Skip to content

Commit 4fd4965

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #18220 from rifelpet/csi-1580
aws: Update EBS CSI driver to 1.58.0
2 parents b788f89 + ab106cc commit 4fd4965

281 files changed

Lines changed: 16510 additions & 3891 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

pkg/model/components/awsebscsidriver.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ func (b *AWSEBSCSIDriverOptionsBuilder) BuildOptions(o *kops.Cluster) error {
4343
c := aws.EBSCSIDriver
4444

4545
if c.Version == nil {
46-
c.Version = fi.PtrTo("v1.47.0")
46+
c.Version = fi.PtrTo("v1.58.0")
4747
}
4848

4949
return nil

pkg/model/iam/iam_builder.go

Lines changed: 22 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1069,28 +1069,29 @@ func AddAWSEBSCSIDriverPermissions(b *PolicyBuilder, p *Policy, appendSnapshotPe
10691069
addKMSIAMPolicies(p)
10701070

10711071
if appendSnapshotPermissions {
1072-
addSnapshotPersmissions(b, p)
1072+
addSnapshotPermissions(b, p)
10731073
}
10741074

10751075
p.unconditionalAction.Insert(
1076-
"ec2:DescribeAccountAttributes", // aws.go
1076+
"ec2:DescribeAvailabilityZones", // aws.go
10771077
"ec2:DescribeInstances", // aws.go
1078+
"ec2:DescribeInstanceTypes", // aws.go
1079+
"ec2:DescribeTags", // aws.go
10781080
"ec2:DescribeVolumes", // aws.go
10791081
"ec2:DescribeVolumesModifications", // aws.go
1080-
"ec2:DescribeTags", // aws.go
1082+
"ec2:DescribeVolumeStatus", // aws.go
10811083
)
10821084
p.clusterTaggedAction.Insert(
1083-
"ec2:ModifyVolume", // aws.go
1084-
"ec2:ModifyInstanceAttribute", // aws.go
1085-
"ec2:AttachVolume", // aws.go
1086-
"ec2:DeleteVolume", // aws.go
1087-
"ec2:DetachVolume", // aws.go
1085+
"ec2:AttachVolume", // aws.go
1086+
"ec2:DeleteVolume", // aws.go
1087+
"ec2:DetachVolume", // aws.go
1088+
"ec2:ModifyVolume", // aws.go
10881089
)
10891090

10901091
p.AddEC2CreateAction(
10911092
[]string{
1093+
"CopyVolumes",
10921094
"CreateVolume",
1093-
"CreateSnapshot",
10941095
},
10951096
[]string{
10961097
"volume",
@@ -1099,14 +1100,25 @@ func AddAWSEBSCSIDriverPermissions(b *PolicyBuilder, p *Policy, appendSnapshotPe
10991100
)
11001101
}
11011102

1102-
func addSnapshotPersmissions(b *PolicyBuilder, p *Policy) {
1103+
func addSnapshotPermissions(b *PolicyBuilder, p *Policy) {
11031104
p.unconditionalAction.Insert(
11041105
"ec2:CreateSnapshot",
11051106
"ec2:DescribeAvailabilityZones",
11061107
"ec2:DescribeSnapshots",
11071108
)
11081109
p.clusterTaggedAction.Insert(
11091110
"ec2:DeleteSnapshot",
1111+
"ec2:EnableFastSnapshotRestores",
1112+
)
1113+
1114+
p.AddEC2CreateAction(
1115+
[]string{
1116+
"CreateSnapshot",
1117+
},
1118+
[]string{
1119+
"volume",
1120+
"snapshot",
1121+
},
11101122
)
11111123
p.Statement = append(p.Statement,
11121124
&Statement{

