Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package eksctl for openSUSE:Factory checked in at 2026-02-16 13:10:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/eksctl (Old) and /work/SRC/openSUSE:Factory/.eksctl.new.1977 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "eksctl" Mon Feb 16 13:10:14 2026 rev:67 rq:1333153 version:0.223.0 Changes: -------- --- /work/SRC/openSUSE:Factory/eksctl/eksctl.changes 2026-02-09 15:35:31.513098350 +0100 +++ /work/SRC/openSUSE:Factory/.eksctl.new.1977/eksctl.changes 2026-02-16 13:16:45.100558582 +0100 @@ -1,0 +2,10 @@ +Sat Feb 14 08:26:24 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 0.223.0: + * Features + - add support to policy for pod-identity-association create and + update (#8674) + * Bug Fixes + - change ubuntu ami family to 2404 (#8670) + +------------------------------------------------------------------- Old: ---- eksctl-0.222.0.obscpio New: ---- eksctl-0.223.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ eksctl.spec ++++++ --- /var/tmp/diff_new_pack.HtYJ4I/_old 2026-02-16 13:16:47.636664948 +0100 +++ /var/tmp/diff_new_pack.HtYJ4I/_new 2026-02-16 13:16:47.644665289 +0100 @@ -17,7 +17,7 @@ Name: eksctl -Version: 0.222.0 +Version: 0.223.0 Release: 0 Summary: The official CLI for Amazon EKS License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.HtYJ4I/_old 2026-02-16 13:16:47.916676903 +0100 +++ /var/tmp/diff_new_pack.HtYJ4I/_new 2026-02-16 13:16:47.972679294 +0100 @@ -3,7 +3,7 @@ <param name="url">https://github.com/eksctl-io/eksctl</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v0.222.0</param> + <param name="revision">v0.223.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.HtYJ4I/_old 2026-02-16 13:16:48.076683734 +0100 +++ /var/tmp/diff_new_pack.HtYJ4I/_new 2026-02-16 13:16:48.084684076 +0100 @@ -3,6 +3,6 @@ <param name="url">https://github.com/weaveworks/eksctl</param> <param name="changesrevision">5b28c17948a1036f26becbbc02d23e61195e8a33</param></service><service name="tar_scm"> <param name="url">https://github.com/eksctl-io/eksctl</param> - <param name="changesrevision">c53a3a5b27a8bfb6fee25ee21c4b8ecade1881dd</param></service></servicedata> + <param name="changesrevision">7a9410b8dbb499ec6cc5fc4f690d4bebbcc95289</param></service></servicedata> (No newline at EOF) ++++++ eksctl-0.222.0.obscpio -> eksctl-0.223.0.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.222.0/docs/release_notes/0.223.0.md new/eksctl-0.223.0/docs/release_notes/0.223.0.md --- old/eksctl-0.222.0/docs/release_notes/0.223.0.md 1970-01-01 01:00:00.000000000 +0100 +++ new/eksctl-0.223.0/docs/release_notes/0.223.0.md 2026-02-14 07:03:37.000000000 +0100 @@ -0,0 +1,14 @@ +# Release v0.223.0 + +## 🚀 Features + +- add support to policy for pod-identity-association create and update (#8674) + +## 🐛 Bug Fixes + +- change ubuntu ami family to 2404 (#8670) + +## Acknowledgments + +The eksctl maintainers would like to sincerely thank @kprahulraj. + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.222.0/go.mod new/eksctl-0.223.0/go.mod --- old/eksctl-0.222.0/go.mod 2026-02-06 21:41:06.000000000 +0100 +++ new/eksctl-0.223.0/go.mod 2026-02-14 07:03:37.000000000 +0100 @@ -10,19 +10,19 @@ github.com/aws/aws-sdk-go-v2 v1.41.1 github.com/aws/aws-sdk-go-v2/config v1.32.7 github.com/aws/aws-sdk-go-v2/credentials v1.19.7 - github.com/aws/aws-sdk-go-v2/service/autoscaling v1.62.1 - github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.1 - github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.55.1 - github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.61.1 + github.com/aws/aws-sdk-go-v2/service/autoscaling v1.64.0 + github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.5 + github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.55.5 + github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.63.1 github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.57.7 - github.com/aws/aws-sdk-go-v2/service/ec2 v1.275.0 - github.com/aws/aws-sdk-go-v2/service/eks v1.77.0 - github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.33.15 - github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.54.2 - github.com/aws/aws-sdk-go-v2/service/iam v1.52.2 + github.com/aws/aws-sdk-go-v2/service/ec2 v1.286.0 + github.com/aws/aws-sdk-go-v2/service/eks v1.79.0 + github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.33.19 + github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.54.6 + github.com/aws/aws-sdk-go-v2/service/iam v1.53.2 github.com/aws/aws-sdk-go-v2/service/kms v1.47.1 - github.com/aws/aws-sdk-go-v2/service/outposts v1.57.8 - github.com/aws/aws-sdk-go-v2/service/ssm v1.67.4 + github.com/aws/aws-sdk-go-v2/service/outposts v1.57.11 + github.com/aws/aws-sdk-go-v2/service/ssm v1.67.8 github.com/aws/aws-sdk-go-v2/service/sts v1.41.6 github.com/aws/smithy-go v1.24.0 github.com/awslabs/amazon-eks-ami/nodeadm v0.0.0-20251001043626-89ce6578d960 @@ -133,7 +133,7 @@ github.com/ashanbrown/forbidigo/v2 v2.3.0 // indirect github.com/ashanbrown/makezero/v2 v2.1.0 // indirect github.com/atotto/clipboard v0.1.4 // indirect - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.3 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17 // indirect diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.222.0/go.sum new/eksctl-0.223.0/go.sum --- old/eksctl-0.222.0/go.sum 2026-02-06 21:41:06.000000000 +0100 +++ new/eksctl-0.223.0/go.sum 2026-02-14 07:03:37.000000000 +0100 @@ -110,8 +110,8 @@ github.com/aws/amazon-ec2-instance-selector/v3 v3.1.2/go.mod h1:wdlMRtz9G4IO6H1yZPsqfGBxR8E6B/bdxHlGkls4kGQ= github.com/aws/aws-sdk-go-v2 v1.41.1 h1:ABlyEARCDLN034NhxlRUSZr4l71mh+T5KAeGh6cerhU= github.com/aws/aws-sdk-go-v2 v1.41.1/go.mod h1:MayyLB8y+buD9hZqkCW3kX1AKq07Y5pXxtgB+rRFhz0= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.3 h1:DHctwEM8P8iTXFxC/QK0MRjwEpWQeM9yzidCRjldUz0= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.3/go.mod h1:xdCzcZEtnSTKVDOmUZs4l/j3pSV6rpo1WXl5ugNsL8Y= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4 h1:489krEF9xIGkOaaX3CE/Be2uWjiXrkCH6gUX+bZA/BU= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.4/go.mod h1:IOAPF6oT9KCsceNTvvYMNHy0+kMF8akOjeDvPENWxp4= github.com/aws/aws-sdk-go-v2/config v1.32.7 h1:vxUyWGUwmkQ2g19n7JY/9YL8MfAIl7bTesIUykECXmY= github.com/aws/aws-sdk-go-v2/config v1.32.7/go.mod h1:2/Qm5vKUU/r7Y+zUk/Ptt2MDAEKAfUtKc1+3U1Mo3oY= github.com/aws/aws-sdk-go-v2/credentials v1.19.7 h1:tHK47VqqtJxOymRrNtUXN5SP/zUTvZKeLx4tH6PGQc8= @@ -126,28 +126,28 @@ github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4/go.mod h1:ZWy7j6v1vWGmPReu0iSGvRiise4YI5SkR3OHKTZ6Wuc= github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.14 h1:ITi7qiDSv/mSGDSWNpZ4k4Ve0DQR6Ug2SJQ8zEHoDXg= github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.14/go.mod h1:k1xtME53H1b6YpZt74YmwlONMWf4ecM+lut1WQLAF/U= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.62.1 h1:CsZyADhNxJU6AbqmieFia8ez9tO3HAPZKWMNZEvvdVM= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.62.1/go.mod h1:6q/I1pH386VpPfB6FE62X/MOs6NW/oCsY9FXU33YXOU= -github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.1 h1:YA9axGdmN8mAnG3uxredzWXFN/x1IiCbseFqU30ZXog= -github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.1/go.mod h1:AIfiLeQfCO8suB3zxZp155Sv9KfiDhPyF+SSIRLEUYk= -github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.55.1 h1:fRFvc/mgSPujB9JrKuPt+HGnJE9I+nDwXMhEAwHI/GM= -github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.55.1/go.mod