Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package eksctl for openSUSE:Factory checked in at 2026-03-30 18:33:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/eksctl (Old) and /work/SRC/openSUSE:Factory/.eksctl.new.1999 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "eksctl" Mon Mar 30 18:33:06 2026 rev:69 rq:1343658 version:0.225.0 Changes: -------- --- /work/SRC/openSUSE:Factory/eksctl/eksctl.changes 2026-03-05 17:24:38.382258887 +0100 +++ /work/SRC/openSUSE:Factory/.eksctl.new.1999/eksctl.changes 2026-03-30 18:37:24.426379320 +0200 @@ -1,0 +2,15 @@ +Mon Mar 30 10:51:17 UTC 2026 - Johannes Kastl <[email protected]> + +- Update to version 0.225.0: + * Features + - Honour permissionPolicyName for pod identity inline IAM + policies (#8675) + - feat: add fargate profile support for EKS internal endpoint + (#8694) + - feat: add permissions for ECR Public container pulls to Auto + Mode NodeRole (#8698) + * Bug Fixes + - fix(goformation): Remove redundant condition in property.go + (#8691) + +------------------------------------------------------------------- Old: ---- eksctl-0.224.0.obscpio New: ---- eksctl-0.225.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ eksctl.spec ++++++ --- /var/tmp/diff_new_pack.YIsk5R/_old 2026-03-30 18:37:26.790478041 +0200 +++ /var/tmp/diff_new_pack.YIsk5R/_new 2026-03-30 18:37:26.794478207 +0200 @@ -17,7 +17,7 @@ Name: eksctl -Version: 0.224.0 +Version: 0.225.0 Release: 0 Summary: The official CLI for Amazon EKS License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.YIsk5R/_old 2026-03-30 18:37:26.842480212 +0200 +++ /var/tmp/diff_new_pack.YIsk5R/_new 2026-03-30 18:37:26.846480379 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/eksctl-io/eksctl</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v0.224.0</param> + <param name="revision">v0.225.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.YIsk5R/_old 2026-03-30 18:37:26.874481548 +0200 +++ /var/tmp/diff_new_pack.YIsk5R/_new 2026-03-30 18:37:26.878481716 +0200 @@ -3,6 +3,6 @@ <param name="url">https://github.com/weaveworks/eksctl</param> <param name="changesrevision">5b28c17948a1036f26becbbc02d23e61195e8a33</param></service><service name="tar_scm"> <param name="url">https://github.com/eksctl-io/eksctl</param> - <param name="changesrevision">be36fd4e253a61d4c30a6d9f7a4e9148a48e5477</param></service></servicedata> + <param name="changesrevision">02674beb75c9346abcef72f9c1e755115f85db29</param></service></servicedata> (No newline at EOF) ++++++ eksctl-0.224.0.obscpio -> eksctl-0.225.0.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/docs/release_notes/0.225.0.md new/eksctl-0.225.0/docs/release_notes/0.225.0.md --- old/eksctl-0.224.0/docs/release_notes/0.225.0.md 1970-01-01 01:00:00.000000000 +0100 +++ new/eksctl-0.225.0/docs/release_notes/0.225.0.md 2026-03-30 09:52:23.000000000 +0200 @@ -0,0 +1,16 @@ +# Release v0.225.0 + +## 🚀 Features + +- Honour permissionPolicyName for pod identity inline IAM policies (#8675) +- feat: add fargate profile support for EKS internal endpoint (#8694) +- feat: add permissions for ECR Public container pulls to Auto Mode NodeRole (#8698) + +## 🐛 Bug Fixes + +- fix(goformation): Remove redundant condition in property.go (#8691) + +## Acknowledgments + +The eksctl maintainers would like to sincerely thank @HusainZafar, @ShiriNmi1520, @avoidik and @fletcherw. + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/go.mod new/eksctl-0.225.0/go.mod --- old/eksctl-0.224.0/go.mod 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/go.mod 2026-03-30 09:52:23.000000000 +0200 @@ -7,24 +7,24 @@ require ( github.com/Masterminds/semver/v3 v3.4.0 github.com/aws/amazon-ec2-instance-selector/v3 v3.1.2 - github.com/aws/aws-sdk-go-v2 v1.41.2 + github.com/aws/aws-sdk-go-v2 v1.41.3 github.com/aws/aws-sdk-go-v2/config v1.32.7 github.com/aws/aws-sdk-go-v2/credentials v1.19.7 - github.com/aws/aws-sdk-go-v2/service/autoscaling v1.64.1 - github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.6 - github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.55.6 - github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.63.2 + github.com/aws/aws-sdk-go-v2/service/autoscaling v1.64.2 + github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.7 + github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.55.7 + github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.64.0 github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.57.7 - github.com/aws/aws-sdk-go-v2/service/ec2 v1.291.0 - github.com/aws/aws-sdk-go-v2/service/eks v1.80.1 - github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.33.20 - github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.54.7 - github.com/aws/aws-sdk-go-v2/service/iam v1.53.3 + github.com/aws/aws-sdk-go-v2/service/ec2 v1.294.0 + github.com/aws/aws-sdk-go-v2/service/eks v1.80.2 + github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.33.21 + github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.54.8 + github.com/aws/aws-sdk-go-v2/service/iam v1.53.4 github.com/aws/aws-sdk-go-v2/service/kms v1.47.1 - github.com/aws/aws-sdk-go-v2/service/outposts v1.57.12 - github.com/aws/aws-sdk-go-v2/service/ssm v1.68.1 + github.com/aws/aws-sdk-go-v2/service/outposts v1.57.13 + github.com/aws/aws-sdk-go-v2/service/ssm v1.68.2 github.com/aws/aws-sdk-go-v2/service/sts v1.41.6 - github.com/aws/smithy-go v1.24.1 + github.com/aws/smithy-go v1.24.2 github.com/awslabs/amazon-eks-ami/nodeadm v0.0.0-20260213141146-147b13ea3f4a github.com/benjamintf1/unmarshalledmatchers v1.0.0 github.com/blang/semver/v4 v4.0.0 @@ -134,16 +134,16 @@ github.com/ashanbrown/forbidigo/v2 v2.3.0 // indirect github.com/ashanbrown/makezero/v2 v2.1.0 // indirect github.com/atotto/clipboard v0.1.4 // indirect - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.5 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.6 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.18 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.18 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.19 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.19 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.14 // indirect github.com/aws/aws-sdk-go-v2/service/eventbridge v1.39.3 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.5 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.6 // indirect github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.5 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.18 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.19 // indirect github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.14 // indirect github.com/aws/aws-sdk-go-v2/service/pricing v1.34.3 // indirect github.com/aws/aws-sdk-go-v2/service/route53 v1.52.2 // indirect diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/go.sum new/eksctl-0.225.0/go.sum --- old/eksctl-0.224.0/go.sum 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/go.sum 2026-03-30 09:52:23.000000000 +0200 @@ -108,58 +108,58 @@ github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI= github.com/aws/amazon-ec2-instance-selector/v3 v3.1.2 h1:F8GBspJo+RmR4rYyw75XywEEQHQxBbF7QYKaMMnYREc= github.com/aws/amazon-ec2-instance-selector/v3 v3.1.2/go.mod h1:wdlMRtz9G4IO6H1yZPsqfGBxR8E6B/bdxHlGkls4kGQ= -github.com/aws/aws-sdk-go-v2 v1.41.2 h1:LuT2rzqNQsauaGkPK/7813XxcZ3o3yePY0Iy891T2ls= -github.com/aws/aws-sdk-go-v2 