diff --git a/README.md b/README.md index 47b22eb09..8b0793c3c 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ The Cluster Cloud Controller Manager operator (CCCMO) manages and updates the va Kubernetes is in the process of migrating its cloud controller functionality out of the Kubernetes core and into separate Cloud Controller Managers (see [KEP 2395](https://github.com/kubernetes/enhancements/tree/master/keps/sig-cloud-provider/2395-removing-in-tree-cloud-providers) for more information). As this process is an on-going effort, we will document the status and progress of this operator, as well as the supported platforms, until the operator has gone into general availability (GA) in OpenShift. -### Operator Status +### Operator Status **Stable** diff --git a/openshift-tests/ccm-aws-tests/go.mod b/openshift-tests/ccm-aws-tests/go.mod index c9a49c2f0..5a4b17fa1 100644 --- a/openshift-tests/ccm-aws-tests/go.mod +++ b/openshift-tests/ccm-aws-tests/go.mod @@ -3,9 +3,9 @@ module github.com/openshift/cluster-cloud-controller-manager-operator/openshift- go 1.26.0 require ( - github.com/aws/aws-sdk-go-v2 v1.41.6 + github.com/aws/aws-sdk-go-v2 v1.41.7 github.com/aws/aws-sdk-go-v2/config v1.29.14 - github.com/aws/aws-sdk-go-v2/service/ec2 v1.299.0 + github.com/aws/aws-sdk-go-v2/service/ec2 v1.303.0 github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.45.2 github.com/onsi/ginkgo/v2 v2.28.1 github.com/onsi/gomega v1.39.1 @@ -27,15 +27,15 @@ require ( github.com/antlr4-go/antlr/v4 v4.13.1 // indirect github.com/aws/aws-sdk-go-v2/credentials v1.17.67 // indirect github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.31 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.22 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.22 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.23 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.23 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.8 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.22 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.9 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.23 // indirect github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 // indirect github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.33.19 // indirect - github.com/aws/smithy-go v1.25.0 // indirect + github.com/aws/smithy-go v1.25.1 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cenkalti/backoff/v5 v5.0.3 // indirect diff --git a/openshift-tests/ccm-aws-tests/go.sum b/openshift-tests/ccm-aws-tests/go.sum index d6e3ecfa1..9e573bcbd 100644 --- a/openshift-tests/ccm-aws-tests/go.sum +++ b/openshift-tests/ccm-aws-tests/go.sum @@ -6,36 +6,36 @@ github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYW github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= -github.com/aws/aws-sdk-go-v2 v1.41.6 h1:1AX0AthnBQzMx1vbmir3Y4WsnJgiydmnJjiLu+LvXOg= -github.com/aws/aws-sdk-go-v2 v1.41.6/go.mod h1:dy0UzBIfwSeot4grGvY1AqFWN5zgziMmWGzysDnHFcQ= +github.com/aws/aws-sdk-go-v2 v1.41.7 h1:DWpAJt66FmnnaRIOT/8ASTucrvuDPZASqhhLey6tLY8= +github.com/aws/aws-sdk-go-v2 v1.41.7/go.mod h1:4LAfZOPHNVNQEckOACQx60Y8pSRjIkNZQz1w92xpMJc= github.com/aws/aws-sdk-go-v2/config v1.29.14 h1:f+eEi/2cKCg9pqKBoAIwRGzVb70MRKqWX4dg1BDcSJM= github.com/aws/aws-sdk-go-v2/config v1.29.14/go.mod h1:wVPHWcIFv3WO89w0rE10gzf17ZYy+UVS1Geq8Iei34g= github.com/aws/aws-sdk-go-v2/credentials v1.17.67 h1:9KxtdcIA/5xPNQyZRgUSpYOE6j9Bc4+D7nZua0KGYOM= github.com/aws/aws-sdk-go-v2/credentials v1.17.67/go.mod h1:p3C44m+cfnbv763s52gCqrjaqyPikj9Sg47kUVaNZQQ= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.31 h1:oQWSGexYasNpYp4epLGZxxjsDo8BMBh6iNWkTXQvkwk= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.31/go.mod h1:nc332eGUU+djP3vrMI6blS0woaCfHTe3KiSQUVTMRq0= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.22 h1:GmLa5Kw1ESqtFpXsx5MmC84QWa/ZrLZvlJGa2y+4kcQ= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.22/go.mod h1:6sW9iWm9DK9YRpRGga/qzrzNLgKpT2cIxb7Vo2eNOp0= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.22 h1:dY4kWZiSaXIzxnKlj17nHnBcXXBfac6UlsAx2qL6XrU= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.22/go.mod h1:KIpEUx0JuRZLO7U6cbV204cWAEco2iC3l061IxlwLtI= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.23 h1:GpT/TrnBYuE5gan2cZbTtvP+JlHsutdmlV2YfEyNde0= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.23/go.mod h1:xYWD6BS9ywC5bS3sz9Xh04whO/hzK2plt2Zkyrp4JuA= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.23 h1:bpd8vxhlQi2r1hiueOw02f/duEPTMK59Q4QMAoTTtTo= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.23/go.mod h1:15DfR2nw+CRHIk0tqNyifu3G1YdAOy68RftkhMDDwYk= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 h1:bIqFDwgGXXN1Kpp99pDOdKMTTb5d2KyU5X/BZxjOkRo= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3/go.mod h1:H5O/EsxDWyU+LP/V8i5sm8cxoZgc2fdNR9bxlOFrQTo= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.299.0 h1:qTozRFl2YFFU2HJGl7ZAywlRQvBnAN591gbAFT5bE0s= -github.com/aws/aws-sdk-go-v2/service/ec2 v1.299.0/go.mod h1:E1pnYwWFZ8N3REmeN9Fe/Zipbpps4HJj8DQGNnLUMYc= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.303.0 h1:qkTLlFVQDSk0tbOqn49pxZjIVY2jy3n0FBXh+PphNkk= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.303.0/go.mod h1:Y95W0Hm6FYLPa6o0hbnJ+sWgmdc4ifcLFjGkdobWVhY= github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.45.2 h1:vX70Z4lNSr7XsioU0uJq5yvxgI50sB66MvD+V/3buS4= github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.45.2/go.mod h1:xnCC3vFBfOKpU6PcsCKL2ktgBTZfOwTGxj6V8/X3IS4= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.8 h1:HtOTYcbVcGABLOVuPYaIihj6IlkqubBwFj10K5fxRek= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.8/go.mod h1:VsK9abqQeGlzPgUr+isNWzPlK2vKe9INMLWnY65f5Xs= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.22 h1:PUmZeJU6Y1Lbvt9WFuJ0ugUK2xn6hIWUBBbKuOWF30s= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.22/go.mod h1:nO6egFBoAaoXze24a2C0NjQCvdpk8OueRoYimvEB9jo= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.9 h1:FLudkZLt5ci0ozzgkVo8BJGwvqNaZbTWb3UcucAateA= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.9/go.mod h1:w7wZ/s9qK7c8g4al+UyoF1Sp/Z45UwMGcqIzLWVQHWk= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.23 h1:pbrxO/kuIwgEsOPLkaHu0O+m4fNgLU8B3vxQ+72jTPw= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.23/go.mod h1:/CMNUqoj46HpS3MNRDEDIwcgEnrtZlKRaHNaHxIFpNA= github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 h1:1Gw+9ajCV1jogloEv1RRnvfRFia2cL6c9cuKV2Ps+G8= github.com/aws/aws-sdk-go-v2/service/sso v1.25.3/go.mod h1:qs4a9T5EMLl/Cajiw2TcbNt2UNo/Hqlyp+GiuG4CFDI= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1 h1:hXmVKytPfTy5axZ+fYbR5d0cFmC3JvwLm5kM83luako= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.1/go.mod h1:MlYRNmYu/fGPoxBQVvBYr9nyr948aY/WLUvwBMBJubs= github.com/aws/aws-sdk-go-v2/service/sts v1.33.19 h1:1XuUZ8mYJw9B6lzAkXhqHlJd/XvaX32evhproijJEZY= github.com/aws/aws-sdk-go-v2/service/sts v1.33.19/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4= -github.com/aws/smithy-go v1.25.0 h1:Sz/XJ64rwuiKtB6j98nDIPyYrV1nVNJ4YU74gttcl5U= -github.com/aws/smithy-go v1.25.0/go.mod h1:YE2RhdIuDbA5E5bTdciG9KrW3+TiEONeUWCqxX9i1Fc= +github.com/aws/smithy-go v1.25.1 h1:J8ERsGSU7d+aCmdQur5Txg6bVoYelvQJgtZehD12GkI= +github.com/aws/smithy-go v1.25.1/go.mod h1:YE2RhdIuDbA5E5bTdciG9KrW3+TiEONeUWCqxX9i1Fc= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= @@ -275,8 +275,6 @@ k8s.io/client-go v0.36.0 h1:pOYi7C4RHChYjMiHpZSpSbIM6ZxVbRXBy7CuiIwqA3c= k8s.io/client-go v0.36.0/go.mod h1:ZKKcpwF0aLYfkHFCjillCKaTK/yBkEDHTDXCFY6AS9Y= k8s.io/cloud-provider v0.36.0 h1:PtiHsId1lBJixCbl5T+gUzbgOYAPschYj8tEAxxe0Ts= k8s.io/cloud-provider v0.36.0/go.mod h1:y/3sksoC0taJZR0PcAAYUqVyD6Jzu2X0lD4yCEPXPuI= -k8s.io/cloud-provider-aws/tests/e2e v0.0.0-20260507005622-746099eda51c h1:mXxJGVHCgE0diY1xgPg1mlmGuDhj2o8KzehT+YcOED8= -k8s.io/cloud-provider-aws/tests/e2e v0.0.0-20260507005622-746099eda51c/go.mod h1:BVLb2sMjVqNAN4t7bADRqtpdVA7brv8LcNas/kdKUJo= k8s.io/component-base v0.36.0 h1:hFjEktssxiJhrK1zfybkH4kJOi8iZuF+mIDCqS5+jRo= k8s.io/component-base v0.36.0/go.mod h1:JZvIfcNHk+uck+8LhJzhSBtydWXaZNQwX2OdL+Mnwsk= k8s.io/component-helpers v0.36.0 h1:KznLAOD7oPxjaeheW4SOQijz9UtMO8Nvp89+lR8FYks= diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go index 236f2869f..e589f6156 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go @@ -3,4 +3,4 @@ package aws // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.41.6" +const goModuleVersion = "1.41.7" diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md index 9aa4e19e6..0990a4143 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md @@ -1,3 +1,8 @@ +# v1.4.23 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + # v1.4.22 (2026-04-17) * **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go index cd7837e2f..05a8d3e7b 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go @@ -3,4 +3,4 @@ package configsources // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.4.22" +const goModuleVersion = "1.4.23" diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md index abb379a4d..49577e3e9 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md @@ -1,3 +1,8 @@ +# v2.7.23 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + # v2.7.22 (2026-04-17) * **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go index e295061a3..1e92900a1 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go @@ -3,4 +3,4 @@ package endpoints // goModuleVersion is the tagged release for this module -const goModuleVersion = "2.7.22" +const goModuleVersion = "2.7.23" diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/CHANGELOG.md b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/CHANGELOG.md index 7b33524dd..f64675675 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/CHANGELOG.md +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/CHANGELOG.md @@ -1,3 +1,24 @@ +# v1.303.0 (2026-05-18) + +* **Feature**: Amazon VPC IP Address Manager (IPAM) now supports tags on IPAM pool allocations, enabling all standard tagging features for allocations including tag-on-create. + +# v1.302.0 (2026-05-13) + +* **Feature**: Include length limits in the SDK and documentation for text fields in Image (AMI) APIs such as the image name and description + +# v1.301.0 (2026-05-07) + +* **Feature**: DescribeInstanceTypes now accepts an IncludeUnsupportedInRegion parameter. When set, the response also lists instance types that are not available in the current Region. Each instance type includes a SupportedInRegion field indicating its regional availability. + +# v1.300.0 (2026-05-04) + +* **Feature**: This feature allows customers to change the tunnel bandwidth on existing VPN connections using the ModifyVpnConnectionOptions API + +# v1.299.1 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + # v1.299.0 (2026-04-22) * **Feature**: Managed resource visibility settings control whether resources that AWS services provision on your behalf within your AWS account appear in your Amazon console views and API list operations. diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateIpamPoolCidr.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateIpamPoolCidr.go index 80891e403..7c46090c3 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateIpamPoolCidr.go +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateIpamPoolCidr.go @@ -97,6 +97,15 @@ type AllocateIpamPoolCidrInput struct { // A preview of the next available CIDR in a pool. PreviewNextCidr *bool + // The key/value combination of a tag assigned to the resource. Use the tag key in + // the filter name and the tag value as the filter value. For example, to find all + // resources that have a tag with the key Owner and the value TeamA , specify + // tag:Owner for the filter name and TeamA for the filter value. + // + // If you specify tags, the request is authorized against the allocation resource + // in addition to the pool resource. + TagSpecifications []types.TagSpecification + noSmithyDocumentSerde } diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_DescribeInstanceTypes.