h1:XSNDmicqamWtX6yg5lisFAiFaf56PErQo/cMQvUQWX0= -github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.61.1 h1:1Ci283hJE+S3XC4n5b2peV/wlcAo5rTVDb6j6JJ1aTo= -github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.61.1/go.mod h1:WXcA3mYRgWVIzjD+kxzap0axltmt4zBVDZaRX0S86gk= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.64.0 h1:s92jPptCu97RNwU1yF3jD4ahLZrQ0QkUIvrn464rQ2A= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.64.0/go.mod h1:8O5Pj92iNpfw/Fa7WdHbn6YiEjDoVdutz+9PGRNoP3Y= +github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.5 h1:UNllAzfiRvz9il9s0yHJkySMJbxWqEVDfyLdDblnuT4= +github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.5/go.mod h1:d6XSvIZM3pSKyXNbezwYT3nAcJeUzsJIXtZMNuQ9K2k= +github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.55.5 h1:sSgqtZi6Kp4Pc1V4turyaux7xUXxC1JwbEF6MzTQ9oE= +github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.55.5/go.mod h1:zweZsRPub5YhgUjoMGOeRWuXOOORt6YFiA51hpmNB4c= +github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.63.1 h1:l65dmgr7tO26EcHe6WMdseRnFLoJ2nqdkPz1nJdXfaw= +github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.63.1/go.mod h1:wvnXh1w1pGS2UpEvPTKSjXYuxiXhuvob/IMaK2AWvek= github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.57.7 h1:1LPBlVrceFenrbWOZBGu8KTmX8TTMpZfRxX0HCnSjz0= github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.57.7/go.mod h1:l8KDrD4EZQwTuM69YK3LFZ4c9VbNHrzaQJjJsoIFqfo= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.275.0 h1:ymusjrsOjrcVBQNQXYFIQEHJIJ17/m+VoDSmWIMjGe0= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.275.0/go.mod h1:QrV+/GjhSrJh6MRRuTO6ZEg4M2I0nwPakf0lZHSrE1o= -github.com/aws/aws-sdk-go-v2/service/eks v1.77.0 h1:Z5mTpmbJKU7jEM7xoXI5tO4Nm0JUZSgVSFkpYuu6Ic0= -github.com/aws/aws-sdk-go-v2/service/eks v1.77.0/go.mod h1:Qg678m+87sCuJhcsZojenz8mblYG+Tq86V4m3hjVz0s= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.33.15 h1:dJtNm4/eMx8nczyN3P4iAARXMj2rAvOJnj608zCqCmw= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.33.15/go.mod h1:QEbuU4eh8HGdv4uvld0Jth+KW8L0lOSYlyPcW6+JJo8= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.54.2 h1:xJkfrBzq4b4JxnxwNNzjUKmbQj1hPa4uUikSeXQFBYk= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.54.2/go.mod h1:DpGMmFhQwV/HH9zugLT5Ovf9HMKdQ+6ejfJybqEC9i4= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.286.0 h1:GgLc+o2oD2sXxlEwGUCCWz/1v3Wa8dN9RRebcIFXeOo= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.286.0/go.mod h1:Uy+C+Sc58jozdoL1McQr8bDsEvNFx+/nBY+vpO1HVUY= +github.com/aws/aws-sdk-go-v2/service/eks v1.79.0 h1:NJv9h+Fmg1bmAAnoH2cWsywcX3gNyn2sbhsn6VvgHNk= +github.com/aws/aws-sdk-go-v2/service/eks v1.79.0/go.mod h1:Qg678m+87sCuJhcsZojenz8mblYG+Tq86V4m3hjVz0s= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.33.19 h1:ybEda2mkkX2o8NadXZBtcO9tgmW9cTQgeVSjypNsAy0= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.33.19/go.mod h1:RiMytGvN4azx4yLM0Kn3bX/XO9dLxj+eG72Smy+vNzI= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.54.6 h1:fQR1aeZKaiPkNPya0JMy2nhsoqoSgIWc3/QTiTiL1K0= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.54.6/go.mod h1:oJRLDix51wqBDlP9dv+blFkvvf7HESolQz5cdhdmV4A= github.com/aws/aws-sdk-go-v2/service/eventbridge v1.39.3 h1:T6L7fsONflMeXuvsT8qZ247hA8ShBB0jF9yUEhW4JqI= github.com/aws/aws-sdk-go-v2/service/eventbridge v1.39.3/go.mod h1:sIrUII6Z+hAVAgcpmsc2e9HvEr++m/v8aBPT7s4ZYUk= -github.com/aws/aws-sdk-go-v2/service/iam v1.52.2 h1:li0ooCUfHIivHn8nB3LstP6HgdNefwu5gnXE4MLVz/U= -github.com/aws/aws-sdk-go-v2/service/iam v1.52.2/go.mod h1:PuHz5kGh1jtsNpjezdYhRp7xgn6DzCNJJfQt7O7U9Aw= +github.com/aws/aws-sdk-go-v2/service/iam v1.53.2 h1:62G6btFUwAa5uR5iPlnlNVAM0zJSLbWgDfKOfUC7oW4= +github.com/aws/aws-sdk-go-v2/service/iam v1.53.2/go.mod h1:av9clChrbZbJ5E21msSsiT2oghl2BJHfQGhCkXmhyu8= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 