pkg/model/iam/tests/iam_builder_master_gossip.json

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -38,8 +38,8 @@
3838
"StringEquals": {
3939
"aws:RequestTag/KubernetesCluster": "iam-builder-test.k8s.local",
4040
"ec2:CreateAction": [
41-
"CreateVolume",
42-
"CreateSnapshot"
41+
"CopyVolumes",
42+
"CreateVolume"
4343
]
4444
}
4545
},
@@ -108,7 +108,6 @@
108108
"autoscaling:DescribeLaunchConfigurations",
109109
"autoscaling:DescribeScalingActivities",
110110
"autoscaling:DescribeTags",
111-
"ec2:DescribeAccountAttributes",
112111
"ec2:DescribeAvailabilityZones",
113112
"ec2:DescribeImages",
114113
"ec2:DescribeInstanceTopology",
@@ -120,6 +119,7 @@
120119
"ec2:DescribeSecurityGroups",
121120
"ec2:DescribeSubnets",
122121
"ec2:DescribeTags",
122+
"ec2:DescribeVolumeStatus",
123123
"ec2:DescribeVolumes",
124124
"ec2:DescribeVolumesModifications",
125125
"ec2:DescribeVpcs",
@@ -191,8 +191,8 @@
191191
},
192192
{
193193
"Action": [
194+
"ec2:CopyVolumes",
194195
"ec2:CreateSecurityGroup",
195-
"ec2:CreateSnapshot",
196196
"ec2:CreateVolume",
197197
"elasticloadbalancing:CreateListener",
198198
"elasticloadbalancing:CreateLoadBalancer",

pkg/model/iam/tests/iam_builder_master_gossip_ecr.json

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -38,8 +38,8 @@
3838
"StringEquals": {
3939
"aws:RequestTag/KubernetesCluster": "iam-builder-test.k8s.local",
4040
"ec2:CreateAction": [
41-
"CreateVolume",
42-
"CreateSnapshot"
41+
"CopyVolumes",
42+
"CreateVolume"
4343
]
4444
}
4545
},
@@ -108,7 +108,6 @@
108108
"autoscaling:DescribeLaunchConfigurations",
109109
"autoscaling:DescribeScalingActivities",
110110
"autoscaling:DescribeTags",
111-
"ec2:DescribeAccountAttributes",
112111
"ec2:DescribeAvailabilityZones",
113112
"ec2:DescribeImages",
114113
"ec2:DescribeInstanceTopology",
@@ -120,6 +119,7 @@
120119
"ec2:DescribeSecurityGroups",
121120
"ec2:DescribeSubnets",
122121
"ec2:DescribeTags",
122+
"ec2:DescribeVolumeStatus",
123123
"ec2:DescribeVolumes",
124124
"ec2:DescribeVolumesModifications",
125125
"ec2:DescribeVpcs",
@@ -198,8 +198,8 @@
198198
},
199199
{
200200
"Action": [
201+
"ec2:CopyVolumes",
201202
"ec2:CreateSecurityGroup",
202-
"ec2:CreateSnapshot",
203203
"ec2:CreateVolume",
204204
"elasticloadbalancing:CreateListener",
205205
"elasticloadbalancing:CreateLoadBalancer",

pkg/model/iam/tests/iam_builder_master_strict.json

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -38,8 +38,8 @@
3838
"StringEquals": {
3939
"aws:RequestTag/KubernetesCluster": "iam-builder-test.nonexistant",
4040
"ec2:CreateAction": [
41-
"CreateVolume",
42-
"CreateSnapshot"
41+
"CopyVolumes",
42+
"CreateVolume"
4343
]
4444
}
4545
},
@@ -108,7 +108,6 @@
108108
"autoscaling:DescribeLaunchConfigurations",
109109
"autoscaling:DescribeScalingActivities",
110110
"autoscaling:DescribeTags",
111-
"ec2:DescribeAccountAttributes",
112111
"ec2:DescribeAvailabilityZones",
113112
"ec2:DescribeImages",
114113
"ec2:DescribeInstanceTopology",
@@ -120,6 +119,7 @@
120119
"ec2:DescribeSecurityGroups",
121120
"ec2:DescribeSubnets",
122121
"ec2:DescribeTags",
122+
"ec2:DescribeVolumeStatus",
123123
"ec2:DescribeVolumes",
124124
"ec2:DescribeVolumesModifications",
125125
"ec2:DescribeVpcs",
@@ -191,8 +191,8 @@
191191
},
192192
{
193193
"Action": [
194+
"ec2:CopyVolumes",
194195
"ec2:CreateSecurityGroup",
195-
"ec2:CreateSnapshot",
196196
"ec2:CreateVolume",
197197
"elasticloadbalancing:CreateListener",
198198
"elasticloadbalancing:CreateLoadBalancer",