v1.41.2/go.mod h1:IvvlAZQXvTXznUPfRVfryiG1fbzE2NGK6m9u39YQ+S4= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.5 h1:zWFmPmgw4sveAYi1mRqG+E/g0461cJ5M4bJ8/nc6d3Q= -github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.5/go.mod h1:nVUlMLVV8ycXSb7mSkcNu9e3v/1TJq2RTlrPwhYWr5c= +github.com/aws/aws-sdk-go-v2 v1.41.3 h1:4kQ/fa22KjDt13QCy1+bYADvdgcxpfH18f0zP542kZA= +github.com/aws/aws-sdk-go-v2 v1.41.3/go.mod h1:mwsPRE8ceUUpiTgF7QmQIJ7lgsKUPQOUl3o72QBrE1o= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.6 h1:N4lRUXZpZ1KVEUn6hxtco/1d2lgYhNn1fHkkl8WhlyQ= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.7.6/go.mod h1:lyw7GFp3qENLh7kwzf7iMzAxDn+NzjXEAGjKS2UOKqI= github.com/aws/aws-sdk-go-v2/config v1.32.7 h1:vxUyWGUwmkQ2g19n7JY/9YL8MfAIl7bTesIUykECXmY= github.com/aws/aws-sdk-go-v2/config v1.32.7/go.mod h1:2/Qm5vKUU/r7Y+zUk/Ptt2MDAEKAfUtKc1+3U1Mo3oY= github.com/aws/aws-sdk-go-v2/credentials v1.19.7 h1:tHK47VqqtJxOymRrNtUXN5SP/zUTvZKeLx4tH6PGQc8= github.com/aws/aws-sdk-go-v2/credentials v1.19.7/go.mod h1:qOZk8sPDrxhf+4Wf4oT2urYJrYt3RejHSzgAquYeppw= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17 h1:I0GyV8wiYrP8XpA70g1HBcQO1JlQxCMTW9npl5UbDHY= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17/go.mod h1:tyw7BOl5bBe/oqvoIeECFJjMdzXoa/dfVz3QQ5lgHGA= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.18 h1:F43zk1vemYIqPAwhjTjYIz0irU2EY7sOb/F5eJ3HuyM= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.18/go.mod h1:w1jdlZXrGKaJcNoL+Nnrj+k5wlpGXqnNrKoP22HvAug= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.18 h1:xCeWVjj0ki0l3nruoyP2slHsGArMxeiiaoPN5QZH6YQ= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.18/go.mod h1:r/eLGuGCBw6l36ZRWiw6PaZwPXb6YOj+i/7MizNl5/k= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.19 h1:/sECfyq2JTifMI2JPyZ4bdRN77zJmr6SrS1eL3augIA= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.19/go.mod h1:dMf8A5oAqr9/oxOfLkC/c2LU/uMcALP0Rgn2BD5LWn0= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.19 h1:AWeJMk33GTBf6J20XJe6qZoRSJo0WfUhsMdUKhoODXE= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.19/go.mod h1:+GWrYoaAsV7/4pNHpwh1kiNLXkKaSoppxQq9lbH8Ejw= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 h1:WKuaxf++XKWlHWu9ECbMlha8WOEGm0OUEZqm4K/Gcfk= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4/go.mod h1:ZWy7j6v1vWGmPReu0iSGvRiise4YI5SkR3OHKTZ6Wuc= github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.14 h1:ITi7qiDSv/mSGDSWNpZ4k4Ve0DQR6Ug2SJQ8zEHoDXg= github.com/aws/aws-sdk-go-v2/internal/v4a v1.4.14/go.mod h1:k1xtME53H1b6YpZt74YmwlONMWf4ecM+lut1WQLAF/U= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.64.1 h1:3eD5+Hg+h7XTwmix7vWf5oSIBp/1+KWync+JVsgfWsg= -github.com/aws/aws-sdk-go-v2/service/autoscaling v1.64.1/go.mod h1:c7Rb5WS2TW1nY+Mz60fPTdMAdkpZWCIzHz7HrNdKft8= -github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.6 h1:3Rzut9v4ULIX3kjA6w3/Zaq2g8wBx6qJXB4BhQhIgjs= -github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.6/go.mod h1:skaILkh1I1KNecsZHyNL4c6hdHop7apjt6YzAhezMkc= -github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.55.6 h1:I/7eKwGn6VLi+Uj0evnV9ivdck2DG0GFNzhRJtBGt4U= -github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.55.6/go.mod h1:KD0ez/ci26xygH+Cd8KdrAQN0BsTDhLmwnpZH7CzZQY= -github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.63.2 h1:9Zc/otv2WzK7gbhXIbDfzV5aWUoaFDV7WHPcpvp4B8o= -github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.63.2/go.mod h1:dvfInk3WN/sz8is2m5iN5EFYQzIXcQLaT2UnauE8uL4= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.64.2 h1:pzFtdV2DArJul6aM3+WiWjUQ63IzrSnSbvBr8FAokt4= +github.com/aws/aws-sdk-go-v2/service/autoscaling v1.64.2/go.mod h1:8xQlcle6cf4R66HrXbiahORXakWpLlvJXoiGae5BlIc= +github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.7 h1:QkM9aGnVnXrXpxXJMu7GO+E/eho+RfItwDp71aPa79o= +github.com/aws/aws-sdk-go-v2/service/cloudformation v1.71.7/go.mod h1:XluvzGQyrIEHZQOYM7QuO+ViUk3wPXF0VsI5+fum67s= +github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.55.7 h1:yd6F0NesTmsJVOCINfKXBcGXx9J7k4hZQU/njcUlC7w= +github.com/aws/aws-sdk-go-v2/service/cloudtrail v1.55.7/go.mod h1:t6XfFh0GZGngXjAlsmFedoylELOo9t/XetRCeTEfZEc= +github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.64.0 h1:6QLwTAIR2z3QmYxuHM8nfZkW/C/qn4cvhesHIE98/CE= +github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.64.0/go.mod h1:RCkMRCGlsyFwF9Accj7GsHQFCIR9s8iRbv4LPYOT9wY= github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.57.7 h1:1LPBlVrceFenrbWOZBGu8KTmX8TTMpZfRxX0HCnSjz0= github.com/aws/aws-sdk-go-v2/service/cognitoidentityprovider v1.57.7/go.mod h1:l8KDrD4EZQwTuM69YK3LFZ4c9VbNHrzaQJjJsoIFqfo= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.291.0 h1:E0/zdPeHKCpXVRAImhnHJYgpfZnTCjnr6i75gZIhwHs= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.291.0/go.mod h1:2dMnUs1QzlGzsm46i9oBHAxVHQp7b6qF7PljWcgVEVE= -github.com/aws/aws-sdk-go-v2/service/eks v1.80.1 h1:Aivj88+23MYkW/B507eqsnLHTMmj4A/Us2AxKz+PDkM= -github.com/aws/aws-sdk-go-v2/service/eks v1.80.1/go.mod h1:p30UgulgoiPvwWGGfVeiaCbOzD1PTObBVYn6MmCPHVg= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.33.20 h1:kHQywC96ZviLmJJmgWKm6NTGX1BR3hEv52Gl82ik0i0= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.33.20/go.mod h1:bsLJBZhd8V2OqgNFn61nVh6PTluA4JZh+/DIneIntw4= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.54.7 h1:txeoy+BxL/Xef6Cl8zAq4ZewY7c+KnQ3gPSMSTTkTt4= -github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.54.7/go.mod h1:tv2v97S1V5kkp/1vneSYad5Cnrbo+4vfiNNAKCWNKIk= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.294.0 h1:776KnBqePBBR6zEDi0bUIHXzUBOISa2WgAKEgckUF8M= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.294.0/go.mod h1:rB577GvkmJADVOFGY8/j9sPv/ewcsEtQNsd9Lrn7Zx0= +github.com/aws/aws-sdk-go-v2/service/eks v1.80.2 h1:+FLU7+D9AW9ZMQIg4YjIN/nTJV0A2TIB2f+ovZXqAdU= +github.com/aws/aws-sdk-go-v2/service/eks v1.80.2/go.mod h1:nx52u/3RVDWkOcrAchYgt7CXkrd03A6Gvzi0trtMFjQ= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.33.21 h1:VriOdPKF8YrkMpnT76ZwA2LXk5aBInOfuzN14QGTOJc= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancing v1.33.21/go.mod h1:sp4Mz5YUnYCvIkGNEcdEPp+DuHqquEZYXyIuKXuHzig= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.54.8 h1:xUwbqWhKASQsigeQfeBjhbm6dAP1EeTulHnNSYv5Xfc= +github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.54.8/go.mod h1:sQoz/dTooY3kCkNNGxVLTS7EacLA0qXUaK4BkpMjGOc= github.com/aws/aws-sdk-go-v2/service/eventbridge v1.39.3 h1:T6L7fsONflMeXuvsT8qZ247hA8ShBB0jF9yUEhW4JqI= github.com/aws/aws-sdk-go-v2/service/eventbridge v1.39.3/go.mod h1:sIrUII6Z+hAVAgcpmsc2e9HvEr++m/v8aBPT7s4ZYUk= -github.com/aws/aws-sdk-go-v2/service/iam v1.53.3 h1:boKZv8dNdHznhAA68hb/dqFz5pxoWmRAOJr9LtscVCI= -github.com/aws/aws-sdk-go-v2/service/iam v1.53.3/go.mod h1:E0QHh3aEwxYb7xshjvxYDELiOda7KBYJ77e/TvGhpcM= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.5 h1:CeY9LUdur+Dxoeldqoun6y4WtJ3RQtzk0JMP2gfUay0= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.5/go.mod h1:AZLZf2fMaahW5s/wMRciu1sYbdsikT/UHwbUjOdEVTc= +github.com/aws/aws-sdk-go-v2/service/iam v1.53.4 h1:FUWGS7m97SYL0bk9Kb+Q4bVpcSrKOHNiIbEXIRFTRW4= +github.com/aws/aws-sdk-go-v2/service/iam v1.53.4/go.mod h1:seDE466zJ4haVuAVcRk+yIH4DWb3s6cqt3Od8GxnGAA= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.6 h1:XAq62tBTJP/85lFD5oqOOe7YYgWxY9LvWq8plyDvDVg= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.6/go.mod