h1:0ryTNEdJbzUCEWkVXEXoqlXV72J5keC1GvILMOuD00E= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4/go.mod h1:HQ4qwNZh32C3CBeO6iJLQlgtMzqeG17ziAA/3KDJFow= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.5 h1:Hjkh7kE6D81PgrHlE/m9gx+4TyyeLHuY8xJs7yXN5C4= @@ -158,8 +158,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.14/go.mod h1:s1ydyWG9pm3ZwmmYN21HKyG9WzAZhYVW85wMHs5FV6w= github.com/aws/aws-sdk-go-v2/service/kms v1.47.1 h1:6+C0RoGF4HJQALrsecOXN7cm/l5rgNHCw2xbcvFgpH4= github.com/aws/aws-sdk-go-v2/service/kms v1.47.1/go.mod h1:VJcNH6BLr+3VJwinRKdotLOMglHO8mIKlD3ea5c7hbw= -github.com/aws/aws-sdk-go-v2/service/outposts v1.57.8 h1:zB9Q/dG0NkURC5E1g4qL/lsUp7aOqilfb7Ru9EOigDU= -github.com/aws/aws-sdk-go-v2/service/outposts v1.57.8/go.mod h1:3osURGv9q/2wxP1qYnB15GWYgr6w2AbQkSxYtE6vTaY= +github.com/aws/aws-sdk-go-v2/service/outposts v1.57.11 h1:pTBv1tqYHwSFkXSxpXrfAY83kBIec5YtVEZJaXcu7es= +github.com/aws/aws-sdk-go-v2/service/outposts v1.57.11/go.mod h1:TcrxIboCEZ2fBS0g66qoDvJ4+MfRGf8Xnf6iDR84nAo= github.com/aws/aws-sdk-go-v2/service/pricing v1.34.3 h1:vAv0hi3SWcc8cotkWRP4mPkmRbp/XqWKFyPW4Nwpzv0= github.com/aws/aws-sdk-go-v2/service/pricing v1.34.3/go.mod h1:giTP9ufzBQJRB6bc7P30PO8s35hCp6au5uM70zkohU4= github.com/aws/aws-sdk-go-v2/service/route53 v1.52.2 h1:dXHWVVPx2W2fq2PTugj8QXpJ0YTRAGx0KLPKhMBmcsY= @@ -170,8 +170,8 @@ github.com/aws/aws-sdk-go-v2/service/signin v1.0.5/go.mod h1:k029+U8SY30/3/ras4G/Fnv/b88N4mAfliNn08Dem4M= github.com/aws/aws-sdk-go-v2/service/sqs v1.38.8 h1:80dpSqWMwx2dAm30Ib7J6ucz1ZHfiv5OCRwN/EnCOXQ= github.com/aws/aws-sdk-go-v2/service/sqs v1.38.8/go.mod h1:IzNt/udsXlETCdvBOL0nmyMe2t9cGmXmZgsdoZGYYhI= -github.com/aws/aws-sdk-go-v2/service/ssm v1.67.4 h1:pOwUUY5FzKUsxtxGR6qsczZP7MuZMVlMbAOPQOcmJlo= -github.com/aws/aws-sdk-go-v2/service/ssm v1.67.4/go.mod h1:+nlWvcgDPQ56mChEBzTC0puAMck+4onOFaHg5cE+Lgg= +github.com/aws/aws-sdk-go-v2/service/ssm v1.67.8 h1:31Llf5VfrZ78YvYs7sWcS7L2m3waikzRc6q1nYenVS4= +github.com/aws/aws-sdk-go-v2/service/ssm v1.67.8/go.mod h1:/jgaDlU1UImoxTxhRNxXHvBAPqPZQ8oCjcPbbkR6kac= github.com/aws/aws-sdk-go-v2/service/sso v1.30.9 h1:v6EiMvhEYBoHABfbGB4alOYmCIrcgyPPiBE1wZAEbqk= github.com/aws/aws-sdk-go-v2/service/sso v1.30.9/go.mod h1:yifAsgBxgJWn3ggx70A3urX2AN49Y5sJTD1UQFlfqBw= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.13 h1:gd84Omyu9JLriJVCbGApcLzVR3XtmC4ZDPcAI6Ftvds= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.222.0/integration/tests/managed/managed_nodegroup_test.go new/eksctl-0.223.0/integration/tests/managed/managed_nodegroup_test.go --- old/eksctl-0.222.0/integration/tests/managed/managed_nodegroup_test.go 2026-02-06 21:41:06.000000000 +0100 +++ new/eksctl-0.223.0/integration/tests/managed/managed_nodegroup_test.go 2026-02-14 07:03:37.000000000 +0100 @@ -364,7 +364,7 @@ NodeGroupBase: &api.NodeGroupBase{ Name: ubuntuNodegroup, VolumeSize: aws.Int(25), - AMIFamily: "Ubuntu2204", + AMIFamily: "Ubuntu2404", InstanceType: "t3a.xlarge", }, }, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.222.0/pkg/actions/podidentityassociation/tasks.go new/eksctl-0.223.0/pkg/actions/podidentityassociation/tasks.go --- old/eksctl-0.222.0/pkg/actions/podidentityassociation/tasks.go 2026-02-06 21:41:06.000000000 +0100 +++ new/eksctl-0.223.0/pkg/actions/podidentityassociation/tasks.go 2026-02-14 07:03:37.000000000 +0100 @@ -50,6 +50,7 @@ ServiceAccount: &t.podIdentityAssociation.ServiceAccountName, Tags: t.podIdentityAssociation.Tags, DisableSessionTags: t.podIdentityAssociation.DisableSessionTags, + Policy: t.podIdentityAssociation.Policy, } // Add target role ARN if specified (for cross-account access) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.222.0/pkg/actions/podidentityassociation/updater.go