pkg/model/iam/tests/iam_builder_master_strict_ecr.json

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -38,8 +38,8 @@
3838
"StringEquals": {
3939
"aws:RequestTag/KubernetesCluster": "iam-builder-test.nonexistant",
4040
"ec2:CreateAction": [
41-
"CreateVolume",
42-
"CreateSnapshot"
41+
"CopyVolumes",
42+
"CreateVolume"
4343
]
4444
}
4545
},
@@ -108,7 +108,6 @@
108108
"autoscaling:DescribeLaunchConfigurations",
109109
"autoscaling:DescribeScalingActivities",
110110
"autoscaling:DescribeTags",
111-
"ec2:DescribeAccountAttributes",
112111
"ec2:DescribeAvailabilityZones",
113112
"ec2:DescribeImages",
114113
"ec2:DescribeInstanceTopology",
@@ -120,6 +119,7 @@
120119
"ec2:DescribeSecurityGroups",
121120
"ec2:DescribeSubnets",
122121
"ec2:DescribeTags",
122+
"ec2:DescribeVolumeStatus",
123123
"ec2:DescribeVolumes",
124124
"ec2:DescribeVolumesModifications",
125125
"ec2:DescribeVpcs",
@@ -198,8 +198,8 @@
198198
},
199199
{
200200
"Action": [
201+
"ec2:CopyVolumes",
201202
"ec2:CreateSecurityGroup",
202-
"ec2:CreateSnapshot",
203203
"ec2:CreateVolume",
204204
"elasticloadbalancing:CreateListener",
205205
"elasticloadbalancing:CreateLoadBalancer",

tests/integration/update_cluster/additionalobjects/data/aws_iam_role_policy_masters.additionalobjects.example.com_policy

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -100,8 +100,8 @@
100100
"StringEquals": {
101101
"aws:RequestTag/KubernetesCluster": "additionalobjects.example.com",
102102
"ec2:CreateAction": [
103-
"CreateVolume",
104-
"CreateSnapshot"
103+
"CopyVolumes",
104+
"CreateVolume"
105105
]
106106
}
107107
},
@@ -170,7 +170,6 @@
170170
"autoscaling:DescribeLaunchConfigurations",
171171
"autoscaling:DescribeScalingActivities",
172172
"autoscaling:DescribeTags",
173-
"ec2:DescribeAccountAttributes",
174173
"ec2:DescribeAvailabilityZones",
175174
"ec2:DescribeImages",
176175
"ec2:DescribeInstanceTopology",
@@ -182,6 +181,7 @@
182181
"ec2:DescribeSecurityGroups",
183182
"ec2:DescribeSubnets",
184183
"ec2:DescribeTags",
184+
"ec2:DescribeVolumeStatus",
185185
"ec2:DescribeVolumes",
186186
"ec2:DescribeVolumesModifications",
187187
"ec2:DescribeVpcs",
@@ -261,8 +261,8 @@
261261
},
262262
{
263263
"Action": [
264+
"ec2:CopyVolumes",
264265
"ec2:CreateSecurityGroup",
265-
"ec2:CreateSnapshot",
266266
"ec2:CreateVolume",
267267
"elasticloadbalancing:CreateListener",
268268
"elasticloadbalancing:CreateLoadBalancer",

0 commit comments

Comments
 (0)