTestCluster/KubectlReadyBarrier": [ @@ -791,7 +794,10 @@ "/eks-fargate-cluster-test-stack/FargateTestCluster/ClusterAdminRoleAccess/Resource": [ { "type": "aws:cdk:logicalId", - "data": "FargateTestClusterClusterAdminRoleAccess9EFE9888" + "data": "FargateTestClusterClusterAdminRoleAccess9EFE9888", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/eks-fargate-cluster-test-stack/FargateTestCluster/CoreDnsComputeTypePatch/Resource": [ @@ -837,7 +843,10 @@ "/eks-fargate-cluster-test-stack/FargateTestCluster/fargate-profile-default/Resource": [ { "type": "aws:cdk:logicalId", - "data": "FargateTestClusterfargateprofiledefault120EDDF6" + "data": "FargateTestClusterfargateprofiledefault120EDDF6", + "trace": [ + "!!DESTRUCTIVE_CHANGES: WILL_REPLACE" + ] } ], "/eks-fargate-cluster-test-stack/LatestNodeRuntimeMap": [ diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/tree.json b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/tree.json index 60f7f21249165..4686d29f4e7a6 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/tree.json +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/integ.fargate-cluster.js.snapshot/tree.json @@ -1000,8 +1000,14 @@ "accessConfig": { "authenticationMode": "API" }, + "computeConfig": { + "enabled": false + }, "kubernetesNetworkConfig": { - "ipFamily": "ipv4" + "ipFamily": "ipv4", + "elasticLoadBalancing": { + "enabled": false + } }, "resourcesVpcConfig": { "securityGroupIds": [ @@ -1035,6 +1041,11 @@ "Arn" ] }, + "storageConfig": { + "blockStorage": { + "enabled": false + } + }, "version": "1.32" } }, diff --git a/packages/@aws-cdk/aws-eks-v2-alpha/test/nodegroup.test.ts b/packages/@aws-cdk/aws-eks-v2-alpha/test/nodegroup.test.ts index 8db50ed8083d7..cfac641446b11 100644 --- a/packages/@aws-cdk/aws-eks-v2-alpha/test/nodegroup.test.ts +++ b/packages/@aws-cdk/aws-eks-v2-alpha/test/nodegroup.test.ts @@ -13,6 +13,12 @@ import { isGpuInstanceType } from '../lib/private/nodegroup'; const CLUSTER_VERSION = eks.KubernetesVersion.V1_31; +const commonProps = { + version: CLUSTER_VERSION, + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, + defaultCapacity: 0, +}; + describe('node group', () => { test('default ami type is not applied when launch template is configured', () => { // GIVEN @@ -27,8 +33,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -58,8 +63,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -83,8 +87,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -104,8 +107,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster }); @@ -144,8 +146,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -188,8 +189,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -232,8 +232,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -276,8 +275,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -320,8 +318,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -378,8 +375,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -436,8 +432,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -494,8 +489,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -556,8 +550,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -584,8 +577,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -612,8 +604,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -638,8 +629,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN expect(() => cluster.addNodegroupCapacity('ng', { @@ -660,8 +650,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN expect(() => cluster.addNodegroupCapacity('ng', { @@ -682,8 +671,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN expect(() => cluster.addNodegroupCapacity('ng', { @@ -704,8 +692,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN expect(() => cluster.addNodegroupCapacity('ng', { @@ -722,8 +709,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN expect(() => cluster.addNodegroupCapacity('ng', { @@ -743,8 +729,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN expect(() => cluster.addNodegroupCapacity('ng', { @@ -761,8 +746,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN expect(() => cluster.addNodegroupCapacity('ng', { @@ -779,8 +763,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN expect(() => cluster.addNodegroupCapacity('ng', { @@ -803,8 +786,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); const ng = new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -832,8 +814,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); const ng = new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -861,8 +842,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); const ng = new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -887,8 +867,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN cluster.addNodegroupCapacity('bottlerocket', { @@ -910,8 +889,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN cluster.addNodegroupCapacity('bottlerocket', { @@ -933,8 +911,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN cluster.addNodegroupCapacity('windows', { @@ -956,8 +933,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN cluster.addNodegroupCapacity('windows', { @@ -979,8 +955,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN cluster.addNodegroupCapacity('windows', { @@ -1002,8 +977,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN cluster.addNodegroupCapacity('windows', { @@ -1024,8 +998,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -1057,8 +1030,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, forceUpdate: false }); @@ -1075,8 +1047,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -1098,8 +1069,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -1123,8 +1093,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -1153,8 +1122,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -1183,8 +1151,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN expect(() => cluster.addNodegroupCapacity('ng', { @@ -1206,6 +1173,7 @@ describe('node group', () => { const cluster = new eks.Cluster(stack, 'Cluster', { vpc, version: CLUSTER_VERSION, + defaultCapacityType: eks.DefaultCapacityType.NODEGROUP, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -1222,8 +1190,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN expect(() => cluster.addNodegroupCapacity('ng', { @@ -1242,8 +1209,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN expect(() => cluster.addNodegroupCapacity('ng', { @@ -1264,8 +1230,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -1288,8 +1253,7 @@ describe('node group', () => { const stack2 = new cdk.Stack(app, 'stack2', { env: { region: 'us-east-1' } }); const cluster = new eks.Cluster(stack1, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // WHEN @@ -1315,8 +1279,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // WHEN @@ -1355,8 +1318,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // WHEN @@ -1390,8 +1352,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN expect(() => cluster.addNodegroupCapacity('ng', { desiredSize: 3, maxSize: 2 })).toThrow(/Desired capacity 3 can't be greater than max size 2/); @@ -1402,8 +1363,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN expect(() => cluster.addNodegroupCapacity('ng', { desiredSize: 2, minSize: 3 })).toThrow(/Minimum capacity 3 can't be greater than desired size 2/); @@ -1414,8 +1374,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // WHEN new eks.Nodegroup(stack, 'NodeGroup', { @@ -1439,8 +1398,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // WHEN new eks.Nodegroup(stack, 'NodeGroup', { @@ -1466,8 +1424,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); const userData = ec2.UserData.forLinux(); userData.addCommands( @@ -1511,8 +1468,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); const userData = ec2.UserData.forLinux(); userData.addCommands( @@ -1544,8 +1500,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -1568,8 +1523,7 @@ describe('node group', () => { // WHEN const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); new eks.Nodegroup(stack, 'Nodegroup', { cluster, @@ -1594,8 +1548,7 @@ describe('node group', () => { // WHEN stackWithFlag.node.setContext(cxapi.EKS_NODEGROUP_NAME, true); const cluster = new eks.Cluster(stackWithFlag, 'Cluster', { - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); const ng = new eks.Nodegroup(stackWithFlag, 'Nodegroup', { cluster, @@ -1610,8 +1563,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN expect(() => cluster.addNodegroupCapacity('ng', { maxUnavailable: 3, maxUnavailablePercentage: 2 })).toThrow(/maxUnavailable and maxUnavailablePercentage are not allowed to be defined together/); @@ -1622,8 +1574,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN expect(() => cluster.addNodegroupCapacity('ng', { maxUnavailable: 5, maxSize: 4 })).toThrow(/maxUnavailable must be lower than maxSize/); @@ -1634,8 +1585,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN expect(() => cluster.addNodegroupCapacity('ng', { maxUnavailable: -3, maxSize: 10 })).toThrow(/maxUnavailable must be between 1 and 100/); @@ -1646,8 +1596,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN expect(() => cluster.addNodegroupCapacity('ng', { maxUnavailable: 101, maxSize: 200 })).toThrow(/maxUnavailable must be between 1 and 100/); @@ -1658,8 +1607,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN expect(() => cluster.addNodegroupCapacity('ng', { maxUnavailablePercentage: -3, maxSize: 10 })).toThrow(/maxUnavailablePercentage must be between 1 and 100/); @@ -1670,8 +1618,7 @@ describe('node group', () => { const { stack, vpc } = testFixture(); const cluster = new eks.Cluster(stack, 'Cluster', { vpc, - defaultCapacity: 0, - version: CLUSTER_VERSION, + ...commonProps, }); // THEN expect(() => cluster.addNodegroupCapacity('ng', { maxUnavailablePercentage: 101 })).toThrow(/maxUnavailablePercentage must be between 1 and 100/);