new/eksctl-0.223.0/pkg/actions/podidentityassociation/updater.go --- old/eksctl-0.222.0/pkg/actions/podidentityassociation/updater.go 2026-02-06 21:41:06.000000000 +0100 +++ new/eksctl-0.223.0/pkg/actions/podidentityassociation/updater.go 2026-02-14 07:03:37.000000000 +0100 @@ -98,9 +98,10 @@ return err } - // If there's no change to the IAM role or pod identity association properties, return early + // If there's no change to the IAM role, policy or pod identity association properties, return early if !hasChanged && updateConfig.PodIdentityAssociation.TargetRoleARN == nil && + updateConfig.PodIdentityAssociation.Policy == nil && updateConfig.PodIdentityAssociation.DisableSessionTags == nil { return nil } @@ -116,6 +117,7 @@ RoleArn: aws.String(roleARN), TargetRoleArn: updateConfig.PodIdentityAssociation.TargetRoleARN, DisableSessionTags: updateConfig.PodIdentityAssociation.DisableSessionTags, + Policy: updateConfig.PodIdentityAssociation.Policy, }); err != nil { return fmt.Errorf("(associationID: %s, roleARN: %s): %w", updateConfig.AssociationID, roleARN, err) } @@ -200,10 +202,11 @@ RoleARN: pia.RoleARN, TargetRoleARN: pia.TargetRoleARN, DisableSessionTags: pia.DisableSessionTags, + Policy: pia.Policy, } if !reflect.DeepEqual(pia, podIDWithCrossAccountFields) { - return errors.New("only namespace, serviceAccountName and roleARN can be specified if the role was not created by eksctl") + return errors.New("only namespace, serviceAccountName, roleARN and policy can be specified if the role was not created by eksctl") } } return nil diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.222.0/pkg/actions/podidentityassociation/updater_test.go new/eksctl-0.223.0/pkg/actions/podidentityassociation/updater_test.go --- old/eksctl-0.222.0/pkg/actions/podidentityassociation/updater_test.go 2026-02-06 21:41:06.000000000 +0100 +++ new/eksctl-0.223.0/pkg/actions/podidentityassociation/updater_test.go 2026-02-14 07:03:37.000000000 +0100 @@ -47,6 +47,7 @@ describeStackOutputs []cfntypes.Output describeStackCapabilities []cfntypes.Capability makeStackName func(podidentityassociation.Identifier) string + policy *string } mockCalls := func(stackManager *managerfakes.FakeStackManager, eksAPI *mocksv2.EKS, o mockOptions) { @@ -74,6 +75,7 @@ AssociationId: aws.String(associationID), ClusterName: aws.String(clusterName), RoleArn: aws.String(o.updateRoleARN), + Policy: o.policy, } // For the cross-account access test case @@ -262,7 +264,7 @@ eksAPI.AssertExpectations(GinkgoT()) }, - expectedErr: `error updating pod identity association "kube-system/aws-node": only namespace, serviceAccountName and roleARN can be specified if the role was not created by eksctl`, + expectedErr: `error updating pod identity association "kube-system/aws-node": only namespace, serviceAccountName, roleARN and policy can be specified if the role was not created by eksctl`, }), Entry("roleName specified when the pod identity association was not created with a roleName", updateEntry{ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.222.0/pkg/apis/eksctl.io/v1alpha5/assets/schema.json new/eksctl-0.223.0/pkg/apis/eksctl.io/v1alpha5/assets/schema.json --- old/eksctl-0.222.0/pkg/apis/eksctl.io/v1alpha5/assets/schema.json 2026-02-06 21:41:06.000000000 +0100 +++ new/eksctl-0.223.0/pkg/apis/eksctl.io/v1alpha5/assets/schema.json 2026-02-14 07:03:37.000000000 +0100 @@ -2868,6 +2868,11 @@ "permissionsBoundaryARN": { "type": "string" }, + "policy": { + "type": "string", + "description": "optional policy that applies additional restrictions to this pod identity association beyond the IAM policies attached to the IAM role.", + "x-intellij-html-description": "optional policy that applies additional restrictions to this pod