h1:x0nZssQ3qZSnIcePWLvcoFisRXJzcTVvYpAAdYX8+GI= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.5 h1:Hjkh7kE6D81PgrHlE/m9gx+4TyyeLHuY8xJs7yXN5C4= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.9.5/go.mod h1:nPRXgyCfAurhyaTMoBMwRBYBhaHI4lNPAnJmjM0Tslc= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.18 h1:LTRCYFlnnKFlKsyIQxKhJuDuA3ZkrDQMRYm6rXiHlLY= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.18/go.mod h1:XhwkgGG6bHSd00nO/mexWTcTjgd6PjuvWQMqSn2UaEk= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.19 h1:X1Tow7suZk9UCJHE1Iw9GMZJJl0dAnKXXP1NaSDHwmw= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.19/go.mod h1:/rARO8psX+4sfjUQXp5LLifjUt8DuATZ31WptNJTyQA= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.14 h1:FzQE21lNtUor0Fb7QNgnEyiRCBlolLTX/Z1j65S7teM= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.19.14/go.mod h1:s1ydyWG9pm3ZwmmYN21HKyG9WzAZhYVW85wMHs5FV6w= github.com/aws/aws-sdk-go-v2/service/kms v1.47.1 h1:6+C0RoGF4HJQALrsecOXN7cm/l5rgNHCw2xbcvFgpH4= github.com/aws/aws-sdk-go-v2/service/kms v1.47.1/go.mod h1:VJcNH6BLr+3VJwinRKdotLOMglHO8mIKlD3ea5c7hbw= -github.com/aws/aws-sdk-go-v2/service/outposts v1.57.12 h1:WKhrnkrXnuMunZlzyvCIuM8mP7hE3eW0vu+kkPQhnlY= -github.com/aws/aws-sdk-go-v2/service/outposts v1.57.12/go.mod h1:SzuukjKn9dAz2nrgRz2jXDeii4BEACa9jFzuVJKjalc= +github.com/aws/aws-sdk-go-v2/service/outposts v1.57.13 h1:WZtZkRXsNpCwgrUeE8+RP3UvfiSGMKvGS9WTlr5syE8= +github.com/aws/aws-sdk-go-v2/service/outposts v1.57.13/go.mod h1:gSKx2rXBosvBz74takE/Xux83pnSGqNaGrvu5paBesg= github.com/aws/aws-sdk-go-v2/service/pricing v1.34.3 h1:vAv0hi3SWcc8cotkWRP4mPkmRbp/XqWKFyPW4Nwpzv0= github.com/aws/aws-sdk-go-v2/service/pricing v1.34.3/go.mod h1:giTP9ufzBQJRB6bc7P30PO8s35hCp6au5uM70zkohU4= github.com/aws/aws-sdk-go-v2/service/route53 v1.52.2 h1:dXHWVVPx2W2fq2PTugj8QXpJ0YTRAGx0KLPKhMBmcsY= @@ -170,16 +170,16 @@ github.com/aws/aws-sdk-go-v2/service/signin v1.0.5/go.mod h1:k029+U8SY30/3/ras4G/Fnv/b88N4mAfliNn08Dem4M= github.com/aws/aws-sdk-go-v2/service/sqs v1.38.8 h1:80dpSqWMwx2dAm30Ib7J6ucz1ZHfiv5OCRwN/EnCOXQ= github.com/aws/aws-sdk-go-v2/service/sqs v1.38.8/go.mod h1:IzNt/udsXlETCdvBOL0nmyMe2t9cGmXmZgsdoZGYYhI= -github.com/aws/aws-sdk-go-v2/service/ssm v1.68.1 h1:kDgdZuYBWSsh3U/jZOXwcqfX6UsSzFcmtgKx7C0c5/E= -github.com/aws/aws-sdk-go-v2/service/ssm v1.68.1/go.mod h1:xyao5chroDlX/9q/rKBxRKZPv9NdG5Pm9W5zS+wQJ84= +github.com/aws/aws-sdk-go-v2/service/ssm v1.68.2 h1:idKv7B7NjmTDd05YHQYMMEFNeD0rWxs/kVX4lsjEiDo= +github.com/aws/aws-sdk-go-v2/service/ssm v1.68.2/go.mod h1:1NiL45h4A60CO/hu/UdNyG5AD3VEsdpaQx1l5KtpurA= github.com/aws/aws-sdk-go-v2/service/sso v1.30.9 h1:v6EiMvhEYBoHABfbGB4alOYmCIrcgyPPiBE1wZAEbqk= github.com/aws/aws-sdk-go-v2/service/sso v1.30.9/go.mod h1:yifAsgBxgJWn3ggx70A3urX2AN49Y5sJTD1UQFlfqBw= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.13 h1:gd84Omyu9JLriJVCbGApcLzVR3XtmC4ZDPcAI6Ftvds= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.13/go.mod h1:sTGThjphYE4Ohw8vJiRStAcu3rbjtXRsdNB0TvZ5wwo= github.com/aws/aws-sdk-go-v2/service/sts v1.41.6 h1:5fFjR/ToSOzB2OQ/XqWpZBmNvmP/pJ1jOWYlFDJTjRQ= github.com/aws/aws-sdk-go-v2/service/sts v1.41.6/go.mod h1:qgFDZQSD/Kys7nJnVqYlWKnh0SSdMjAi0uSwON4wgYQ= -github.com/aws/smithy-go v1.24.1 h1:VbyeNfmYkWoxMVpGUAbQumkODcYmfMRfZ8yQiH30SK0= -github.com/aws/smithy-go v1.24.1/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0= +github.com/aws/smithy-go v1.24.2 h1:FzA3bu/nt/vDvmnkg+R8Xl46gmzEDam6mZ1hzmwXFng= +github.com/aws/smithy-go v1.24.2/go.mod h1:YE2RhdIuDbA5E5bTdciG9KrW3+TiEONeUWCqxX9i1Fc= github.com/awslabs/amazon-eks-ami/nodeadm v0.0.0-20260213141146-147b13ea3f4a h1:xGY9gNZ4pGlqZti3DlsR8WiHz9sjjfaofG0KH0UgAhg= github.com/awslabs/amazon-eks-ami/nodeadm v0.0.0-20260213141146-147b13ea3f4a/go.mod h1:JndTvVCUQsR9TiNZ6g9J5V2LGQkuhhgUGuxzWhNZLA0= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/actions/addon/mocks/IAMRoleCreator.go new/eksctl-0.225.0/pkg/actions/addon/mocks/IAMRoleCreator.go --- old/eksctl-0.224.0/pkg/actions/addon/mocks/IAMRoleCreator.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/actions/addon/mocks/IAMRoleCreator.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/actions/addon/mocks/IAMRoleUpdater.go new/eksctl-0.225.0/pkg/actions/addon/mocks/IAMRoleUpdater.go --- old/eksctl-0.224.0/pkg/actions/addon/mocks/IAMRoleUpdater.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/actions/addon/mocks/IAMRoleUpdater.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/actions/addon/mocks/PodIdentityIAMUpdater.go new/eksctl-0.225.0/pkg/actions/addon/mocks/PodIdentityIAMUpdater.go --- old/eksctl-0.224.0/pkg/actions/addon/mocks/PodIdentityIAMUpdater.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/actions/addon/mocks/PodIdentityIAMUpdater.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/actions/automode/mocks/cluster_role_manager.go new/eksctl-0.225.0/pkg/actions/automode/mocks/cluster_role_manager.go --- old/eksctl-0.224.0/pkg/actions/automode/mocks/cluster_role_manager.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/actions/automode/mocks/cluster_role_manager.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/actions/automode/mocks/node_group_drainer.go new/eksctl-0.225.0/pkg/actions/automode/mocks/node_group_drainer.go --- old/eksctl-0.224.0/pkg/actions/automode/mocks/node_group_drainer.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/actions/automode/mocks/node_group_drainer.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/actions/automode/mocks/role_manager.go new/eksctl-0.225.0/pkg/actions/automode/mocks/role_manager.go --- old/eksctl-0.224.0/pkg/actions/automode/mocks/role_manager.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/actions/automode/mocks/role_manager.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/actions/capability/mocks/creator_interface.go new/eksctl-0.225.0/pkg/actions/capability/mocks/creator_interface.go --- old/eksctl-0.224.0/pkg/actions/capability/mocks/creator_interface.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/actions/capability/mocks/creator_interface.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/actions/capability/mocks/getter_interface.go new/eksctl-0.225.0/pkg/actions/capability/mocks/getter_interface.go --- old/eksctl-0.224.0/pkg/actions/capability/mocks/getter_interface.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/actions/capability/mocks/getter_interface.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/actions/capability/mocks/remover_interface.go new/eksctl-0.225.0/pkg/actions/capability/mocks/remover_interface.go --- old/eksctl-0.224.0/pkg/actions/capability/mocks/remover_interface.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/actions/capability/mocks/remover_interface.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/actions/capability/mocks/stack_creator.go new/eksctl-0.225.0/pkg/actions/capability/mocks/stack_creator.go --- old/eksctl-0.224.0/pkg/actions/capability/mocks/stack_creator.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/actions/capability/mocks/stack_creator.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/actions/capability/mocks/stack_remover.go new/eksctl-0.225.0/pkg/actions/capability/mocks/stack_remover.go --- old/eksctl-0.224.0/pkg/actions/capability/mocks/stack_remover.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/actions/capability/mocks/stack_remover.