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_DescribeInstanceTypes.go index 99a1731a3..2e268fd80 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_DescribeInstanceTypes.go +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_DescribeInstanceTypes.go @@ -12,7 +12,9 @@ import ( ) // Describes the specified instance types. By default, all instance types for the -// current Region are described. Alternatively, you can filter the results. +// current Region are described. Alternatively, you can filter the results. To +// include instance types that are not supported in the current Region, set +// IncludeUnsupportedInRegion to true . func (c *Client) DescribeInstanceTypes(ctx context.Context, params *DescribeInstanceTypesInput, optFns ...func(*Options)) (*DescribeInstanceTypesOutput, error) { if params == nil { params = &DescribeInstanceTypesInput{} @@ -199,6 +201,10 @@ type DescribeInstanceTypesInput struct { // be configured for the instance type. For example, "1" or "1,2". Filters []types.Filter + // If true , the response includes instance types that are not supported in the + // current Region, in addition to the supported types. Default: false . + IncludeUnsupportedInRegion *bool + // The instance types. InstanceTypes []types.InstanceType diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_DescribeIpamPoolAllocations.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_DescribeIpamPoolAllocations.go new file mode 100644 index 000000000..e54c172d6 --- /dev/null +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_DescribeIpamPoolAllocations.go @@ -0,0 +1,285 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package ec2 + +import ( + "context" + "fmt" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + "github.com/aws/aws-sdk-go-v2/service/ec2/types" + "github.com/aws/smithy-go/middleware" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Describes IPAM pool allocations. You can describe all allocations owned by you +// across all pools, or you can describe specific allocations by ID. +// +// If you specify IpamPoolAllocationIds , the results include only the specified +// allocations. If you do not specify IpamPoolAllocationIds , the results include +// all allocations owned by you. You can use Filters to narrow the results. +// +// This action returns only allocations directly owned by you. To view all +// allocations in a pool you own or that has been shared with you, including +// allocations owned by other accounts, use [GetIpamPoolAllocations]. +// +// [GetIpamPoolAllocations]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetIpamPoolAllocations.html +func (c *Client) DescribeIpamPoolAllocations(ctx context.Context, params *DescribeIpamPoolAllocationsInput, optFns ...func(*Options)) (*DescribeIpamPoolAllocationsOutput, error) { + if params == nil { + params = &DescribeIpamPoolAllocationsInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "DescribeIpamPoolAllocations", params, optFns, c.addOperationDescribeIpamPoolAllocationsMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*DescribeIpamPoolAllocationsOutput) + out.ResultMetadata = metadata + return out, nil +} + +type DescribeIpamPoolAllocationsInput struct { + + // A check for whether you have the required permissions for the action without + // actually making the request and provides an error response. If you have the + // required permissions, the error response is DryRunOperation . Otherwise, it is + // UnauthorizedOperation . + DryRun *bool + + // One or more filters for the request. For more information about filtering, see [Filtering CLI output]. + // + // [Filtering CLI output]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html + Filters []types.Filter + + // The IDs of the IPAM pool allocations you want to describe. + IpamPoolAllocationIds []string + + // The maximum number of items to return for this request. To get the next page of + // items, make another request with the token returned in the output. For more + // information, see [Pagination]. + // + // [Pagination]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination + MaxResults *int32 + + // The token for the next page of results. + NextToken *string + + noSmithyDocumentSerde +} + +type DescribeIpamPoolAllocationsOutput struct { + + // Information about the IPAM pool allocations. + IpamPoolAllocations []types.IpamPoolAllocation + + // The token to use to retrieve the next page of results. This value is null when + // there are no more results to return. + NextToken *string + + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationDescribeIpamPoolAllocationsMiddlewares(stack *middleware.Stack, options Options) (err error) { + if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { + return err + } + err = stack.Serialize.Add(&awsEc2query_serializeOpDescribeIpamPoolAllocations{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsEc2query_deserializeOpDescribeIpamPoolAllocations{}, middleware.After) + if err != nil { + return err + } + if err := addProtocolFinalizerMiddlewares(stack, options, "DescribeIpamPoolAllocations"); err != nil { + return fmt.Errorf("add protocol finalizers: %v", err) + } + + if err = addlegacyEndpointContextSetter(stack, options); err != nil { + return err + } + if err = addSetLoggerMiddleware(stack, options); err != nil { + return err + } + if err = addClientRequestID(stack); err != nil { + return err + } + if err = addComputeContentLength(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = addComputePayloadSHA256(stack); err != nil { + return err + } + if err = addRetry(stack, options, c); err != nil { + return err + } + if err = addRawResponseToMetadata(stack); err != nil { + return err + } + if err = addRecordResponseTiming(stack); err != nil { + return err + } + if err = addSpanRetryLoop(stack, options); err != nil { + return err + } + if err = addClientUserAgent(stack, options); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { + return err + } + if err = addUserAgentRetryMode(stack, options); err != nil { + return err + } + if err = addCredentialSource(stack, options); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware_opDescribeIpamPoolAllocations(options.Region), middleware.Before); err != nil { + return err + } + if err = addRecursionDetection(stack); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + if err = addDisableHTTPSMiddleware(stack, options); err != nil { + return err + } + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { + return err + } + if err = addInterceptAttempt(stack, options); err != nil { + return err + } + if err = addInterceptors(stack, options); err != nil { + return err + } + return nil +} + +// DescribeIpamPoolAllocationsPaginatorOptions is the paginator options for +// DescribeIpamPoolAllocations +type DescribeIpamPoolAllocationsPaginatorOptions struct { + // The maximum number of items to return for this request. To get the next page of + // items, make another request with the token returned in the output. For more + // information, see [Pagination]. + // + // [Pagination]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination + Limit int32 + + // Set to true if pagination should stop if the service returns a pagination token + // that matches the most recent token provided to the service. + StopOnDuplicateToken bool +} + +// DescribeIpamPoolAllocationsPaginator is a paginator for +// DescribeIpamPoolAllocations +type DescribeIpamPoolAllocationsPaginator struct { + options DescribeIpamPoolAllocationsPaginatorOptions + client DescribeIpamPoolAllocationsAPIClient + params *DescribeIpamPoolAllocationsInput + nextToken *string + firstPage bool +} + +// NewDescribeIpamPoolAllocationsPaginator returns a new +// DescribeIpamPoolAllocationsPaginator +func NewDescribeIpamPoolAllocationsPaginator(client DescribeIpamPoolAllocationsAPIClient, params *DescribeIpamPoolAllocationsInput, optFns ...func(*DescribeIpamPoolAllocationsPaginatorOptions)) *DescribeIpamPoolAllocationsPaginator { + if params == nil { + params = &DescribeIpamPoolAllocationsInput{} + } + + options := DescribeIpamPoolAllocationsPaginatorOptions{} + if params.MaxResults != nil { + options.Limit = *params.MaxResults + } + + for _, fn := range optFns { + fn(&options) + } + + return &DescribeIpamPoolAllocationsPaginator{ + options: options, + client: client, + params: params, + firstPage: true, + nextToken: params.NextToken, + } +} + +// HasMorePages returns a boolean indicating whether more pages are available +func (p *DescribeIpamPoolAllocationsPaginator) HasMorePages() bool { + return p.firstPage || (p.nextToken != nil && len(*p.nextToken) != 0) +} + +// NextPage retrieves the next DescribeIpamPoolAllocations page. +func (p *DescribeIpamPoolAllocationsPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*DescribeIpamPoolAllocationsOutput, error) { + if !p.HasMorePages() { + return nil, fmt.Errorf("no more pages available") + } + + params := *p.params + params.NextToken = p.nextToken + + var limit *int32 + if p.options.Limit > 0 { + limit = &p.options.Limit + } + params.MaxResults = limit + + optFns = append([]func(*Options){ + addIsPaginatorUserAgent, + }, optFns...) + result, err := p.client.DescribeIpamPoolAllocations(ctx, ¶ms, optFns...) + if err != nil { + return nil, err + } + p.firstPage = false + + prevToken := p.nextToken + p.nextToken = result.NextToken + + if p.options.StopOnDuplicateToken && + prevToken != nil && + p.nextToken != nil && + *prevToken == *p.nextToken { + p.nextToken = nil + } + + return result, nil +} + +// DescribeIpamPoolAllocationsAPIClient is a client that implements the +// DescribeIpamPoolAllocations operation. +type DescribeIpamPoolAllocationsAPIClient interface { + DescribeIpamPoolAllocations(context.Context, *DescribeIpamPoolAllocationsInput, ...func(*Options)) (*DescribeIpamPoolAllocationsOutput, error) +} + +var _ DescribeIpamPoolAllocationsAPIClient = (*Client)(nil) + +func newServiceMetadataMiddleware_opDescribeIpamPoolAllocations(region string) *awsmiddleware.RegisterServiceMetadata { + return &awsmiddleware.RegisterServiceMetadata{ + Region: region, + ServiceID: ServiceID, + OperationName: "DescribeIpamPoolAllocations", + } +} diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_DescribeIpamPools.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_DescribeIpamPools.go index 35bc0d73b..601335a6b 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_DescribeIpamPools.go +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_DescribeIpamPools.go @@ -43,7 +43,11 @@ type DescribeIpamPoolsInput struct { // The IDs of the IPAM pools you would like information on. IpamPoolIds []string - // The maximum number of results to return in the request. + // The maximum number of items to return for this request. To get the next page of + // items, make another request with the token returned in the output. For more + // information, see [Pagination]. + // + // [Pagination]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination MaxResults *int32 // The token for the next page of results. @@ -163,7 +167,11 @@ func (c *Client) addOperationDescribeIpamPoolsMiddlewares(stack *middleware.Stac // DescribeIpamPoolsPaginatorOptions is the paginator options for DescribeIpamPools type DescribeIpamPoolsPaginatorOptions struct { - // The maximum number of results to return in the request. + // The maximum number of items to return for this request. To get the next page of + // items, make another request with the token returned in the output. For more + // information, see [Pagination]. + // + // [Pagination]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination Limit int32 // Set to true if pagination should stop if the service returns a pagination token diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_DescribeIpamScopes.