identity association beyond the IAM policies attached to the IAM role." + }, "roleARN": { "type": "string" }, @@ -2905,7 +2910,8 @@ "wellKnownPolicies", "tags", "targetRoleARN", - "disableSessionTags" + "disableSessionTags", + "policy" ], "additionalProperties": false }, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.222.0/pkg/apis/eksctl.io/v1alpha5/iam.go new/eksctl-0.223.0/pkg/apis/eksctl.io/v1alpha5/iam.go --- old/eksctl-0.222.0/pkg/apis/eksctl.io/v1alpha5/iam.go 2026-02-06 21:41:06.000000000 +0100 +++ new/eksctl-0.223.0/pkg/apis/eksctl.io/v1alpha5/iam.go 2026-02-14 07:03:37.000000000 +0100 @@ -209,6 +209,10 @@ // +optional // DisableSessionTags disables the tags that are automatically added to role session by Amazon EKS. DisableSessionTags *bool `json:"disableSessionTags,omitempty"` + + // +optional + // Policy is the optional policy that applies additional restrictions to this pod identity association beyond the IAM policies attached to the IAM role. + Policy *string `json:"policy,omitempty"` } func (p PodIdentityAssociation) NameString() string { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.222.0/pkg/ctl/cmdutils/cmdutils.go new/eksctl-0.223.0/pkg/ctl/cmdutils/cmdutils.go --- old/eksctl-0.222.0/pkg/ctl/cmdutils/cmdutils.go 2026-02-06 21:41:06.000000000 +0100 +++ new/eksctl-0.223.0/pkg/ctl/cmdutils/cmdutils.go 2026-02-14 07:03:37.000000000 +0100 @@ -249,3 +249,7 @@ func ErrUnsupportedNameArg() error { return errors.New("name argument is not supported") } + +func ErrDisableSessionTagsMustBeSet() error { + return errors.New("--disable-session-tags must be set to true when using --policy") +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.222.0/pkg/ctl/cmdutils/pod_identity_association.go new/eksctl-0.223.0/pkg/ctl/cmdutils/pod_identity_association.go --- old/eksctl-0.222.0/pkg/ctl/cmdutils/pod_identity_association.go 2026-02-06 21:41:06.000000000 +0100 +++ new/eksctl-0.223.0/pkg/ctl/cmdutils/pod_identity_association.go 2026-02-14 07:03:37.000000000 +0100 @@ -22,6 +22,7 @@ "create-service-account", "target-role-arn", "disable-session-tags", + "policy", } ) @@ -181,12 +182,14 @@ // DisableSessionTags is a boolean flag to enable or disable session tags. // This is used for cross-account pod identity access. DisableSessionTags *bool + // Policy is the optional policy that applies additional restrictions to this pod identity association beyond the IAM policies attached to the IAM role. + Policy *string } // NewUpdatePodIdentityAssociationLoader will load config or use flags for `eksctl update podidentityassociation`. func NewUpdatePodIdentityAssociationLoader(cmd *Cmd, options UpdatePodIdentityAssociationOptions) ClusterConfigLoader { l := newCommonClusterConfigLoader(cmd) - l.flagsIncompatibleWithConfigFile.Insert("namespace", "service-account-name", "role-arn", "target-role-arn", "disable-session-tags") + l.flagsIncompatibleWithConfigFile.Insert("namespace", "service-account-name", "role-arn", "target-role-arn", "disable-session-tags", "policy") l.validateWithoutConfigFile = func() error { if err := validatePodIdentityAssociation(l, options.PodIdentityAssociationOptions); err != nil { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.222.0/pkg/ctl/create/pod_identity_association.go new/eksctl-0.223.0/pkg/ctl/create/pod_identity_association.go --- old/eksctl-0.222.0/pkg/ctl/create/pod_identity_association.go 2026-02-06 21:41:06.000000000 +0100 +++ new/eksctl-0.223.0/pkg/ctl/create/pod_identity_association.go 2026-02-14 07:03:37.000000000 +0100 @@ -37,6 +37,12 @@ cfg := cmd.ClusterConfig ctx := context.Background() + for _, pia := range cfg.IAM.PodIdentityAssociations { + if pia.Policy != nil && (pia.DisableSessionTags == nil || !