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/actions/cluster/mocks/auto_mode_deleter.go new/eksctl-0.225.0/pkg/actions/cluster/mocks/auto_mode_deleter.go --- old/eksctl-0.224.0/pkg/actions/cluster/mocks/auto_mode_deleter.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/actions/cluster/mocks/auto_mode_deleter.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/actions/podidentityassociation/mocks/RoleMigrator.go new/eksctl-0.225.0/pkg/actions/podidentityassociation/mocks/RoleMigrator.go --- old/eksctl-0.224.0/pkg/actions/podidentityassociation/mocks/RoleMigrator.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/actions/podidentityassociation/mocks/RoleMigrator.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/actions/podidentityassociation/mocks/StackDeleter.go new/eksctl-0.225.0/pkg/actions/podidentityassociation/mocks/StackDeleter.go --- old/eksctl-0.224.0/pkg/actions/podidentityassociation/mocks/StackDeleter.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/actions/podidentityassociation/mocks/StackDeleter.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/apis/eksctl.io/v1alpha5/assets/schema.json new/eksctl-0.225.0/pkg/apis/eksctl.io/v1alpha5/assets/schema.json --- old/eksctl-0.224.0/pkg/apis/eksctl.io/v1alpha5/assets/schema.json 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/apis/eksctl.io/v1alpha5/assets/schema.json 2026-03-30 09:52:23.000000000 +0200 @@ -2865,6 +2865,9 @@ }, "type": "array" }, + "permissionPolicyName": { + "type": "string" + }, "permissionsBoundaryARN": { "type": "string" }, @@ -2906,6 +2909,7 @@ "roleName", "permissionsBoundaryARN", "permissionPolicyARNs", + "permissionPolicyName", "permissionPolicy", "wellKnownPolicies", "tags", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/apis/eksctl.io/v1alpha5/iam.go new/eksctl-0.225.0/pkg/apis/eksctl.io/v1alpha5/iam.go --- old/eksctl-0.224.0/pkg/apis/eksctl.io/v1alpha5/iam.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/apis/eksctl.io/v1alpha5/iam.go 2026-03-30 09:52:23.000000000 +0200 @@ -193,6 +193,9 @@ PermissionPolicyARNs []string `json:"permissionPolicyARNs,omitempty"` // +optional + PermissionPolicyName string `json:"permissionPolicyName,omitempty"` + + // +optional PermissionPolicy InlineDocument `json:"permissionPolicy,omitempty"` // +optional diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/apis/eksctl.io/v1alpha5/validation.go new/eksctl-0.225.0/pkg/apis/eksctl.io/v1alpha5/validation.go --- old/eksctl-0.224.0/pkg/apis/eksctl.io/v1alpha5/validation.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/apis/eksctl.io/v1alpha5/validation.go 2026-03-30 09:52:23.000000000 +0200 @@ -186,6 +186,12 @@ } } + for i := range cfg.IAM.PodIdentityAssociations { + if err := validatePermissionPolicyName(&cfg.IAM.PodIdentityAssociations[i]); err != nil { + return fmt.Errorf("iam.podIdentityAssociations[%d]: %w", i, err) + } + } + if err := cfg.validateKubernetesNetworkConfig(); err != nil { return err } @@ -1832,19 +1838,43 @@ return nil } +func validatePermissionPolicyName(pia *PodIdentityAssociation) error { + if pia.PermissionPolicyName == "" { + return nil + } + if len(pia.PermissionPolicy) == 0 { + return fmt.Errorf("permissionPolicyName requires permissionPolicy to be set") + } + hasAlphanumeric := false + for _, r := range pia.PermissionPolicyName { + if (r >= 'a' && r <= 'z') || (r >= 'A' && r <= 'Z') || (r >= '0' && r <= '9') { + hasAlphanumeric = true + break + } + } + if !hasAlphanumeric { + return fmt.Errorf("permissionPolicyName %q must contain at least one alphanumeric character", pia.PermissionPolicyName) + } + return nil +} + func validateAddonPodIdentityAssociations(addons []*Addon) error { for _, addon := range addons { makeAddonErr := func(msg string) error { return fmt.Errorf("%s (addon: %s)", msg, addon.Name) } if addon.PodIdentityAssociations != nil { - for _, pia := range *addon.PodIdentityAssociations { + for i := range *addon.PodIdentityAssociations { + pia := &(*addon.PodIdentityAssociations)[i] if pia.WellKnownPolicies.HasPolicy() { return makeAddonErr("wellKnownPolicies is not supported for addon.podIdentityAssociations; use addon.useDefaultPodIdentityAssociations instead") } if pia.Tags != nil { return makeAddonErr("tags is not supported for addon.podIdentityAssociations") } + if err := validatePermissionPolicyName(pia); err != nil { + return makeAddonErr(err.Error()) + } } } if addon.UseDefaultPodIdentityAssociations { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/apis/eksctl.io/v1alpha5/validation_test.go new/eksctl-0.225.0/pkg/apis/eksctl.io/v1alpha5/validation_test.go --- old/eksctl-0.224.0/pkg/apis/eksctl.io/v1alpha5/validation_test.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/apis/eksctl.io/v1alpha5/validation_test.go 2026-03-30 09:52:23.000000000 +0200 @@ -2788,6 +2788,76 @@ ServiceAccountRoleARN: "role-1", }, }, ""), + Entry("permissionPolicyName without permissionPolicy", []*api.Addon{ + { + Name: api.VPCCNIAddon, + PodIdentityAssociations: &[]api.PodIdentityAssociation{ + { + ServiceAccountName: "aws-node", + PermissionPolicyName: "my-policy", + }, + }, + }, + }, "permissionPolicyName requires permissionPolicy to be set"), + Entry("permissionPolicyName with only special characters", []*api.Addon{ + { + Name: api.VPCCNIAddon, + PodIdentityAssociations: &[]api.PodIdentityAssociation{ + { + ServiceAccountName: "aws-node", + PermissionPolicyName: "---!!!", + PermissionPolicy: api.InlineDocument{"Version": "2012-10-17"}, + }, + }, + }, + }, `permissionPolicyName "---!!!" must contain at least one alphanumeric character`), + Entry("valid permissionPolicyName with permissionPolicy", []*api.Addon{ + { + Name: api.VPCCNIAddon, + PodIdentityAssociations: &[]api.PodIdentityAssociation{ + { + ServiceAccountName: "aws-node", + PermissionPolicyName: "my-policy", + PermissionPolicy: api.InlineDocument{"Version": "2012-10-17"}, + }, + }, + }, + }, ""), + ) + + DescribeTable("iam pod identity association permissionPolicyName", func(pias []api.PodIdentityAssociation, expectedErr string) { + clusterConfig := api.NewClusterConfig() + clusterConfig.IAM.PodIdentityAssociations = pias + err := api.ValidateClusterConfig(clusterConfig) + if expectedErr != "" { + Expect(err).To(MatchError(ContainSubstring(expectedErr))) + } else { + Expect(err).NotTo(HaveOccurred()) + } + }, + Entry("permissionPolicyName without permissionPolicy", []api.PodIdentityAssociation{ + { + Namespace: "kube-system", + ServiceAccountName: "aws-node", + PermissionPolicyName: "my-policy", + }, + }, "permissionPolicyName requires permissionPolicy to be set"), + Entry("permissionPolicyName with only special characters", []api.PodIdentityAssociation{ + { + Namespace: "kube-system", + ServiceAccountName: "aws-node", + PermissionPolicyName: "---!!!", + PermissionPolicy: api.InlineDocument{"Version": "2012-10-17"}, + }, + }, `permissionPolicyName "---!!!" must contain at least one alphanumeric character`), + Entry("valid permissionPolicyName", []api.PodIdentityAssociation{ + { + Namespace: "kube-system", + ServiceAccountName: "aws-node", + PermissionPolicyName: "my-policy", + PermissionPolicy: api.InlineDocument{"Version": "2012-10-17"}, + }, + }, ""), ) }) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/apis/eksctl.io/v1alpha5/zz_generated.deepcopy.go new/eksctl-0.225.0/pkg/apis/eksctl.io/v1alpha5/zz_generated.deepcopy.go --- old/eksctl-0.224.0/pkg/apis/eksctl.io/v1alpha5/zz_generated.deepcopy.