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_DescribeIpamScopes.go index 48689eb01..0456be187 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_DescribeIpamScopes.go +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_DescribeIpamScopes.go @@ -43,7 +43,11 @@ type DescribeIpamScopesInput struct { // The IDs of the scopes you want information on. IpamScopeIds []string - // The maximum number of results to return in the request. + // The maximum number of items to return for this request. To get the next page of + // items, make another request with the token returned in the output. For more + // information, see [Pagination]. + // + // [Pagination]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination MaxResults *int32 // The token for the next page of results. @@ -164,7 +168,11 @@ func (c *Client) addOperationDescribeIpamScopesMiddlewares(stack *middleware.Sta // DescribeIpamScopesPaginatorOptions is the paginator options for // DescribeIpamScopes type DescribeIpamScopesPaginatorOptions struct { - // The maximum number of results to return in the request. + // The maximum number of items to return for this request. To get the next page of + // items, make another request with the token returned in the output. For more + // information, see [Pagination]. + // + // [Pagination]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination Limit int32 // Set to true if pagination should stop if the service returns a pagination token diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_DescribeIpams.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_DescribeIpams.go index 00ae0a400..1fd390830 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_DescribeIpams.go +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_DescribeIpams.go @@ -47,7 +47,11 @@ type DescribeIpamsInput struct { // The IDs of the IPAMs you want information on. IpamIds []string - // The maximum number of results to return in the request. + // The maximum number of items to return for this request. To get the next page of + // items, make another request with the token returned in the output. For more + // information, see [Pagination]. + // + // [Pagination]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination MaxResults *int32 // The token for the next page of results. @@ -167,7 +171,11 @@ func (c *Client) addOperationDescribeIpamsMiddlewares(stack *middleware.Stack, o // DescribeIpamsPaginatorOptions is the paginator options for DescribeIpams type DescribeIpamsPaginatorOptions struct { - // The maximum number of results to return in the request. + // The maximum number of items to return for this request. To get the next page of + // items, make another request with the token returned in the output. For more + // information, see [Pagination]. + // + // [Pagination]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination Limit int32 // Set to true if pagination should stop if the service returns a pagination token diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_GetIpamPoolCidrs.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_GetIpamPoolCidrs.go index ceeb7f01e..ab7af64e5 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_GetIpamPoolCidrs.go +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_GetIpamPoolCidrs.go @@ -45,7 +45,11 @@ type GetIpamPoolCidrsInput struct { // [Filtering CLI output]: https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-filter.html Filters []types.Filter - // The maximum number of results to return in the request. + // The maximum number of items to return for this request. To get the next page of + // items, make another request with the token returned in the output. For more + // information, see [Pagination]. + // + // [Pagination]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination MaxResults *int32 // The token for the next page of results. @@ -168,7 +172,11 @@ func (c *Client) addOperationGetIpamPoolCidrsMiddlewares(stack *middleware.Stack // GetIpamPoolCidrsPaginatorOptions is the paginator options for GetIpamPoolCidrs type GetIpamPoolCidrsPaginatorOptions struct { - // The maximum number of results to return in the request. + // The maximum number of items to return for this request. To get the next page of + // items, make another request with the token returned in the output. For more + // information, see [Pagination]. + // + // [Pagination]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination Limit int32 // Set to true if pagination should stop if the service returns a pagination token diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_GetIpamResourceCidrs.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_GetIpamResourceCidrs.go index 0dc28bdef..abb440b89 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_GetIpamResourceCidrs.go +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_GetIpamResourceCidrs.go @@ -52,7 +52,11 @@ type GetIpamResourceCidrsInput struct { // The ID of the IPAM pool that the resource is in. IpamPoolId *string - // The maximum number of results to return in the request. + // The maximum number of items to return for this request. To get the next page of + // items, make another request with the token returned in the output. For more + // information, see [Pagination]. + // + // [Pagination]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination MaxResults *int32 // The token for the next page of results. @@ -188,7 +192,11 @@ func (c *Client) addOperationGetIpamResourceCidrsMiddlewares(stack *middleware.S // GetIpamResourceCidrsPaginatorOptions is the paginator options for // GetIpamResourceCidrs type GetIpamResourceCidrsPaginatorOptions struct { - // The maximum number of results to return in the request. + // The maximum number of items to return for this request. To get the next page of + // items, make another request with the token returned in the output. For more + // information, see [Pagination]. + // + // [Pagination]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination Limit int32 // Set to true if pagination should stop if the service returns a pagination token diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_ModifyIpamPoolAllocation.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_ModifyIpamPoolAllocation.go new file mode 100644 index 000000000..147e94d0b --- /dev/null +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_ModifyIpamPoolAllocation.go @@ -0,0 +1,167 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package ec2 + +import ( + "context" + "fmt" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + "github.com/aws/aws-sdk-go-v2/service/ec2/types" + "github.com/aws/smithy-go/middleware" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Modifies the description of an IPAM pool allocation. For more information, see [Modify an IPAM pool allocation] +// in the Amazon VPC IPAM User Guide. +// +// [Modify an IPAM pool allocation]: https://docs.aws.amazon.com/vpc/latest/ipam/modify-alloc-ipam.html +func (c *Client) ModifyIpamPoolAllocation(ctx context.Context, params *ModifyIpamPoolAllocationInput, optFns ...func(*Options)) (*ModifyIpamPoolAllocationOutput, error) { + if params == nil { + params = &ModifyIpamPoolAllocationInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "ModifyIpamPoolAllocation", params, optFns, c.addOperationModifyIpamPoolAllocationMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*ModifyIpamPoolAllocationOutput) + out.ResultMetadata = metadata + return out, nil +} + +type ModifyIpamPoolAllocationInput struct { + + // The ID of the IPAM pool allocation you want to modify. + // + // This member is required. + IpamPoolAllocationId *string + + // The new description for the IPAM pool allocation. If you submit a null value, + // the description is removed from the allocation. + Description *string + + // A check for whether you have the required permissions for the action without + // actually making the request and provides an error response. If you have the + // required permissions, the error response is DryRunOperation . Otherwise, it is + // UnauthorizedOperation . + DryRun *bool + + noSmithyDocumentSerde +} + +type ModifyIpamPoolAllocationOutput struct { + + // The modified IPAM pool allocation. + IpamPoolAllocation *types.IpamPoolAllocation + + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata + + noSmithyDocumentSerde +} + +func (c *Client) addOperationModifyIpamPoolAllocationMiddlewares(stack *middleware.Stack, options Options) (err error) { + if err := stack.Serialize.Add(&setOperationInputMiddleware{}, middleware.After); err != nil { + return err + } + err = stack.Serialize.Add(&awsEc2query_serializeOpModifyIpamPoolAllocation{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsEc2query_deserializeOpModifyIpamPoolAllocation{}, middleware.After) + if err != nil { + return err + } + if err := addProtocolFinalizerMiddlewares(stack, options, "ModifyIpamPoolAllocation"); err != nil { + return fmt.Errorf("add protocol finalizers: %v", err) + } + + if err = addlegacyEndpointContextSetter(stack, options); err != nil { + return err + } + if err = addSetLoggerMiddleware(stack, options); err != nil { + return err + } + if err = addClientRequestID(stack); err != nil { + return err + } + if err = addComputeContentLength(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = addComputePayloadSHA256(stack); err != nil { + return err + } + if err = addRetry(stack, options, c); err != nil { + return err + } + if err = addRawResponseToMetadata(stack); err != nil { + return err + } + if err = addRecordResponseTiming(stack); err != nil { + return err + } + if err = addSpanRetryLoop(stack, options); err != nil { + return err + } + if err = addClientUserAgent(stack, options); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addSetLegacyContextSigningOptionsMiddleware(stack); err != nil { + return err + } + if err = addUserAgentRetryMode(stack, options); err != nil { + return err + } + if err = addCredentialSource(stack, options); err != nil { + return err + } + if err = addOpModifyIpamPoolAllocationValidationMiddleware(stack); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware_opModifyIpamPoolAllocation(options.Region), middleware.Before); err != nil { + return err + } + if err = addRecursionDetection(stack); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + if err = addDisableHTTPSMiddleware(stack, options); err != nil { + return err + } + if err = addInterceptBeforeRetryLoop(stack, options); err != nil { + return err + } + if err = addInterceptAttempt(stack, options); err != nil { + return err + } + if err = addInterceptors(stack, options); err != nil { + return err + } + return nil +} + +func newServiceMetadataMiddleware_opModifyIpamPoolAllocation(region string) *awsmiddleware.RegisterServiceMetadata { + return &awsmiddleware.RegisterServiceMetadata{ + Region: region, + ServiceID: ServiceID, + OperationName: "ModifyIpamPoolAllocation", + } +} diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_ModifyManagedResourceVisibility.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_ModifyManagedResourceVisibility.go index c08a491a9..954f55745 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_ModifyManagedResourceVisibility.go +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_ModifyManagedResourceVisibility.go @@ -34,6 +34,8 @@ type ModifyManagedResourceVisibilityInput struct { // The default visibility setting for managed resources. Valid values: hidden | // visible . + // + // This member is required. DefaultVisibility types.ManagedResourceDefaultVisibility // Checks whether you have the required permissions for the operation, without @@ -120,6 +122,9 @@ func (c *Client) addOperationModifyManagedResourceVisibilityMiddlewares(stack *m if err = addCredentialSource(stack, options); err != nil { return err } + if err = addOpModifyManagedResourceVisibilityValidationMiddleware(stack); err != nil { + return err + } if err = stack.Initialize.Add(newServiceMetadataMiddleware_opModifyManagedResourceVisibility(options.Region), middleware.Before); err != nil { return err } diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_ModifyVpnConnectionOptions.