*pia.DisableSessionTags) { + return cmdutils.ErrDisableSessionTagsMustBeSet() + } + } + ctl, err := cmd.NewProviderForExistingCluster(ctx) if err != nil { return err @@ -74,8 +80,10 @@ fs.StringVar(&pia.PermissionsBoundaryARN, "permission-boundary-arn", "", "ARN of the policy that is used to set the permission boundary for the role") var targetRoleARN string var disableSessionTags bool + var policy string fs.StringVar(&targetRoleARN, "target-role-arn", "", "ARN of the target IAM role for cross-account access (default to empty string for no cross-account access)") fs.BoolVar(&disableSessionTags, "disable-session-tags", false, "Disable session tags added by EKS Pod Identity (if not provided, session tags are enabled by default)") + fs.StringVar(&policy, "policy", "", "Optional policy that applies additional restrictions to this pod identity association beyond the IAM policies attached to the IAM role") // Store the flag values in the struct cmdutils.AddPreRun(cmd.CobraCommand, func(cobraCmd *cobra.Command, args []string) { @@ -85,6 +93,9 @@ if fs.Changed("disable-session-tags") { pia.DisableSessionTags = aws.Bool(true) } + if fs.Changed("policy") { + pia.Policy = &policy + } }) fs.BoolVar(&pia.CreateServiceAccount, "create-service-account", false, "instructs eksctl to create the K8s service account") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.222.0/pkg/ctl/create/pod_identity_association_test.go new/eksctl-0.223.0/pkg/ctl/create/pod_identity_association_test.go --- old/eksctl-0.222.0/pkg/ctl/create/pod_identity_association_test.go 2026-02-06 21:41:06.000000000 +0100 +++ new/eksctl-0.223.0/pkg/ctl/create/pod_identity_association_test.go 2026-02-14 07:03:37.000000000 +0100 @@ -77,5 +77,9 @@ args: []string{"--disable-session-tags", "--config-file", configFile}, expectedErr: "cannot use --disable-session-tags when --config-file/-f is set", }), + Entry("setting --policy without --disable-session-tags", createPodIdentityAssociationEntry{ + args: append(defaultArgs, "--role-arn", "arn:aws:iam::111122223333:role/test-role", "--policy", `{"Version":"2012-10-17","Statement":[]}`), + expectedErr: "--disable-session-tags must be set to true when using --policy", + }), ) }) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.222.0/pkg/ctl/update/pod_identity_association.go new/eksctl-0.223.0/pkg/ctl/update/pod_identity_association.go --- old/eksctl-0.222.0/pkg/ctl/update/pod_identity_association.go 2026-02-06 21:41:06.000000000 +0100 +++ new/eksctl-0.223.0/pkg/ctl/update/pod_identity_association.go 2026-02-14 07:03:37.000000000 +0100 @@ -38,9 +38,11 @@ fs.StringVar(&options.RoleARN, "role-arn", "", "ARN of the IAM role to be associated with the service account") var targetRoleArn string var disableSessionTags, noDisableSessionTags bool + var policy string fs.StringVar(&targetRoleArn, "target-role-arn", "", "ARN of the target IAM role for cross-account access") fs.BoolVar(&disableSessionTags, "disable-session-tags", false, "Disable session tags added by EKS Pod Identity") fs.BoolVar(&noDisableSessionTags, "no-disable-session-tags", false, "Enable session tags added by EKS Pod Identity") + fs.StringVar(&policy, "policy", "", "Optional policy that applies additional restrictions to this pod identity association beyond the IAM policies attached to the IAM role") cmdutils.AddPreRun(cmd.CobraCommand, func(cobraCmd *cobra.Command, args []string) { if fs.Changed("target-role-arn") { options.TargetRoleARN = &targetRoleArn @@ -50,6 +52,9 @@ } else if fs.Changed("disable-session-tags") { options.DisableSessionTags = utils.BoolPtr(true) } + if fs.Changed("policy") { + options.Policy = &policy + } }) }) @@ -57,6 +62,9 @@ } func doUpdatePodIdentityAssociation(cmd *cmdutils.Cmd, options cmdutils.UpdatePodIdentityAssociationOptions) error { + if options.Policy != nil && options.DisableSessionTags != nil && !