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/apis/eksctl.io/v1alpha5/zz_generated.deepcopy.go 2026-03-30 09:52:23.000000000 +0200 @@ -2406,6 +2406,11 @@ *out = new(bool) **out = **in } + if in.Policy != nil { + in, out := &in.Policy, &out.Policy + *out = new(string) + **out = **in + } return } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/automode/mocks/stack_creator.go new/eksctl-0.225.0/pkg/automode/mocks/stack_creator.go --- old/eksctl-0.224.0/pkg/automode/mocks/stack_creator.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/automode/mocks/stack_creator.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/automode/mocks/stack_deleter.go new/eksctl-0.225.0/pkg/automode/mocks/stack_deleter.go --- old/eksctl-0.224.0/pkg/automode/mocks/stack_deleter.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/automode/mocks/stack_deleter.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/awsapi/cloudwatchlogs.go new/eksctl-0.225.0/pkg/awsapi/cloudwatchlogs.go --- old/eksctl-0.224.0/pkg/awsapi/cloudwatchlogs.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/awsapi/cloudwatchlogs.go 2026-03-30 09:52:23.000000000 +0200 @@ -179,9 +179,10 @@ // // - logs:PutResourcePolicy // - // - (If source has an associated AWS KMS Key) kms:Decrypt + // - (If source has an associated Amazon Web Services KMS Key) kms:Decrypt // - // - (If source has an associated AWS KMS Key) kms:GenerateDataKey + // - (If source has an associated Amazon Web Services KMS Key) + // kms:GenerateDataKey // // Example IAM policy for provided import role: // @@ -760,6 +761,15 @@ // original JSON structure where the large field was located. For example, this // could be @ptr.$['input']['message'] , @ptr.$['AAA']['BBB']['CCC']['DDD'] , // @ptr.$['AAA'] , or any other path matching your log structure. + // + // The GetLogObject API routes requests using SDK host prefix injection. SDK + // versions released before April 1, 2026 route to + // streaming-logs.Region.amazonaws.com , which does not support VPC endpoints. SDK + // versions released on or after April 1, 2026 route to + // stream-logs.Region.amazonaws.com , which supports VPC endpoints. To set up a VPC + // endpoint for this API, see [Creating a VPC endpoint for CloudWatch Logs]. + // + // [Creating a VPC endpoint for CloudWatch Logs]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/cloudwatch-logs-and-interface-VPC.html#create-VPC-endpoint-for-CloudWatchLogs GetLogObject(ctx context.Context, params *cloudwatchlogs.GetLogObjectInput, optFns ...func(*Options)) (*cloudwatchlogs.GetLogObjectOutput, error) // Retrieves all of the fields and values of a single log event. All fields are // retrieved, even if the original query that produced the logRecordPointer @@ -1161,11 +1171,11 @@ // When a policy disables EMF metric creation for a log group, log events in the // EMF format are still ingested, but no CloudWatch Metrics are created from them. // - // Creating a policy disables metrics for AWS features that use EMF to create - // metrics, such as CloudWatch Container Insights and CloudWatch Application - // Signals. To prevent turning off those features by accident, we recommend that - // you exclude the underlying log-groups through a selection-criteria such as - // LogGroupNamePrefix NOT IN ["/aws/containerinsights", + // Creating a policy disables metrics for Amazon Web Services features that use + // EMF to create metrics, such as CloudWatch Container Insights and CloudWatch + // Application Signals. To prevent turning off those features by accident, we + // recommend that you exclude the underlying log-groups through a + // selection-criteria such as LogGroupNamePrefix NOT IN ["/aws/containerinsights", // "/aws/ecs/containerinsights", "/aws/application-signals/data"] . // // Each account can have either one account-level metric extraction policy that @@ -1218,6 +1228,14 @@ // [Use facets to group and explore logs]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Facets.html // [Create field indexes to improve query performance and reduce costs]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs-Field-Indexing.html PutAccountPolicy(ctx context.Context, params *cloudwatchlogs.PutAccountPolicyInput, optFns ...func(*Options)) (*cloudwatchlogs.PutAccountPolicyOutput, error) + // Enables or disables bearer token authentication for the specified log group. + // When enabled on a log group, bearer token authentication is enabled on + // operations until it is explicitly disabled. + // + // For information about the parameters that are common to all actions, see [Common Parameters]. + // + // [Common Parameters]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/CommonParameters.html + PutBearerTokenAuthentication(ctx context.Context, params *cloudwatchlogs.PutBearerTokenAuthenticationInput, optFns ...func(*Options)) (*cloudwatchlogs.PutBearerTokenAuthenticationOutput, error) // Creates a data protection policy for the specified log group. A data protection // policy can help safeguard sensitive data that's ingested by the log group by // auditing and masking the sensitive log data. @@ -1715,9 +1733,12 @@ // - A [SessionTimeoutException]object is returned when the session times out, after it has been kept // open for three hours. // - // The StartLiveTail API routes requests to streaming-logs.Region.amazonaws.com - // using SDK host prefix injection. VPC endpoint support is not available for this - // API. + // The StartLiveTail API routes requests using SDK host prefix injection. SDK + // versions released before April 1, 2026 route to + // streaming-logs.Region.amazonaws.com , which does not support VPC endpoints. SDK + // versions released on or after April 1, 2026 route to + // stream-logs.Region.amazonaws.com , which supports VPC endpoints. To set up a VPC + // endpoint for this API, see [Creating a VPC endpoint for CloudWatch Logs]. // // You can end a session before it times out by closing the session stream or by // closing the client that is receiving the stream. The session also ends if the @@ -1728,6 +1749,7 @@ // [LiveTailSessionStart]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_LiveTailSessionStart.html // [LiveTailSessionUpdate]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_LiveTailSessionUpdate.html // [Use Live Tail to view logs in near real time]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CloudWatchLogs_LiveTail.html + // [Creating a VPC endpoint for CloudWatch Logs]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/cloudwatch-logs-and-interface-VPC.html#create-VPC-endpoint-for-CloudWatchLogs // [Start a Live Tail session using an Amazon Web Services SDK]: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/example_cloudwatch-logs_StartLiveTail_section.html // // [SessionTimeoutException]: https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_StartLiveTailResponseStream.html#CWL-Type-StartLiveTailResponseStream-SessionTimeoutException diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/awsapi/ec2.go new/eksctl-0.225.0/pkg/awsapi/ec2.go --- old/eksctl-0.224.0/pkg/awsapi/ec2.