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_ModifyVpnConnectionOptions.go index 9cc54b130..75e760bbe 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_ModifyVpnConnectionOptions.go +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_ModifyVpnConnectionOptions.go @@ -65,6 +65,12 @@ type ModifyVpnConnectionOptionsInput struct { // Default: ::/0 RemoteIpv6NetworkCidr *string + // The desired bandwidth specification for the VPN connection. standard supports + // up to 1.25 Gbps per tunnel, while large supports up to 5 Gbps per tunnel. Large + // bandwidth is only available for VPN connections attached to a transit gateway or + // to Cloud WAN. The default value is standard . + TunnelBandwidth types.VpnTunnelBandwidth + noSmithyDocumentSerde } diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/deserializers.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/deserializers.go index 620e15dec..dec9afca8 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/deserializers.go +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/deserializers.go @@ -31750,6 +31750,101 @@ func awsEc2query_deserializeOpErrorDescribeIpamPolicies(response *smithyhttp.Res } } +type awsEc2query_deserializeOpDescribeIpamPoolAllocations struct { +} + +func (*awsEc2query_deserializeOpDescribeIpamPoolAllocations) ID() string { + return "OperationDeserializer" +} + +func (m *awsEc2query_deserializeOpDescribeIpamPoolAllocations) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + _, span := tracing.StartSpan(ctx, "OperationDeserializer") + endTimer := startMetricTimer(ctx, "client.call.deserialization_duration") + defer endTimer() + defer span.End() + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsEc2query_deserializeOpErrorDescribeIpamPoolAllocations(response, &metadata) + } + output := &DescribeIpamPoolAllocationsOutput{} + out.Result = output + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + body := io.TeeReader(response.Body, ringBuffer) + rootDecoder := xml.NewDecoder(body) + t, err := smithyxml.FetchRootElement(rootDecoder) + if err == io.EOF { + return out, metadata, nil + } + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return out, metadata, &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) + err = awsEc2query_deserializeOpDocumentDescribeIpamPoolAllocationsOutput(&output, decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return out, metadata, err + } + + return out, metadata, err +} + +func awsEc2query_deserializeOpErrorDescribeIpamPoolAllocations(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + errorComponents, err := ec2query.GetErrorResponseComponents(errorBody) + if err != nil { + return err + } + awsmiddleware.SetRequestIDMetadata(metadata, errorComponents.RequestID) + if len(errorComponents.Code) != 0 { + errorCode = errorComponents.Code + } + if len(errorComponents.Message) != 0 { + errorMessage = errorComponents.Message + } + errorBody.Seek(0, io.SeekStart) + switch { + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + type awsEc2query_deserializeOpDescribeIpamPools struct { } @@ -59309,6 +59404,101 @@ func awsEc2query_deserializeOpErrorModifyIpamPool(response *smithyhttp.Response, } } +type awsEc2query_deserializeOpModifyIpamPoolAllocation struct { +} + +func (*awsEc2query_deserializeOpModifyIpamPoolAllocation) ID() string { + return "OperationDeserializer" +} + +func (m *awsEc2query_deserializeOpModifyIpamPoolAllocation) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + _, span := tracing.StartSpan(ctx, "OperationDeserializer") + endTimer := startMetricTimer(ctx, "client.call.deserialization_duration") + defer endTimer() + defer span.End() + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsEc2query_deserializeOpErrorModifyIpamPoolAllocation(response, &metadata) + } + output := &ModifyIpamPoolAllocationOutput{} + out.Result = output + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + body := io.TeeReader(response.Body, ringBuffer) + rootDecoder := xml.NewDecoder(body) + t, err := smithyxml.FetchRootElement(rootDecoder) + if err == io.EOF { + return out, metadata, nil + } + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return out, metadata, &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) + err = awsEc2query_deserializeOpDocumentModifyIpamPoolAllocationOutput(&output, decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return out, metadata, err + } + + return out, metadata, err +} + +func awsEc2query_deserializeOpErrorModifyIpamPoolAllocation(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + errorComponents, err := ec2query.GetErrorResponseComponents(errorBody) + if err != nil { + return err + } + awsmiddleware.SetRequestIDMetadata(metadata, errorComponents.RequestID) + if len(errorComponents.Code) != 0 { + errorCode = errorComponents.Code + } + if len(errorComponents.Message) != 0 { + errorMessage = errorComponents.Message + } + errorBody.Seek(0, io.SeekStart) + switch { + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + type awsEc2query_deserializeOpModifyIpamPrefixListResolver struct { } @@ -112461,6 +112651,22 @@ func awsEc2query_deserializeDocumentInstanceTypeInfo(v **types.InstanceTypeInfo, return err } + case strings.EqualFold("supportedInRegion", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv, err := strconv.ParseBool(string(val)) + if err != nil { + return fmt.Errorf("expected SupportedInRegion to be of type *bool, got %T instead", val) + } + sv.SupportedInRegion = ptr.Bool(xtv) + } + case strings.EqualFold("supportedRootDeviceTypes", t.Name.Local): nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t) if err := awsEc2query_deserializeDocumentRootDeviceTypeList(&sv.SupportedRootDeviceTypes, nodeDecoder); err != nil { @@ -116483,6 +116689,12 @@ func awsEc2query_deserializeDocumentIpamPoolAllocation(v **types.IpamPoolAllocat sv.ResourceType = types.IpamPoolAllocationResourceType(xtv) } + case strings.EqualFold("tagSet", t.Name.Local): + nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t) + if err := awsEc2query_deserializeDocumentTagList(&sv.Tags, nodeDecoder); err != nil { + return err + } + default: // Do nothing and ignore the unexpected tag element err = decoder.Decoder.Skip() @@ -194558,6 +194770,61 @@ func awsEc2query_deserializeOpDocumentDescribeIpamPoliciesOutput(v **DescribeIpa return nil } +func awsEc2query_deserializeOpDocumentDescribeIpamPoolAllocationsOutput(v **DescribeIpamPoolAllocationsOutput, decoder smithyxml.NodeDecoder) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + var sv *DescribeIpamPoolAllocationsOutput + if *v == nil { + sv = &DescribeIpamPoolAllocationsOutput{} + } else { + sv = *v + } + + for { + t, done, err := decoder.Token() + if err != nil { + return err + } + if done { + break + } + originalDecoder := decoder + decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) + switch { + case strings.EqualFold("ipamPoolAllocationSet", t.Name.Local): + nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t) + if err := awsEc2query_deserializeDocumentIpamPoolAllocationSet(&sv.IpamPoolAllocations, nodeDecoder); err != nil { + return err + } + + case strings.EqualFold("nextToken", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.NextToken = ptr.String(xtv) + } + + default: + // Do nothing and ignore the unexpected tag element + err = decoder.Decoder.Skip() + if err != nil { + return err + } + + } + decoder = originalDecoder + } + *v = sv + return nil +} + func awsEc2query_deserializeOpDocumentDescribeIpamPoolsOutput(v **DescribeIpamPoolsOutput, decoder smithyxml.NodeDecoder) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -210830,6 +211097,48 @@ func awsEc2query_deserializeOpDocumentModifyIpamPolicyAllocationRulesOutput(v ** return nil } +func awsEc2query_deserializeOpDocumentModifyIpamPoolAllocationOutput(v **ModifyIpamPoolAllocationOutput, decoder smithyxml.NodeDecoder) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + var sv *ModifyIpamPoolAllocationOutput + if *v == nil { + sv = &ModifyIpamPoolAllocationOutput{} + } else { + sv = *v + } + + for { + t, done, err := decoder.Token() + if err != nil { + return err + } + if done { + break + } + originalDecoder := decoder + decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) + switch { + case strings.EqualFold("ipamPoolAllocation", t.Name.Local): + nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t) + if err := awsEc2query_deserializeDocumentIpamPoolAllocation(&sv.IpamPoolAllocation, nodeDecoder); err != nil { + return err + } + + default: + // Do nothing and ignore the unexpected tag element + err = decoder.Decoder.Skip() + if err != nil { + return err + } + + } + decoder = originalDecoder + } + *v = sv + return nil +} + func awsEc2query_deserializeOpDocumentModifyIpamPoolOutput(v **ModifyIpamPoolOutput, decoder smithyxml.NodeDecoder) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/generated.json b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/generated.json index 6215b08ca..0ad92b5bd 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/generated.json +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/generated.json @@ -351,6 +351,7 @@ "api_op_DescribeIpamByoasn.go", "api_op_DescribeIpamExternalResourceVerificationTokens.go", "api_op_DescribeIpamPolicies.go", + "api_op_DescribeIpamPoolAllocations.go", "api_op_DescribeIpamPools.go", "api_op_DescribeIpamPrefixListResolverTargets.go", "api_op_DescribeIpamPrefixListResolvers.go", @@ -644,6 +645,7 @@ "api_op_ModifyIpam.go", "api_op_ModifyIpamPolicyAllocationRules.go", "api_op_ModifyIpamPool.go", + "api_op_ModifyIpamPoolAllocation.go", "api_op_ModifyIpamPrefixListResolver.go", "api_op_ModifyIpamPrefixListResolverTarget.go", "api_op_ModifyIpamResourceCidr.go", diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/go_module_metadata.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/go_module_metadata.go index afe71c6ac..2ba2ae796 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/go_module_metadata.go +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/go_module_metadata.go @@ -3,4 +3,4 @@ package ec2 // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.299.0" +const goModuleVersion = "1.303.0" diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/serializers.