*options.DisableSessionTags { + return cmdutils.ErrDisableSessionTagsMustBeSet() + } if err := cmdutils.NewUpdatePodIdentityAssociationLoader(cmd, options).Load(); err != nil { return err } @@ -84,6 +92,7 @@ RoleARN: options.RoleARN, TargetRoleARN: options.TargetRoleARN, DisableSessionTags: options.DisableSessionTags, + Policy: options.Policy, }, } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.222.0/pkg/ctl/update/pod_identity_association_test.go new/eksctl-0.223.0/pkg/ctl/update/pod_identity_association_test.go --- old/eksctl-0.222.0/pkg/ctl/update/pod_identity_association_test.go 2026-02-06 21:41:06.000000000 +0100 +++ new/eksctl-0.223.0/pkg/ctl/update/pod_identity_association_test.go 2026-02-14 07:03:37.000000000 +0100 @@ -97,6 +97,7 @@ RoleARN: "arn:aws:iam::111122223333:role/source-role", TargetRoleARN: aws.String("arn:aws:iam::444455556666:role/target-role"), DisableSessionTags: aws.Bool(true), + Policy: aws.String(`{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"s3:GetObject","Resource":"*"}]}`), } // Create the pod identity association in the cluster config @@ -107,6 +108,7 @@ RoleARN: options.RoleARN, TargetRoleARN: options.TargetRoleARN, DisableSessionTags: options.DisableSessionTags, + Policy: options.Policy, }, } @@ -134,6 +136,33 @@ require.NotNil(t, capturedInput.DisableSessionTags) require.True(t, *capturedInput.DisableSessionTags) + require.NotNil(t, capturedInput.Policy) + require.Equal(t, `{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"s3:GetObject","Resource":"*"}]}`, *capturedInput.Policy) + // Verify all expectations were met mockEKS.AssertExpectations(t) } + +func TestUpdatePodIdentityAssociationPolicyWithNoDisableSessionTagsValidation(t *testing.T) { + cmd := &cmdutils.Cmd{ + CobraCommand: &cobra.Command{}, + ClusterConfig: api.NewClusterConfig(), + ProviderConfig: api.ProviderConfig{}, + } + cmd.ClusterConfig.Metadata.Name = "test-cluster" + cmd.ProviderConfig.Region = "us-west-2" + + options := cmdutils.UpdatePodIdentityAssociationOptions{ + PodIdentityAssociationOptions: cmdutils.PodIdentityAssociationOptions{ + Namespace: "default", + ServiceAccountName: "test-sa", + }, + RoleARN: "arn:aws:iam::111122223333:role/source-role", + Policy: aws.String(`{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"s3:GetObject","Resource":"*"}]}`), + DisableSessionTags: aws.Bool(false), + } + + err := doUpdatePodIdentityAssociation(cmd, options) + require.Error(t, err) + require.Equal(t, "--disable-session-tags must be set to true when using --policy", err.Error()) +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.222.0/pkg/version/release.go new/eksctl-0.223.0/pkg/version/release.go --- old/eksctl-0.222.0/pkg/version/release.go 2026-02-06 21:41:06.000000000 +0100 +++ new/eksctl-0.223.0/pkg/version/release.go 2026-02-14 07:03:37.000000000 +0100 @@ -3,7 +3,7 @@ // This file was generated by release_generate.go; DO NOT EDIT. // Version is the version number in semver format X.Y.Z -var Version = "0.222.0" +var Version = "0.223.0" // PreReleaseID can be empty for releases, "rc.X" for release candidates and "dev" for snapshots var PreReleaseID = "dev" ++++++ eksctl.obsinfo ++++++ --- /var/tmp/diff_new_pack.HtYJ4I/_old 2026-02-16 13:16:51.488829419 +0100 +++ /var/tmp/diff_new_pack.HtYJ4I/_new 2026-02-16 13:16:51.500829930 +0100 @@ -1,5 +1,5 @@ name: eksctl -version: 0.222.0 -mtime: 1770410466 -commit: c53a3a5b27a8bfb6fee25ee21c4b8ecade1881dd +version: 0.223.0 +mtime: 1771049017 +commit: 7a9410b8dbb499ec6cc5fc4f690d4bebbcc95289 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/eksctl/vendor.tar.gz /work/SRC/openSUSE:Factory/.eksctl.new.1977/vendor.tar.gz differ: char 135, line 2