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/awsapi/ec2.go 2026-03-30 09:52:23.000000000 +0200 @@ -1392,7 +1392,7 @@ // // [Route tables]: https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html CreateRouteTable(ctx context.Context, params *ec2.CreateRouteTableInput, optFns ...func(*Options)) (*ec2.CreateRouteTableOutput, error) - // Creates an Amazon secondary network. + // Creates a secondary network. // // The allowed size for a secondary network CIDR block is between /28 netmask (16 // IP addresses) and /12 netmask (1,048,576 IP addresses). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/awsapi/ssm.go new/eksctl-0.225.0/pkg/awsapi/ssm.go --- old/eksctl-0.224.0/pkg/awsapi/ssm.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/awsapi/ssm.go 2026-03-30 09:52:23.000000000 +0200 @@ -671,10 +671,9 @@ // patches, or custom compliance types according to the filter criteria that you // specify. ListComplianceSummaries(ctx context.Context, params *ssm.ListComplianceSummariesInput, optFns ...func(*Options)) (*ssm.ListComplianceSummariesOutput, error) - // Amazon Web Services Systems Manager Change Manager will no longer be open to - // new customers starting November 7, 2025. If you would like to use Change - // Manager, sign up prior to that date. Existing customers can continue to use the - // service as normal. For more information, see [Amazon Web Services Systems Manager Change Manager availability change]. + // Amazon Web Services Systems Manager Change Manager is no longer open to new + // customers. Existing customers can continue to use the service as normal. For + // more information, see [Amazon Web Services Systems Manager Change Manager availability change]. // // Information about approval reviews for a version of a change template in Change // Manager. @@ -882,10 +881,9 @@ StartAssociationsOnce(ctx context.Context, params *ssm.StartAssociationsOnceInput, optFns ...func(*Options)) (*ssm.StartAssociationsOnceOutput, error) // Initiates execution of an Automation runbook. StartAutomationExecution(ctx context.Context, params *ssm.StartAutomationExecutionInput, optFns ...func(*Options)) (*ssm.StartAutomationExecutionOutput, error) - // Amazon Web Services Systems Manager Change Manager will no longer be open to - // new customers starting November 7, 2025. If you would like to use Change - // Manager, sign up prior to that date. Existing customers can continue to use the - // service as normal. For more information, see [Amazon Web Services Systems Manager Change Manager availability change]. + // Amazon Web Services Systems Manager Change Manager is no longer open to new + // customers. Existing customers can continue to use the service as normal. For + // more information, see [Amazon Web Services Systems Manager Change Manager availability change]. // // Creates a change request for Change Manager. The Automation runbooks specified // in the change request run only after all required approvals for the change @@ -959,10 +957,9 @@ // Manager immediately runs the association unless you previously specifed the // apply-only-at-cron-interval parameter. UpdateDocumentDefaultVersion(ctx context.Context, params *ssm.UpdateDocumentDefaultVersionInput, optFns ...func(*Options)) (*ssm.UpdateDocumentDefaultVersionOutput, error) - // Amazon Web Services Systems Manager Change Manager will no longer be open to - // new customers starting November 7, 2025. If you would like to use Change - // Manager, sign up prior to that date. Existing customers can continue to use the - // service as normal. For more information, see [Amazon Web Services Systems Manager Change Manager availability change]. + // Amazon Web Services Systems Manager Change Manager is no longer open to new + // customers. Existing customers can continue to use the service as normal. For + // more information, see [Amazon Web Services Systems Manager Change Manager availability change]. // // Updates information related to approval reviews for a specific version of a // change template in Change Manager. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/cfn/builder/beta.go new/eksctl-0.225.0/pkg/cfn/builder/beta.go --- old/eksctl-0.224.0/pkg/cfn/builder/beta.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/cfn/builder/beta.go 2026-03-30 09:52:23.000000000 +0200 @@ -251,3 +251,17 @@ customResource.Properties["Type"] = gfnt.NewString(accessEntryType) return customResource } + +func createBetaFargateAssumeRolePolicy(sourceArnCondition cft.MapOfInterfaces) interface{} { + statements := []cft.MapOfInterfaces{ + { + "Effect": "Allow", + "Principal": cft.MapOfInterfaces{ + "Service": "eks-fargate-pods.aws.internal", + }, + "Action": "sts:AssumeRole", + "Condition": sourceArnCondition, + }, + } + return cft.MakePolicyDocument(statements...) +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/cfn/builder/fargate.go new/eksctl-0.225.0/pkg/cfn/builder/fargate.go --- old/eksctl-0.224.0/pkg/cfn/builder/fargate.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/cfn/builder/fargate.go 2026-03-30 09:52:23.000000000 +0200 @@ -84,11 +84,19 @@ return fmt.Errorf("restricting access based on SourceArn: %w", err) } - role := &gfniam.Role{ - AssumeRolePolicyDocument: cft.MakeAssumeRolePolicyDocumentForServicesWithConditions( + var assumeRolePolicyDocument interface{} + if cfg.IsCustomEksEndpoint() { + // Use beta assume role policy for beta stacks with Fargate-specific service principals + assumeRolePolicyDocument = createBetaFargateAssumeRolePolicy(sourceArnCondition) + } else { + assumeRolePolicyDocument = cft.MakeAssumeRolePolicyDocumentForServicesWithConditions( sourceArnCondition, MakeServiceRef("EKSFargatePods"), // Ensure that EKS can schedule pods onto Fargate. - ), + ) + } + + role := &gfniam.Role{ + AssumeRolePolicyDocument: assumeRolePolicyDocument, ManagedPolicyArns: gfnt.NewSlice(makePolicyARNs( iamPolicyAmazonEKSFargatePodExecutionRolePolicy, )...), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/cfn/builder/iam.go new/eksctl-0.225.0/pkg/cfn/builder/iam.go --- old/eksctl-0.224.0/pkg/cfn/builder/iam.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/cfn/builder/iam.go 2026-03-30 09:52:23.000000000 +0200 @@ -339,6 +339,7 @@ template: cft.NewTemplate(), attachPolicy: spec.AttachPolicy, attachPolicyARNs: spec.AttachPolicyARNs, + attachPolicyName: "Policy1", serviceAccount: spec.Name, namespace: spec.Namespace, wellKnownPolicies: spec.WellKnownPolicies, @@ -361,10 +362,16 @@ } func NewIAMRoleResourceSetForPodIdentity(spec *api.PodIdentityAssociation) *IAMRoleResourceSet { + attachPolicyName := "Policy1" + if spec.PermissionPolicyName != "" { + attachPolicyName = spec.PermissionPolicyName + } + return &IAMRoleResourceSet{ template: cft.NewTemplate(), attachPolicy: spec.PermissionPolicy, attachPolicyARNs: spec.PermissionPolicyARNs, + attachPolicyName: attachPolicyName, serviceAccount: spec.ServiceAccountName, namespace: spec.Namespace, wellKnownPolicies: spec.WellKnownPolicies, @@ -386,6 +393,7 @@ template: cft.NewTemplate(), attachPolicy: spec.AttachPolicy, attachPolicyARNs: spec.AttachPolicyARNs, + attachPolicyName: "Policy1", description: fmt.Sprintf( "IAM role for capability %s %s", spec.Name, @@ -421,6 +429,7 @@ wellKnownPolicies api.WellKnownPolicies attachPolicyARNs []string attachPolicy api.InlineDocument + attachPolicyName string trustStatements []api.IAMStatement roleNameCollector func(string) error OutputRole string @@ -452,6 +461,7 @@ template: cft.NewTemplate(), attachPolicyARNs: attachPolicyARNs, attachPolicy: attachPolicy, + attachPolicyName: "Policy1", oidc: oidc, serviceAccount: serviceAccount, namespace: namespace, @@ -512,7 +522,7 @@ }) if len(rs.attachPolicy) != 0 { - rs.template.AttachPolicy("Policy1", roleRef, rs.attachPolicy) + rs.template.AttachPolicy(rs.attachPolicyName, roleRef, rs.attachPolicy) } return nil diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/cfn/builder/iam_test.go new/eksctl-0.225.0/pkg/cfn/builder/iam_test.go --- old/eksctl-0.224.0/pkg/cfn/builder/iam_test.