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/serializers.go index 5afc3a90c..9fbe4c98c 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/serializers.go +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/serializers.go @@ -23818,6 +23818,76 @@ func (m *awsEc2query_serializeOpDescribeIpamPolicies) HandleSerialize(ctx contex return next.HandleSerialize(ctx, in) } +type awsEc2query_serializeOpDescribeIpamPoolAllocations struct { +} + +func (*awsEc2query_serializeOpDescribeIpamPoolAllocations) ID() string { + return "OperationSerializer" +} + +func (m *awsEc2query_serializeOpDescribeIpamPoolAllocations) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + _, span := tracing.StartSpan(ctx, "OperationSerializer") + endTimer := startMetricTimer(ctx, "client.call.serialization_duration") + defer endTimer() + defer span.End() + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*DescribeIpamPoolAllocationsInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + operationPath := "/" + if len(request.Request.URL.Path) == 0 { + request.Request.URL.Path = operationPath + } else { + request.Request.URL.Path = path.Join(request.Request.URL.Path, operationPath) + if request.Request.URL.Path != "/" && operationPath[len(operationPath)-1] == '/' { + request.Request.URL.Path += "/" + } + } + request.Request.Method = "POST" + httpBindingEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + httpBindingEncoder.SetHeader("Content-Type").String("application/x-www-form-urlencoded") + + bodyWriter := bytes.NewBuffer(nil) + bodyEncoder := query.NewEncoder(bodyWriter) + body := bodyEncoder.Object() + body.Key("Action").String("DescribeIpamPoolAllocations") + body.Key("Version").String("2016-11-15") + + if err := awsEc2query_serializeOpDocumentDescribeIpamPoolAllocationsInput(input, bodyEncoder.Value); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + err = bodyEncoder.Encode() + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request, err = request.SetStream(bytes.NewReader(bodyWriter.Bytes())); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = httpBindingEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + endTimer() + span.End() + return next.HandleSerialize(ctx, in) +} + type awsEc2query_serializeOpDescribeIpamPools struct { } @@ -44328,6 +44398,76 @@ func (m *awsEc2query_serializeOpModifyIpamPool) HandleSerialize(ctx context.Cont return next.HandleSerialize(ctx, in) } +type awsEc2query_serializeOpModifyIpamPoolAllocation struct { +} + +func (*awsEc2query_serializeOpModifyIpamPoolAllocation) ID() string { + return "OperationSerializer" +} + +func (m *awsEc2query_serializeOpModifyIpamPoolAllocation) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + _, span := tracing.StartSpan(ctx, "OperationSerializer") + endTimer := startMetricTimer(ctx, "client.call.serialization_duration") + defer endTimer() + defer span.End() + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*ModifyIpamPoolAllocationInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + operationPath := "/" + if len(request.Request.URL.Path) == 0 { + request.Request.URL.Path = operationPath + } else { + request.Request.URL.Path = path.Join(request.Request.URL.Path, operationPath) + if request.Request.URL.Path != "/" && operationPath[len(operationPath)-1] == '/' { + request.Request.URL.Path += "/" + } + } + request.Request.Method = "POST" + httpBindingEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + httpBindingEncoder.SetHeader("Content-Type").String("application/x-www-form-urlencoded") + + bodyWriter := bytes.NewBuffer(nil) + bodyEncoder := query.NewEncoder(bodyWriter) + body := bodyEncoder.Object() + body.Key("Action").String("ModifyIpamPoolAllocation") + body.Key("Version").String("2016-11-15") + + if err := awsEc2query_serializeOpDocumentModifyIpamPoolAllocationInput(input, bodyEncoder.Value); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + err = bodyEncoder.Encode() + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request, err = request.SetStream(bytes.NewReader(bodyWriter.Bytes())); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = httpBindingEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + endTimer() + span.End() + return next.HandleSerialize(ctx, in) +} + type awsEc2query_serializeOpModifyIpamPrefixListResolver struct { } @@ -56510,7 +56650,7 @@ func awsEc2query_serializeDocumentImageCriterionRequest(v *types.ImageCriterionR if v.ImageNames != nil { objectKey := object.FlatKey("ImageName") - if err := awsEc2query_serializeDocumentImageNameRequestList(v.ImageNames, objectKey); err != nil { + if err := awsEc2query_serializeDocumentImageNameCriteriaRequestList(v.ImageNames, objectKey); err != nil { return err } } @@ -56627,7 +56767,7 @@ func awsEc2query_serializeDocumentImageIdStringList(v []string, value query.Valu return nil } -func awsEc2query_serializeDocumentImageNameRequestList(v []string, value query.Value) error { +func awsEc2query_serializeDocumentImageNameCriteriaRequestList(v []string, value query.Value) error { if len(v) == 0 { return nil } @@ -65707,6 +65847,13 @@ func awsEc2query_serializeOpDocumentAllocateIpamPoolCidrInput(v *AllocateIpamPoo objectKey.Boolean(*v.PreviewNextCidr) } + if v.TagSpecifications != nil { + objectKey := object.FlatKey("TagSpecification") + if err := awsEc2query_serializeDocumentTagSpecificationList(v.TagSpecifications, objectKey); err != nil { + return err + } + } + return nil } @@ -76237,6 +76384,11 @@ func awsEc2query_serializeOpDocumentDescribeInstanceTypesInput(v *DescribeInstan } } + if v.IncludeUnsupportedInRegion != nil { + objectKey := object.Key("IncludeUnsupportedInRegion") + objectKey.Boolean(*v.IncludeUnsupportedInRegion) + } + if v.InstanceTypes != nil { objectKey := object.FlatKey("InstanceType") if err := awsEc2query_serializeDocumentRequestInstanceTypeList(v.InstanceTypes, objectKey); err != nil { @@ -76387,6 +76539,42 @@ func awsEc2query_serializeOpDocumentDescribeIpamPoliciesInput(v *DescribeIpamPol return nil } +func awsEc2query_serializeOpDocumentDescribeIpamPoolAllocationsInput(v *DescribeIpamPoolAllocationsInput, value query.Value) error { + object := value.Object() + _ = object + + if v.DryRun != nil { + objectKey := object.Key("DryRun") + objectKey.Boolean(*v.DryRun) + } + + if v.Filters != nil { + objectKey := object.FlatKey("Filter") + if err := awsEc2query_serializeDocumentFilterList(v.Filters, objectKey); err != nil { + return err + } + } + + if v.IpamPoolAllocationIds != nil { + objectKey := object.FlatKey("IpamPoolAllocationId") + if err := awsEc2query_serializeDocumentValueStringList(v.IpamPoolAllocationIds, objectKey); err != nil { + return err + } + } + + if v.MaxResults != nil { + objectKey := object.Key("MaxResults") + objectKey.Integer(*v.MaxResults) + } + + if v.NextToken != nil { + objectKey := object.Key("NextToken") + objectKey.String(*v.NextToken) + } + + return nil +} + func awsEc2query_serializeOpDocumentDescribeIpamPoolsInput(v *DescribeIpamPoolsInput, value query.Value) error { object := value.Object() _ = object @@ -85381,6 +85569,28 @@ func awsEc2query_serializeOpDocumentModifyIpamPolicyAllocationRulesInput(v *Modi return nil } +func awsEc2query_serializeOpDocumentModifyIpamPoolAllocationInput(v *ModifyIpamPoolAllocationInput, value query.Value) error { + object := value.Object() + _ = object + + if v.Description != nil { + objectKey := object.Key("Description") + objectKey.String(*v.Description) + } + + if v.DryRun != nil { + objectKey := object.Key("DryRun") + objectKey.Boolean(*v.DryRun) + } + + if v.IpamPoolAllocationId != nil { + objectKey := object.Key("IpamPoolAllocationId") + objectKey.String(*v.IpamPoolAllocationId) + } + + return nil +} + func awsEc2query_serializeOpDocumentModifyIpamPoolInput(v *ModifyIpamPoolInput, value query.Value) error { object := value.Object() _ = object @@ -87314,6 +87524,11 @@ func awsEc2query_serializeOpDocumentModifyVpnConnectionOptionsInput(v *ModifyVpn objectKey.String(*v.RemoteIpv6NetworkCidr) } + if len(v.TunnelBandwidth) > 0 { + objectKey := object.Key("TunnelBandwidth") + objectKey.String(string(v.TunnelBandwidth)) + } + if v.VpnConnectionId != nil { objectKey := object.Key("VpnConnectionId") objectKey.String(*v.VpnConnectionId) diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/enums.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/enums.go index 0e0e6185f..14e0e4ba8 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/enums.go +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/enums.go @@ -9617,6 +9617,7 @@ const ( ResourceTypeSecondarySubnet ResourceType = "secondary-subnet" ResourceTypeCapacityManagerDataExport ResourceType = "capacity-manager-data-export" ResourceTypeVpnConcentrator ResourceType = "vpn-concentrator" + ResourceTypeIpamPoolAllocation ResourceType = "ipam-pool-allocation" ) // Values returns all known values for ResourceType. Note that this can be @@ -9732,6 +9733,7 @@ func (ResourceType) Values() []ResourceType { "secondary-subnet", "capacity-manager-data-export", "vpn-concentrator", + "ipam-pool-allocation", } } diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/types.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/types.go index d6b7398bd..5f35474eb 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/types.go +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/types/types.go @@ -10774,6 +10774,9 @@ type InstanceTypeInfo struct { // [Boot modes]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ami-boot.html SupportedBootModes []BootModeType + // Indicates whether the instance type is supported in the current Region. + SupportedInRegion *bool + // The supported root device types. SupportedRootDeviceTypes []RootDeviceType @@ -11625,6 +11628,9 @@ type IpamPoolAllocation struct { // The type of the resource. ResourceType IpamPoolAllocationResourceType + // The tags for the IPAM pool allocation. + Tags []Tag + noSmithyDocumentSerde } diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/validators.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/validators.go index b5eb38746..d295c06fe 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/validators.go +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/ec2/validators.go @@ -8230,6 +8230,26 @@ func (m *validateOpModifyIpamPolicyAllocationRules) HandleInitialize(ctx context return next.HandleInitialize(ctx, in) } +type validateOpModifyIpamPoolAllocation struct { +} + +func (*validateOpModifyIpamPoolAllocation) ID() string { + return "OperationInputValidation" +} + +func (m *validateOpModifyIpamPoolAllocation) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + input, ok := in.Parameters.(*ModifyIpamPoolAllocationInput) + if !ok { + return out, metadata, fmt.Errorf("unknown input parameters type %T", in.Parameters) + } + if err := validateOpModifyIpamPoolAllocationInput(input); err != nil { + return out, metadata, err + } + return next.HandleInitialize(ctx, in) +} + type validateOpModifyIpamPool struct { } @@ -8390,6 +8410,26 @@ func (m *validateOpModifyManagedPrefixList) HandleInitialize(ctx context.Context return next.HandleInitialize(ctx, in) } +type validateOpModifyManagedResourceVisibility struct { +} + +func (*validateOpModifyManagedResourceVisibility) ID() string { + return "OperationInputValidation" +} + +func (m *validateOpModifyManagedResourceVisibility) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + input, ok := in.Parameters.(*ModifyManagedResourceVisibilityInput) + if !ok { + return out, metadata, fmt.Errorf("unknown input parameters type %T", in.Parameters) + } + if err := validateOpModifyManagedResourceVisibilityInput(input); err != nil { + return out, metadata, err + } + return next.HandleInitialize(ctx, in) +} + type validateOpModifyNetworkInterfaceAttribute struct { } @@ -12294,6 +12334,10 @@ func addOpModifyIpamPolicyAllocationRulesValidationMiddleware(stack *middleware. return stack.Initialize.Add(&validateOpModifyIpamPolicyAllocationRules{}, middleware.After) } +func addOpModifyIpamPoolAllocationValidationMiddleware(stack *middleware.Stack) error { + return stack.Initialize.Add(&validateOpModifyIpamPoolAllocation{}, middleware.After) +} + func addOpModifyIpamPoolValidationMiddleware(stack *middleware.Stack) error { return stack.Initialize.Add(&validateOpModifyIpamPool{}, middleware.After) } @@ -12326,6 +12370,10 @@ func addOpModifyManagedPrefixListValidationMiddleware(stack *middleware.Stack) e return stack.Initialize.Add(&validateOpModifyManagedPrefixList{}, middleware.After) } +func addOpModifyManagedResourceVisibilityValidationMiddleware(stack *middleware.Stack) error { + return stack.Initialize.Add(&validateOpModifyManagedResourceVisibility{}, middleware.After) +} + func addOpModifyNetworkInterfaceAttributeValidationMiddleware(stack *middleware.Stack) error { return stack.Initialize.Add(&validateOpModifyNetworkInterfaceAttribute{}, middleware.After) } @@ -20694,6 +20742,21 @@ func validateOpModifyIpamPolicyAllocationRulesInput(v *ModifyIpamPolicyAllocatio } } +func validateOpModifyIpamPoolAllocationInput(v *ModifyIpamPoolAllocationInput) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "ModifyIpamPoolAllocationInput"} + if v.IpamPoolAllocationId == nil { + invalidParams.Add(smithy.NewErrParamRequired("IpamPoolAllocationId")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + func validateOpModifyIpamPoolInput(v *ModifyIpamPoolInput) error { if v == nil { return nil @@ -20841,6 +20904,21 @@ func validateOpModifyManagedPrefixListInput(v *ModifyManagedPrefixListInput) err } } +func validateOpModifyManagedResourceVisibilityInput(v *ModifyManagedResourceVisibilityInput) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "ModifyManagedResourceVisibilityInput"} + if len(v.DefaultVisibility) == 0 { + invalidParams.Add(smithy.NewErrParamRequired("DefaultVisibility")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + func validateOpModifyNetworkInterfaceAttributeInput(v *ModifyNetworkInterfaceAttributeInput) error { if v == nil { return nil diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md index fb6a52e0c..cf6c5e091 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/CHANGELOG.md @@ -1,3 +1,7 @@ +# v1.13.9 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. + # v1.13.8 (2026-04-17) * **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go index 2ecad3bc6..e14507070 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding/go_module_metadata.go @@ -3,4 +3,4 @@ package acceptencoding // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.13.8" +const goModuleVersion = "1.13.9" diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md index 9296c6632..96adad526 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/CHANGELOG.md @@ -1,3 +1,8 @@ +# v1.13.23 (2026-04-29) + +* **Dependency Update**: Update to smithy-go v1.25.1. +* **Dependency Update**: Updated to the latest SDK module versions + # v1.13.22 (2026-04-17) * **Dependency Update**: Bump smithy-go to 1.25.0 to support endpointBdd trait diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go index e70562dbd..5737e9c0c 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url/go_module_metadata.go @@ -3,4 +3,4 @@ package presignedurl // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.13.22" +const goModuleVersion = "1.13.23" diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/smithy-go/CHANGELOG.md b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/smithy-go/CHANGELOG.md index 2db174e02..b9cd114ed 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/smithy-go/CHANGELOG.md +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/smithy-go/CHANGELOG.md @@ -1,3 +1,12 @@ +# Release (2026-04-23) + +## General Highlights +* **Dependency Update**: Updated to the latest SDK module versions + +## Module Highlights +* `github.com/aws/smithy-go`: v1.25.1 + * **Bug Fix**: Fixed a memory leak in the LRU cache implementation used by some AWS services. + # Release (2026-04-15) ## General Highlights diff --git a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/smithy-go/go_module_metadata.go b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/smithy-go/go_module_metadata.go index 35938d407..a1e928754 100644 --- a/openshift-tests/ccm-aws-tests/vendor/github.com/aws/smithy-go/go_module_metadata.go +++ b/openshift-tests/ccm-aws-tests/vendor/github.com/aws/smithy-go/go_module_metadata.go @@ -3,4 +3,4 @@ package smithy // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.25.0" +const goModuleVersion = "1.25.1" diff --git a/openshift-tests/ccm-aws-tests/vendor/k8s.io/cloud-provider-aws/tests/e2e/LICENSE b/openshift-tests/ccm-aws-tests/vendor/k8s.io/cloud-provider-aws/tests/e2e/LICENSE deleted file mode 100644 index d64569567..000000000 --- a/openshift-tests/ccm-aws-tests/vendor/k8s.io/cloud-provider-aws/tests/e2e/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/openshift-tests/ccm-aws-tests/vendor/k8s.io/cloud-provider-aws/tests/e2e/cloudconfig.go b/openshift-tests/ccm-aws-tests/vendor/k8s.io/cloud-provider-aws/tests/e2e/cloudconfig.go new file mode 100644 index 000000000..df46625b4 --- /dev/null +++ b/openshift-tests/ccm-aws-tests/vendor/k8s.io/cloud-provider-aws/tests/e2e/cloudconfig.go @@ -0,0 +1,386 @@ +/* +Copyright 2026 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package e2e + +import ( + "context" + "fmt" + "path/filepath" + "strings" + "time" + + appsv1 "k8s.io/api/apps/v1" + v1 "k8s.io/api/core/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/wait" + clientset "k8s.io/client-go/kubernetes" + "k8s.io/kubernetes/test/e2e/framework" +) + +const ( + // ccmDaemonSetName is the name of the CCM DaemonSet in kube-system namespace. + ccmDaemonSetName = "aws-cloud-controller-manager" + // ccmNamespace is the namespace where CCM daemonset is deployed by kops. + ccmNamespace = "kube-system" + // ccmLabelSelector is the label selector to identify CCM pods. + ccmLabelSelector = "k8s-app=aws-cloud-controller-manager" + // tempConfigMapName is the name used for the injected config map with the modified cloud config. + tempConfigMapName = "aws-cloud-config-e2e" + // defaultRestartTimeout is the default timeout for waiting for CCM pods to restart and become ready after config changes. + defaultRestartTimeout = 3 * time.Minute + // pollInterval is the interval for polling pod readiness after CCM restart. + pollInterval = 5 * time.Second +) + +// cloudConfigManager helps to change the CCM cloud configuration for e2e tests. +// It is engineered to work with kops-provisioned clusters that run CI tests. +// It modifies the CCM cloud config at runtime by creating a temporary ConfigMap and +// patching the DaemonSet to use it instead of the original hostPath volume. +type cloudConfigManager struct { + // State tracking for restoration + originalVolume *v1.Volume + originalVolumeMount *v1.VolumeMount + configMapKey string + + // restartTimeout defines for how long to wait for CCM pods to become ready + // after configuration changes. + restartTimeout time.Duration +} + +// cloudConfigManagerOption is a functional option for configuring ccmCloudConfigManager. +type cloudConfigManagerOption func(*cloudConfigManager) + +// withRestartTimeout sets the timeout for waiting for CCM pods to become ready after configuration changes. +func withRestartTimeout(timeout time.Duration) cloudConfigManagerOption { + return func(m *cloudConfigManager) { + m.restartTimeout = timeout + } +} + +// newCloudConfigManager creates a new CCM cloud config manager with the provided options. +func newCloudConfigManager(opts ...cloudConfigManagerOption) *cloudConfigManager { + m := &cloudConfigManager{ + restartTimeout: defaultRestartTimeout, + } + + // Apply options + for _, opt := range opts { + opt(m) + } + + return m +} + +// setCloudConfig modifies the CCM cloud configuration with the provided content, storing the original +// configuration state for later restoration. +// +// Steps: +// - Finds the cloud-config path from CCM args +// - Creates a temporary ConfigMap with the desired config +// - Patches the CCM DaemonSet to use the ConfigMap instead of hostPath +// - Adds subPath to volumeMount to mount ConfigMap key as a file +// - Restarts CCM pods and waits for them to become ready +// +// Parameters: +// - ctx: Context for the operation +// - cs: Kubernetes clientset +// - configContent: The cloud config file content to set. +// +// Returns error if any step fails or if CCM is not using hostPath. +func (m *cloudConfigManager) setCloudConfig(ctx context.Context, cs clientset.Interface, configContent string) error { + framework.Logf("=== Setting CCM cloud configuration ===") + + // Get CCM DaemonSet + ds, err := cs.AppsV1().DaemonSets(ccmNamespace).Get(ctx, ccmDaemonSetName, metav1.GetOptions{}) + if err != nil { + return fmt.Errorf("failed to get CCM DaemonSet: %w", err) + } + + // Find cloud-config file path from CCM container args + if len(ds.Spec.Template.Spec.Containers) == 0 { + return fmt.Errorf("CCM DaemonSet has no containers") + } + cloudConfigPath := getCloudConfigPath(ds.Spec.Template.Spec.Containers[0]) + + // Check if CCM actually uses a cloud config. If not, return an error as it's an unsupported scenario. + if cloudConfigPath == "" { + return fmt.Errorf("CCM does not use --cloud-config flag") + } + framework.Logf("Cloud config path from CCM args: %s", cloudConfigPath) + + // Find the volume and volumeMount for cloud config + _, volumeIdx, err := m.findCloudConfigVolume(ds, cloudConfigPath) + if err != nil { + return err + } + + // Verify it's hostPath-based + if m.originalVolume.HostPath == nil { + return fmt.Errorf("CCM cloud config is not hostPath-based (only hostPath configs are supported)") + } + framework.Logf("Current config mount: HostPath=%s", m.originalVolume.HostPath.Path) + + // Create ConfigMap and patch DaemonSet. This also stores a copy of the original volume for later restoration. + if err := m.createConfigMapAndPatchDaemonSet(ctx, cs, ds, volumeIdx, configContent); err != nil { + return err + } + + // Restart CCM pods and wait for them to be ready + return restartCCMPods(ctx, cs, m.restartTimeout) +} + +// restoreCloudConfig restores the original CCM cloud configuration as saved by setCloudConfig. +// This restores the hostPath volume and deletes the temporary ConfigMap. +func (m *cloudConfigManager) restoreCloudConfig(ctx context.Context, cs clientset.Interface) error { + framework.Logf("=== Restoring original CCM configuration ===") + + ds, err := cs.AppsV1().DaemonSets(ccmNamespace).Get(ctx, ccmDaemonSetName, metav1.GetOptions{}) + if err != nil { + return fmt.Errorf("failed to get DaemonSet: %w", err) + } + + if m.originalVolume == nil { + return fmt.Errorf("no original volume to restore") + } + + // Restore original volume + for i, vol := range ds.Spec.Template.Spec.Volumes { + if vol.Name == m.originalVolume.Name { + ds.Spec.Template.Spec.Volumes[i] = *m.originalVolume + framework.Logf("Restored original volume: %s", m.originalVolume.Name) + break + } + } + + // Restore original volumeMount (remove subPath) + if m.originalVolumeMount != nil { + for i, container := range ds.Spec.Template.Spec.Containers { + for j, mount := range container.VolumeMounts { + if mount.Name == m.originalVolume.Name { + ds.Spec.Template.Spec.Containers[i].VolumeMounts[j] = *m.originalVolumeMount + framework.Logf("Restored original volumeMount") + break + } + } + } + } + + // Update DaemonSet + _, err = cs.AppsV1().DaemonSets(ccmNamespace).Update(ctx, ds, metav1.UpdateOptions{}) + if err != nil { + return fmt.Errorf("failed to restore DaemonSet: %w", err) + } + framework.Logf("Restored DaemonSet to use hostPath") + + // Delete temporary ConfigMap + err = cs.CoreV1().ConfigMaps(ccmNamespace).Delete(ctx, tempConfigMapName, metav1.DeleteOptions{}) + if err != nil && !apierrors.IsNotFound(err) { + return fmt.Errorf("failed to delete ConfigMap: %w", err) + } + framework.Logf("Deleted temporary ConfigMap %s", tempConfigMapName) + + // Restart CCM pods to load original config + return restartCCMPods(ctx, cs, m.restartTimeout) +} + +// getCloudConfigPath extracts the cloud config path from CCM container arguments. +// Returns empty string if --cloud-config flag is not found. +func getCloudConfigPath(container v1.Container) string { + for i, arg := range container.Args { + if arg == "--cloud-config" && i+1 < len(container.Args) { + return container.Args[i+1] + } else if strings.HasPrefix(arg, "--cloud-config=") { + return strings.TrimPrefix(arg, "--cloud-config=") + } + } + + return "" // No cloud-config flag found +} + +// findCloudConfigVolume locates the volume and volumeMount for the cloud config in the CCM DaemonSet. +// It returns the volume name, volume index, and ConfigMap key. +func (m *cloudConfigManager) findCloudConfigVolume(ds *appsv1.DaemonSet, cloudConfigPath string) (volumeName string, volumeIdx int, err error) { + if len(ds.Spec.Template.Spec.Containers) == 0 { + return "", -1, fmt.Errorf("CCM DaemonSet has no containers") + } + container := ds.Spec.Template.Spec.Containers[0] + + // Find volumeMount that matches the cloud config path + for _, mount := range container.VolumeMounts { + if mount.MountPath == cloudConfigPath { + volumeName = mount.Name + // If SubPath is set, that's the ConfigMap key; otherwise use basename of path + if mount.SubPath != "" { + m.configMapKey = mount.SubPath + } else { + m.configMapKey = filepath.Base(cloudConfigPath) + } + framework.Logf("Found cloud config volumeMount: name=%s, mountPath=%s, subPath=%s, key=%s", + volumeName, mount.MountPath, mount.SubPath, m.configMapKey) + break + } + } + if volumeName == "" { + return "", -1, fmt.Errorf("cloud config volumeMount not found for path %s", cloudConfigPath) + } + + // Find the volume by name + for i, vol := range ds.Spec.Template.Spec.Volumes { + if vol.Name == volumeName { + volumeIdx = i + m.originalVolume = vol.DeepCopy() + framework.Logf("Found cloud config volume: name=%s, type=%s", vol.Name, getVolumeType(vol)) + return volumeName, volumeIdx, nil + } + } + + return "", -1, fmt.Errorf("cloud config volume not found for name %s", volumeName) +} + +// createConfigMapAndPatchDaemonSet creates a new ConfigMap with cloud config and patches +// the CCM DaemonSet to use it instead of hostPath. +func (m *cloudConfigManager) createConfigMapAndPatchDaemonSet(ctx context.Context, cs clientset.Interface, ds *appsv1.DaemonSet, volumeIdx int, configContent string) error { + framework.Logf("Creating temporary ConfigMap and patching DaemonSet") + + // Create ConfigMap with the detected key + cm := &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: tempConfigMapName, + Namespace: ccmNamespace, + }, + Data: map[string]string{ + m.configMapKey: configContent, + }, + } + _, err := cs.CoreV1().ConfigMaps(ccmNamespace).Create(ctx, cm, metav1.CreateOptions{}) + if err != nil { + if apierrors.IsAlreadyExists(err) { + // ConfigMap already exists, update it + framework.Logf("ConfigMap %s already exists, updating...", tempConfigMapName) + _, err = cs.CoreV1().ConfigMaps(ccmNamespace).Update(ctx, cm, metav1.UpdateOptions{}) + if err != nil { + return fmt.Errorf("failed to update existing ConfigMap: %w", err) + } + framework.Logf("Updated ConfigMap %s with key '%s'", tempConfigMapName, m.configMapKey) + } else { + return fmt.Errorf("failed to create ConfigMap: %w", err) + } + } else { + framework.Logf("Created ConfigMap %s with key '%s'", tempConfigMapName, m.configMapKey) + } + + // Patch DaemonSet volume to use ConfigMap + ds.Spec.Template.Spec.Volumes[volumeIdx] = v1.Volume{ + Name: m.originalVolume.Name, + VolumeSource: v1.VolumeSource{ + ConfigMap: &v1.ConfigMapVolumeSource{ + LocalObjectReference: v1.LocalObjectReference{ + Name: tempConfigMapName, + }, + }, + }, + } + + // Find and patch volumeMount to use subPath + // ConfigMap mounts as directory, hostPath as file + // Without subPath, /etc/kubernetes/cloud.config becomes a directory + for i, container := range ds.Spec.Template.Spec.Containers { + for j, mount := range container.VolumeMounts { + if mount.Name == m.originalVolume.Name { + // Save original volumeMount for rollback + m.originalVolumeMount = mount.DeepCopy() + // Add subPath to mount ConfigMap key as file + ds.Spec.Template.Spec.Containers[i].VolumeMounts[j].SubPath = m.configMapKey + framework.Logf("Added subPath=%s to volumeMount", m.configMapKey) + break + } + } + } + + _, err = cs.AppsV1().DaemonSets(ccmNamespace).Update(ctx, ds, metav1.UpdateOptions{}) + if err != nil { + return fmt.Errorf("failed to update DaemonSet: %w", err) + } + framework.Logf("Patched DaemonSet to use ConfigMap") + + return nil +} + +// restartCCMPods restarts all CCM pods and waits for them to become ready. +func restartCCMPods(ctx context.Context, cs clientset.Interface, timeout time.Duration) error { + framework.Logf("Restarting CCM pods") + + ccmPods, err := cs.CoreV1().Pods(ccmNamespace).List(ctx, metav1.ListOptions{ + LabelSelector: ccmLabelSelector, + }) + if err != nil { + return fmt.Errorf("failed to list CCM pods: %w", err) + } + + for _, pod := range ccmPods.Items { + err = cs.CoreV1().Pods(ccmNamespace).Delete(ctx, pod.Name, metav1.DeleteOptions{}) + // Ignore NotFound errors - pod may already be deleting due to DaemonSet update + if err != nil && !apierrors.IsNotFound(err) { + return fmt.Errorf("failed to delete pod %s: %w", pod.Name, err) + } + } + + // Wait for new pods to be Running AND Ready + framework.Logf("Waiting for CCM pods to become ready (timeout: %v)", timeout) + err = wait.PollUntilContextTimeout(ctx, pollInterval, timeout, true, func(ctx context.Context) (bool, error) { + pods, err := cs.CoreV1().Pods(ccmNamespace).List(ctx, metav1.ListOptions{ + LabelSelector: ccmLabelSelector, + }) + if err != nil || len(pods.Items) == 0 { + return false, nil + } + for _, pod := range pods.Items { + if pod.Status.Phase != v1.PodRunning { + return false, nil + } + // Check container ready status + ready := false + for _, condition := range pod.Status.Conditions { + if condition.Type == v1.PodReady && condition.Status == v1.ConditionTrue { + ready = true + break + } + } + if !ready { + return false, nil + } + } + return true, nil + }) + if err != nil { + return fmt.Errorf("CCM pods did not become ready within %v: %w", timeout, err) + } + framework.Logf("CCM restarted successfully") + + return nil +} + +// getVolumeType returns a string describing the type of volume. +func getVolumeType(vol v1.Volume) string { + if vol.ConfigMap != nil { + return "ConfigMap" + } else if vol.HostPath != nil { + return "HostPath" + } + return "Unknown" +} diff --git a/openshift-tests/ccm-aws-tests/vendor/k8s.io/cloud-provider-aws/tests/e2e/loadbalancer.go b/openshift-tests/ccm-aws-tests/vendor/k8s.io/cloud-provider-aws/tests/e2e/loadbalancer.go index 217706061..e2a802efe 100644 --- a/openshift-tests/ccm-aws-tests/vendor/k8s.io/cloud-provider-aws/tests/e2e/loadbalancer.go +++ b/openshift-tests/ccm-aws-tests/vendor/k8s.io/cloud-provider-aws/tests/e2e/loadbalancer.go @@ -36,6 +36,8 @@ import ( "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/aws/retry" "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/service/ec2" + ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types" elbv2 "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2" elbv2types "github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2/types" ) @@ -45,6 +47,7 @@ const ( annotationLBInternal = "service.beta.kubernetes.io/aws-load-balancer-internal" annotationLBTargetNodeLabels = "service.beta.kubernetes.io/aws-load-balancer-target-node-labels" annotationLBTargetGroupAttributes = "service.beta.kubernetes.io/aws-load-balancer-target-group-attributes" + annotationLBSecurityGroups = "service.beta.kubernetes.io/aws-load-balancer-security-groups" ) var ( @@ -56,354 +59,647 @@ var ( } ) -// loadbalancer tests -var _ = Describe("[cloud-provider-aws-e2e] loadbalancer", func() { - f := framework.NewDefaultFramework("cloud-provider-aws") - f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged +// loadBalancerTestCases defines the structure for different load balancer test scenarios, +// including configuration, hooks for dynamic behavior, and test verification controls. +type loadBalancerTestCases struct { + // Overall test case configuration. + name string + resourceSuffix string + extraAnnotations map[string]string + listenerCount int + + // Hooks + // HookPostServiceConfig hook runs after the service manifest is created, and before the service is created. + hookPostServiceConfig func(cfg *e2eTestConfig) + // HookPostServiceCreate hook runs after the test is run. + hookPostServiceCreate func(cfg *e2eTestConfig) + // HookPreTest hook runs before the test is run. + hookPreTest func(cfg *e2eTestConfig) + + // Flags to override default test behavior. + overrideTestRunInClusterReachableHTTP bool + requireAffinity bool + + // Test verification + skipTestFailure bool +} - var ( - cs clientset.Interface - ns *v1.Namespace - ) +// runTestCase is a helper function that executes a load balancer test case +func runTestCase(ctx context.Context, tc loadBalancerTestCases, cs clientset.Interface, ns *v1.Namespace) { + By("setting up test environment and discovering worker nodes") + e2e := newE2eTestConfig(cs) + e2e.discoverClusterWorkerNode() + framework.Logf("[SETUP] Test case: %s", tc.name) + framework.Logf("[SETUP] Worker nodes discovered: %d nodes, selector: %s, sample node: %s", e2e.nodeCount, e2e.nodeSelector, e2e.nodeSingleSample) - BeforeEach(func() { - cs = f.ClientSet - ns = f.Namespace - }) + loadBalancerCreateTimeout := e2eservice.GetServiceLoadBalancerCreationTimeout(ctx, cs) + framework.Logf("[CONFIG] AWS load balancer timeout: %s", loadBalancerCreateTimeout) - AfterEach(func() { - // After each test + By("building service configuration with annotations") + + serviceName := "lbconfig-test" + if len(tc.resourceSuffix) > 0 { + serviceName = serviceName + "-" + tc.resourceSuffix + } + framework.Logf("[CONFIG] Service name: %s, namespace: %s", serviceName, ns.Name) + e2e.LBJig = e2eservice.NewTestJig(cs, ns.Name, serviceName) + + // Hook annotations to support dynamic config + e2e.svc = e2e.buildService(tc.listenerCount, tc.extraAnnotations) + framework.Logf("[CONFIG] Service ports: %d, extra annotations: %v", len(e2e.svc.Spec.Ports), tc.extraAnnotations) + + if tc.hookPostServiceConfig != nil { + By("executing hook post-service-config: applying service configuration") + framework.Logf("[HOOK] Executing post-service-config hook") + tc.hookPostServiceConfig(e2e) + framework.Logf("[HOOK] Final service annotations: %v", e2e.svc.Annotations) + } + + By("creating LoadBalancer service in Kubernetes") + if _, err := e2e.LBJig.Client.CoreV1().Services(e2e.LBJig.Namespace).Create(context.TODO(), e2e.svc, metav1.CreateOptions{}); err != nil { + framework.ExpectNoError(fmt.Errorf("failed to create LoadBalancer Service %q: %v", e2e.svc.Name, err)) + } + framework.Logf("[K8S] LoadBalancer service created successfully") + + By("waiting for AWS load balancer provisioning") + var err error + e2e.svc, err = e2e.LBJig.WaitForLoadBalancer(ctx, loadBalancerCreateTimeout) + // Collect comprehensive debugging information when LoadBalancer provisioning fails + if err != nil { + serviceName := e2e.LBJig.Name + if e2e.svc != nil { + serviceName = e2e.svc.Name + } + framework.Logf("ERROR: LoadBalancer provisioning failed for service %q: %v", serviceName, err) + framework.Logf("ERROR: LoadBalancer provisioning timeout reached after %v", loadBalancerCreateTimeout) + + // Ensure we have detailed debugging information before failing + framework.Logf("=== LoadBalancer Provisioning Failure Debug Information ===") + gatherEventosOnFailure(e2e.ctx, e2e.kubeClient, e2e.LBJig.Namespace, e2e.LBJig.Name) + framework.Logf("=== End of LoadBalancer Provisioning Failure Debug Information ===") + + // Fail the test immediately to prevent further execution + framework.ExpectNoError(err, "LoadBalancer provisioning failed - check debug information above") + } + framework.Logf("[AWS] Load balancer provisioned successfully") + + By("creating backend server pods") + _, err = e2e.LBJig.Run(ctx, e2e.buildDeployment(tc.requireAffinity)) + if err != nil { + serviceName := e2e.LBJig.Name + if e2e.svc != nil { + serviceName = e2e.svc.Name + } + framework.Logf("ERROR: LoadBalancer provisioning failed for service %q: %v", serviceName, err) + framework.Logf("ERROR: LoadBalancer provisioning timeout reached after %v", loadBalancerCreateTimeout) + + // Ensure we have detailed debugging information before failing + framework.Logf("=== LoadBalancer Provisioning Failure Debug Information ===") + gatherEventosOnFailure(e2e.ctx, e2e.kubeClient, e2e.LBJig.Namespace, e2e.LBJig.Name) + framework.Logf("=== End of LoadBalancer Provisioning Failure Debug Information ===") + + // Fail the test immediately to prevent further execution + framework.ExpectNoError(err, "LoadBalancer provisioning failed - check debug information above") + } + + framework.Logf("[K8S] Backend pods created, affinity required: %t", tc.requireAffinity) + + if tc.hookPostServiceCreate != nil { + By("executing hook post-service-create: applying service configuration") + tc.hookPostServiceCreate(e2e) + } + + By("collecting service and