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/cfn/builder/iam_test.go 2026-03-30 09:52:23.000000000 +0200 @@ -454,6 +454,38 @@ Expect(t).To(HaveOutputWithValue(outputs.IAMServiceAccountRoleName, `{ "Fn::GetAtt": "Role1.Arn" }`)) }) + + It("can construct an iamrole template for pod identity with a custom inline policy name", func() { + spec := &api.PodIdentityAssociation{ + Namespace: "kube-system", + ServiceAccountName: "aws-node", + PermissionPolicyName: "PodIdentityPolicy", + PermissionPolicy: cft.MakePolicyDocument( + cft.MapOfInterfaces{ + "Effect": "Allow", + "Action": []string{ + "ec2:DescribeNetworkInterfaces", + }, + "Resource": "*", + }, + ), + } + + rs := builder.NewIAMRoleResourceSetForPodIdentity(spec) + + templateBody := []byte{} + + Expect(rs).To(RenderWithoutErrors(&templateBody)) + + t := cft.NewTemplate() + + Expect(t).To(LoadBytesWithoutErrors(templateBody)) + + Expect(t).To(HaveResource(outputs.IAMServiceAccountRoleName, "AWS::IAM::Role")) + Expect(t).To(HaveResource("PodIdentityPolicy", "AWS::IAM::Policy")) + Expect(t).NotTo(HaveResource("Policy1", "AWS::IAM::Policy")) + Expect(t).To(HaveResourceWithPropertyValue("PodIdentityPolicy", "PolicyName", `{ "Fn::Sub": "${AWS::StackName}-PodIdentityPolicy" }`)) + }) }) }) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/cfn/builder/roles/auto-mode-node-role.yaml new/eksctl-0.225.0/pkg/cfn/builder/roles/auto-mode-node-role.yaml --- old/eksctl-0.224.0/pkg/cfn/builder/roles/auto-mode-node-role.yaml 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/cfn/builder/roles/auto-mode-node-role.yaml 2026-03-30 09:52:23.000000000 +0200 @@ -18,6 +18,7 @@ - sts:AssumeRole ManagedPolicyArns: - !Sub "arn:${AWS::Partition}:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly" + - !Sub "arn:${AWS::Partition}:iam::aws:policy/AmazonElasticContainerRegistryPublicReadOnly" - !Sub "arn:${AWS::Partition}:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy" Outputs: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/cfn/manager/mocks/NodeGroupResourceSet.go new/eksctl-0.225.0/pkg/cfn/manager/mocks/NodeGroupResourceSet.go --- old/eksctl-0.224.0/pkg/cfn/manager/mocks/NodeGroupResourceSet.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/cfn/manager/mocks/NodeGroupResourceSet.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/cfn/manager/mocks/NodeGroupStackManager.go new/eksctl-0.225.0/pkg/cfn/manager/mocks/NodeGroupStackManager.go --- old/eksctl-0.224.0/pkg/cfn/manager/mocks/NodeGroupStackManager.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/cfn/manager/mocks/NodeGroupStackManager.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/cfn/template/iam_helpers.go new/eksctl-0.225.0/pkg/cfn/template/iam_helpers.go --- old/eksctl-0.224.0/pkg/cfn/template/iam_helpers.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/cfn/template/iam_helpers.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,6 +1,8 @@ package template import ( + "strings" + gfn "github.com/weaveworks/eksctl/pkg/goformation/cloudformation/types" api "github.com/weaveworks/eksctl/pkg/apis/eksctl.io/v1alpha5" @@ -8,13 +10,26 @@ // AttachPolicy attaches the specified policy document func (t *Template) AttachPolicy(name string, refRole *Value, policyDoc MapOfInterfaces) { - t.NewResource(name, &IAMPolicy{ + t.NewResource(sanitizeResourceName(name), &IAMPolicy{ PolicyName: MakeName(name), Roles: MakeSlice(refRole), PolicyDocument: policyDoc, }) } +func sanitizeResourceName(name string) string { + var b strings.Builder + for _, r := range name { + if (r >= 'a' && r <= 'z') || (r >= 'A' && r <= 'Z') || (r >= '0' && r <= '9') { + b.WriteRune(r) + } + } + if b.Len() == 0 { + return "Policy1" + } + return b.String() +} + // MakePolicyDocument constructs a policy with given statements func MakePolicyDocument(statements ...MapOfInterfaces) MapOfInterfaces { return MapOfInterfaces{ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/ctl/utils/mocks/VPCConfigUpdater.go new/eksctl-0.225.0/pkg/ctl/utils/mocks/VPCConfigUpdater.go --- old/eksctl-0.224.0/pkg/ctl/utils/mocks/VPCConfigUpdater.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/ctl/utils/mocks/VPCConfigUpdater.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/eks/mocks/KubeNodeGroup.go new/eksctl-0.225.0/pkg/eks/mocks/KubeNodeGroup.go --- old/eksctl-0.224.0/pkg/eks/mocks/KubeNodeGroup.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/eks/mocks/KubeNodeGroup.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocks diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/eks/mocksv2/ASG.go new/eksctl-0.225.0/pkg/eks/mocksv2/ASG.go --- old/eksctl-0.224.0/pkg/eks/mocksv2/ASG.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/eks/mocksv2/ASG.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocksv2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/eks/mocksv2/CloudFormation.go new/eksctl-0.225.0/pkg/eks/mocksv2/CloudFormation.go --- old/eksctl-0.224.0/pkg/eks/mocksv2/CloudFormation.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/eks/mocksv2/CloudFormation.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocksv2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/eks/mocksv2/CloudTrail.go new/eksctl-0.225.0/pkg/eks/mocksv2/CloudTrail.go --- old/eksctl-0.224.0/pkg/eks/mocksv2/CloudTrail.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/eks/mocksv2/CloudTrail.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocksv2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/eks/mocksv2/CloudWatchLogs.go new/eksctl-0.225.0/pkg/eks/mocksv2/CloudWatchLogs.go --- old/eksctl-0.224.0/pkg/eks/mocksv2/CloudWatchLogs.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/eks/mocksv2/CloudWatchLogs.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocksv2 @@ -5839,6 +5839,80 @@ _c.Call.Return(run) return _c } + +// PutBearerTokenAuthentication provides a mock function with given fields: ctx, params, optFns +func (_m *CloudWatchLogs) PutBearerTokenAuthentication(ctx context.Context, params *cloudwatchlogs.PutBearerTokenAuthenticationInput, optFns ...func(*cloudwatchlogs.Options)) (*cloudwatchlogs.PutBearerTokenAuthenticationOutput, error) { + _va := make([]interface{}, len(optFns)) + for _i := range optFns { + _va[_i] = optFns[_i] + } + var _ca []interface{} + _ca = append(_ca, ctx, params) + _ca = append(_ca, _va...) + ret := _m.Called(_ca...) + + if len(ret) == 0 { + panic("no return value specified for PutBearerTokenAuthentication") + } + + var r0 *cloudwatchlogs.PutBearerTokenAuthenticationOutput + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, *cloudwatchlogs.PutBearerTokenAuthenticationInput, ...func(*cloudwatchlogs.Options)) (*cloudwatchlogs.PutBearerTokenAuthenticationOutput, error)); ok { + return rf(ctx, params, optFns...) + } + if rf, ok := ret.Get(0).(func(context.Context, *cloudwatchlogs.PutBearerTokenAuthenticationInput, ...func(*cloudwatchlogs.Options)) *cloudwatchlogs.PutBearerTokenAuthenticationOutput); ok { + r0 = rf(ctx, params, optFns...) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*cloudwatchlogs.PutBearerTokenAuthenticationOutput) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, *cloudwatchlogs.PutBearerTokenAuthenticationInput, ...func(*cloudwatchlogs.Options)) error); ok { + r1 = rf(ctx, params, optFns...) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// CloudWatchLogs_PutBearerTokenAuthentication_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'PutBearerTokenAuthentication' +type CloudWatchLogs_PutBearerTokenAuthentication_Call struct { + *mock.Call +} + +// PutBearerTokenAuthentication is a helper method to define mock.On call +// - ctx context.Context +// - params *cloudwatchlogs.PutBearerTokenAuthenticationInput +// - optFns ...func(*cloudwatchlogs.Options) +func (_e *CloudWatchLogs_Expecter) PutBearerTokenAuthentication(ctx interface{}, params interface{}, optFns ...interface{}) *CloudWatchLogs_PutBearerTokenAuthentication_Call { + return &CloudWatchLogs_PutBearerTokenAuthentication_Call{Call: _e.mock.On("PutBearerTokenAuthentication", + append([]interface{}{ctx, params}, optFns...)...)} +} + +func (_c *CloudWatchLogs_PutBearerTokenAuthentication_Call) Run(run func(ctx context.Context, params *cloudwatchlogs.PutBearerTokenAuthenticationInput, optFns ...func(*cloudwatchlogs.Options))) *CloudWatchLogs_PutBearerTokenAuthentication_Call { + _c.Call.Run(func(args mock.Arguments) { + variadicArgs := make([]func(*cloudwatchlogs.Options), len(args)-2) + for i, a := range args[2:] { + if a != nil { + variadicArgs[i] = a.(func(*cloudwatchlogs.Options)) + } + } + run(args[0].(context.Context), args[1].(*cloudwatchlogs.PutBearerTokenAuthenticationInput), variadicArgs...) + }) + return _c +} + +func (_c *CloudWatchLogs_PutBearerTokenAuthentication_Call) Return(_a0 *cloudwatchlogs.PutBearerTokenAuthenticationOutput, _a1 error) *CloudWatchLogs_PutBearerTokenAuthentication_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *CloudWatchLogs_PutBearerTokenAuthentication_Call) RunAndReturn(run func(context.Context, *cloudwatchlogs.PutBearerTokenAuthenticationInput, ...func(*cloudwatchlogs.Options)) (*cloudwatchlogs.PutBearerTokenAuthenticationOutput, error)) *CloudWatchLogs_PutBearerTokenAuthentication_Call { + _c.Call.Return(run) + return _c +} // PutDataProtectionPolicy provides a mock function with given fields: ctx, params, optFns func (_m *CloudWatchLogs) PutDataProtectionPolicy(ctx context.Context, params *cloudwatchlogs.PutDataProtectionPolicyInput, optFns ...func(*cloudwatchlogs.Options)) (*cloudwatchlogs.PutDataProtectionPolicyOutput, error) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/eks/mocksv2/CredentialsProvider.go new/eksctl-0.225.0/pkg/eks/mocksv2/CredentialsProvider.go --- old/eksctl-0.224.0/pkg/eks/mocksv2/CredentialsProvider.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/eks/mocksv2/CredentialsProvider.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocksv2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/eks/mocksv2/EC2.go new/eksctl-0.225.0/pkg/eks/mocksv2/EC2.go --- old/eksctl-0.224.0/pkg/eks/mocksv2/EC2.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/eks/mocksv2/EC2.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocksv2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/eks/mocksv2/EKS.go new/eksctl-0.225.0/pkg/eks/mocksv2/EKS.go --- old/eksctl-0.224.0/pkg/eks/mocksv2/EKS.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/eks/mocksv2/EKS.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocksv2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/eks/mocksv2/ELB.go new/eksctl-0.225.0/pkg/eks/mocksv2/ELB.go --- old/eksctl-0.224.0/pkg/eks/mocksv2/ELB.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/eks/mocksv2/ELB.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocksv2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/eks/mocksv2/ELBV2.go new/eksctl-0.225.0/pkg/eks/mocksv2/ELBV2.go --- old/eksctl-0.224.0/pkg/eks/mocksv2/ELBV2.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/eks/mocksv2/ELBV2.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocksv2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/eks/mocksv2/IAM.go new/eksctl-0.225.0/pkg/eks/mocksv2/IAM.go --- old/eksctl-0.224.0/pkg/eks/mocksv2/IAM.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/eks/mocksv2/IAM.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocksv2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/eks/mocksv2/Outposts.go new/eksctl-0.225.0/pkg/eks/mocksv2/Outposts.go --- old/eksctl-0.224.0/pkg/eks/mocksv2/Outposts.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/eks/mocksv2/Outposts.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocksv2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/eks/mocksv2/SSM.go new/eksctl-0.225.0/pkg/eks/mocksv2/SSM.go --- old/eksctl-0.224.0/pkg/eks/mocksv2/SSM.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/eks/mocksv2/SSM.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocksv2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/eks/mocksv2/STS.go new/eksctl-0.225.0/pkg/eks/mocksv2/STS.go --- old/eksctl-0.224.0/pkg/eks/mocksv2/STS.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/eks/mocksv2/STS.go 2026-03-30 09:52:23.000000000 +0200 @@ -1,4 +1,4 @@ -// Code generated by mockery v2.53.5. DO NOT EDIT. +// Code generated by mockery v2.53.6. DO NOT EDIT. package mocksv2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/goformation/generate/property.go new/eksctl-0.225.0/pkg/goformation/generate/property.go --- old/eksctl-0.224.0/pkg/goformation/generate/property.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/goformation/generate/property.go 2026-03-30 09:52:23.000000000 +0200 @@ -191,7 +191,7 @@ // IsPolymorphic checks whether a property can be multiple different types func (p Property) IsPolymorphic() bool { - return len(p.PrimitiveTypes) > 0 || len(p.PrimitiveItemTypes) > 0 || len(p.PrimitiveItemTypes) > 0 || len(p.ItemTypes) > 0 || len(p.Types) > 0 + return len(p.PrimitiveTypes) > 0 || len(p.PrimitiveItemTypes) > 0 || len(p.ItemTypes) > 0 || len(p.Types) > 0 } // IsPrimitive checks whether a property is a primitive type diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/eksctl-0.224.0/pkg/version/release.go new/eksctl-0.225.0/pkg/version/release.go --- old/eksctl-0.224.0/pkg/version/release.go 2026-03-04 02:11:38.000000000 +0100 +++ new/eksctl-0.225.0/pkg/version/release.go 2026-03-30 09:52:23.000000000 +0200 @@ -3,7 +3,7 @@ // This file was generated by release_generate.go; DO NOT EDIT. // Version is the version number in semver format X.Y.Z -var Version = "0.224.0" +var Version = "0.225.0" // PreReleaseID can be empty for releases, "rc.X" for release candidates and "dev" for snapshots var PreReleaseID = "dev" ++++++ eksctl.obsinfo ++++++ --- /var/tmp/diff_new_pack.YIsk5R/_old 2026-03-30 18:37:30.246622363 +0200 +++ /var/tmp/diff_new_pack.YIsk5R/_new 2026-03-30 18:37:30.258622864 +0200 @@ -1,5 +1,5 @@ name: eksctl -version: 0.224.0 -mtime: 1772586698 -commit: be36fd4e253a61d4c30a6d9f7a4e9148a48e5477 +version: 0.225.0 +mtime: 1774857143 +commit: 02674beb75c9346abcef72f9c1e755115f85db29 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/eksctl/vendor.tar.gz /work/SRC/openSUSE:Factory/.eksctl.new.1999/vendor.tar.gz differ: char 133, line 2