load balancer information") + if e2e.svc == nil { + framework.Logf("=== Service Validation Error Debug Information ===") + gatherEventosOnFailure(e2e.ctx, e2e.kubeClient, e2e.LBJig.Namespace, e2e.LBJig.Name) + framework.Logf("=== End of Service Validation Error Debug Information ===") + framework.Failf("Service is nil after LoadBalancer provisioning for service %s", e2e.LBJig.Name) + } + if len(e2e.svc.Spec.Ports) == 0 { + framework.Logf("=== Service Ports Error Debug Information ===") + framework.Logf("Service spec: %+v", e2e.svc.Spec) + gatherEventosOnFailure(e2e.ctx, e2e.kubeClient, e2e.LBJig.Namespace, e2e.LBJig.Name) + framework.Logf("=== End of Service Ports Error Debug Information ===") + framework.Failf("No ports found in service spec for service %s/%s", e2e.svc.Namespace, e2e.svc.Name) + } + if len(e2e.svc.Status.LoadBalancer.Ingress) == 0 { + framework.Logf("=== LoadBalancer Ingress Error Debug Information ===") + framework.Logf("Service status: %+v", e2e.svc.Status) + gatherEventosOnFailure(e2e.ctx, e2e.kubeClient, e2e.LBJig.Namespace, e2e.LBJig.Name) + framework.Logf("=== End of LoadBalancer Ingress Error Debug Information ===") + framework.Failf("No ingress found in LoadBalancer status for service %s/%s", e2e.svc.Namespace, e2e.svc.Name) + } + + svcPort := int(e2e.svc.Spec.Ports[0].Port) + ingressAddress := e2eservice.GetIngressPoint(&e2e.svc.Status.LoadBalancer.Ingress[0]) + framework.Logf("[LB-INFO] Ingress address: %s, port: %d", ingressAddress, svcPort) + + if ingressAddress == "" { + framework.Logf("=== Empty Ingress Address Debug Information ===") + framework.Logf("LoadBalancer ingress[0]: %+v", e2e.svc.Status.LoadBalancer.Ingress[0]) + gatherEventosOnFailure(e2e.ctx, e2e.kubeClient, e2e.LBJig.Namespace, e2e.LBJig.Name) + framework.Logf("=== End of Empty Ingress Address Debug Information ===") + framework.Failf("LoadBalancer ingress address is empty for service %s/%s", e2e.svc.Namespace, e2e.svc.Name) + } + + if tc.hookPreTest != nil { + By("executing pre-test hook") + tc.hookPreTest(e2e) + } + + // overrideTestRunInClusterReachableHTTP changes the default test function to run the client in the cluster. + if tc.overrideTestRunInClusterReachableHTTP { + By("testing HTTP connectivity for internal load balancer") + framework.Logf("[TEST] Running internal connectivity test from node: %s", e2e.nodeSingleSample) + err := inClusterTestReachableHTTP(cs, ns.Name, e2e.nodeSingleSample, ingressAddress, svcPort) + if err != nil && tc.skipTestFailure { + Skip(err.Error()) + } + framework.ExpectNoError(err) + } else { + By("testing HTTP connectivity for external/internet-facing load balancer") + framework.Logf("[TEST] Running external connectivity test to %s:%d", ingressAddress, svcPort) + e2eservice.TestReachableHTTP(ctx, ingressAddress, svcPort, e2eservice.LoadBalancerLagTimeoutAWS) + } + framework.Logf("[TEST] HTTP connectivity test completed successfully") + + // Update the service to cluster IP + By("cleaning up: converting service to ClusterIP") + _, err = e2e.LBJig.UpdateService(ctx, func(s *v1.Service) { + s.Spec.Type = v1.ServiceTypeClusterIP }) + framework.ExpectNoError(err) + + // Wait for the load balancer to be destroyed asynchronously + By("cleaning up: waiting for load balancer destruction") + framework.Logf("[CLEANUP] Waiting for load balancer destruction") + _, err = e2e.LBJig.WaitForLoadBalancerDestroy(ctx, ingressAddress, svcPort, loadBalancerCreateTimeout) + framework.ExpectNoError(err) + framework.Logf("[CLEANUP] Load balancer destroyed successfully") +} - type loadBalancerTestCases struct { - // Overall test case configuration. - name string - resourceSuffix string - extraAnnotations map[string]string - listenerCount int - - // Hooks - // HookPostServiceConfig hook runs after the service manifest is created, and before the service is created. - hookPostServiceConfig func(cfg *e2eTestConfig) - // HookPostServiceCreate hook runs after the test is run. - hookPostServiceCreate func(cfg *e2eTestConfig) - // HookPreTest hook runs before the test is run. - hookPreTest func(cfg *e2eTestConfig) - - // Flags to override default test behavior. - overrideTestRunInClusterReachableHTTP bool - requireAffinity bool - - // Test verification - skipTestFailure bool - } - cases := []loadBalancerTestCases{ - { - name: "CLB should be reachable with default configurations", - resourceSuffix: "", - extraAnnotations: map[string]string{}, +// clbTests: Tests related to CLB load balancers +var clbTests = []loadBalancerTestCases{ + { + name: "CLB should be reachable with default configurations", + resourceSuffix: "", + extraAnnotations: map[string]string{}, + }, + // Hairpining traffic test for CLB. + { + name: "CLB internal should be reachable with hairpinning traffic", + resourceSuffix: "hp-clb-int", + extraAnnotations: map[string]string{ + annotationLBInternal: "true", }, - { - name: "NLB should be reachable with default configurations", - resourceSuffix: "nlb", - extraAnnotations: map[string]string{annotationLBType: "nlb"}, + hookPostServiceConfig: func(cfg *e2eTestConfig) { + framework.Logf("running hook post-service-config patching service annotations to enforce LB pins/selects target to a single node: kubernetes.io/hostname=%s", cfg.nodeSingleSample) + if cfg.svc.Annotations == nil { + cfg.svc.Annotations = map[string]string{} + } + cfg.svc.Annotations[annotationLBTargetNodeLabels] = fmt.Sprintf("kubernetes.io/hostname=%s", cfg.nodeSingleSample) }, - { - name: "NLB should be reachable with target-node-labels", - resourceSuffix: "sg-nd", - extraAnnotations: map[string]string{annotationLBType: "nlb"}, - hookPostServiceConfig: func(cfg *e2eTestConfig) { - framework.Logf("running hook post-service-config patching service annotations to test node label selector") - if cfg.svc.Annotations == nil { - cfg.svc.Annotations = map[string]string{} - } - cfg.svc.Annotations[annotationLBTargetNodeLabels] = cfg.nodeSelector - }, - hookPostServiceCreate: func(cfg *e2eTestConfig) { - framework.Logf("running hook post-service-create to validate the number of targets in the load balancer selected") - if len(cfg.svc.Status.LoadBalancer.Ingress) == 0 { - framework.Failf("No ingress found in LoadBalancer status for service %s/%s", cfg.svc.Namespace, cfg.svc.Name) - } - lbDNS := cfg.svc.Status.LoadBalancer.Ingress[0].Hostname - framework.ExpectNoError(getLBTargetCount(cfg.ctx, lbDNS, cfg.nodeCount), "AWS LB target count validation failed") - }, + overrideTestRunInClusterReachableHTTP: true, + requireAffinity: true, + }, +} + +// nlbTests: Generic NLB tests that test NLB functionality and are not specific to a security group configuration layout +var nlbTests = []loadBalancerTestCases{ + { + name: "NLB should be reachable with default configurations", + resourceSuffix: "nlb", + extraAnnotations: map[string]string{annotationLBType: "nlb"}, + }, + { + name: "NLB should be reachable with target-node-labels", + resourceSuffix: "sg-nd", + extraAnnotations: map[string]string{annotationLBType: "nlb"}, + hookPostServiceConfig: func(cfg *e2eTestConfig) { + framework.Logf("running hook post-service-config patching service annotations to test node label selector") + if cfg.svc.Annotations == nil { + cfg.svc.Annotations = map[string]string{} + } + cfg.svc.Annotations[annotationLBTargetNodeLabels] = cfg.nodeSelector }, - // Hairpining traffic test for CLB. - { - name: "CLB internal should be reachable with hairpinning traffic", - resourceSuffix: "hp-clb-int", - extraAnnotations: map[string]string{ - annotationLBInternal: "true", - }, - hookPostServiceConfig: func(cfg *e2eTestConfig) { - framework.Logf("running hook post-service-config patching service annotations to enforce LB pins/selects target to a single node: kubernetes.io/hostname=%s", cfg.nodeSingleSample) - if cfg.svc.Annotations == nil { - cfg.svc.Annotations = map[string]string{} - } - cfg.svc.Annotations[annotationLBTargetNodeLabels] = fmt.Sprintf("kubernetes.io/hostname=%s", cfg.nodeSingleSample) - }, - overrideTestRunInClusterReachableHTTP: true, - requireAffinity: true, + hookPostServiceCreate: func(cfg *e2eTestConfig) { + framework.Logf("running hook post-service-create to validate the number of targets in the load balancer selected") + if len(cfg.svc.Status.LoadBalancer.Ingress) == 0 { + framework.Failf("No ingress found in LoadBalancer status for service %s/%s", cfg.svc.Namespace, cfg.svc.Name) + } + lbDNS := cfg.svc.Status.LoadBalancer.Ingress[0].Hostname + framework.ExpectNoError(getLBTargetCount(cfg.ctx, lbDNS, cfg.nodeCount), "AWS LB target count validation failed") }, - // Hairpining traffic test for NLB. - // The target type instance (default) sets the preserve client IP attribute to true, - // the NLB target group attributes are set to preserve_client_ip.enabled=false to allow hairpining traffic. - // The test also validates the target group attributes are set correctly to AWS resource. - { - name: "NLB internal should be reachable with hairpinning traffic", - resourceSuffix: "hp-nlb-int", - extraAnnotations: map[string]string{ - annotationLBType: "nlb", - annotationLBInternal: "true", - annotationLBTargetGroupAttributes: "preserve_client_ip.enabled=false", - }, - listenerCount: 1, - overrideTestRunInClusterReachableHTTP: true, - requireAffinity: true, - hookPostServiceConfig: func(cfg *e2eTestConfig) { - framework.Logf("running hook post-service-config patching service annotations to enforce LB pins/selects target to a single node: kubernetes.io/hostname=%s", cfg.nodeSingleSample) - if cfg.svc.Annotations == nil { - cfg.svc.Annotations = map[string]string{} - } - cfg.svc.Annotations[annotationLBTargetNodeLabels] = fmt.Sprintf("kubernetes.io/hostname=%s", cfg.nodeSingleSample) - }, - hookPreTest: func(e2e *e2eTestConfig) { - framework.Logf("running hook pre-test: verify target group attributes are set correctly to AWS resource") + }, + // Hairpining traffic test for NLB. + // The target type instance (default) sets the preserve client IP attribute to true, + // the NLB target group attributes are set to preserve_client_ip.enabled=false to allow hairpining traffic. + // The test also validates the target group attributes are set correctly to AWS resource. + { + name: "NLB internal should be reachable with hairpinning traffic", + resourceSuffix: "hp-nlb-int", + extraAnnotations: map[string]string{ + annotationLBType: "nlb", + annotationLBInternal: "true", + annotationLBTargetGroupAttributes: "preserve_client_ip.enabled=false", + }, + listenerCount: 1, + overrideTestRunInClusterReachableHTTP: true, + requireAffinity: true, + hookPostServiceConfig: func(cfg *e2eTestConfig) { + framework.Logf("running hook post-service-config patching service annotations to enforce LB pins/selects target to a single node: kubernetes.io/hostname=%s", cfg.nodeSingleSample) + if cfg.svc.Annotations == nil { + cfg.svc.Annotations = map[string]string{} + } + cfg.svc.Annotations[annotationLBTargetNodeLabels] = fmt.Sprintf("kubernetes.io/hostname=%s", cfg.nodeSingleSample) + }, + hookPreTest: func(e2e *e2eTestConfig) { + framework.Logf("running hook pre-test: verify target group attributes are set correctly to AWS resource") - if e2e.svc.Status.LoadBalancer.Ingress[0].Hostname == "" && e2e.svc.Status.LoadBalancer.Ingress[0].IP == "" { - framework.Failf("LoadBalancer ingress is empty (no hostname or IP) for service %s/%s", e2e.svc.Namespace, e2e.svc.Name) - } + if e2e.svc.Status.LoadBalancer.Ingress[0].Hostname == "" && e2e.svc.Status.LoadBalancer.Ingress[0].IP == "" { + framework.Failf("LoadBalancer ingress is empty (no hostname or IP) for service %s/%s", e2e.svc.Namespace, e2e.svc.Name) + } - hostAddr := e2eservice.GetIngressPoint(&e2e.svc.Status.LoadBalancer.Ingress[0]) - framework.Logf("Load balancer's ingress address: %s", hostAddr) + hostAddr := e2eservice.GetIngressPoint(&e2e.svc.Status.LoadBalancer.Ingress[0]) + framework.Logf("Load balancer's ingress address: %s", hostAddr) - if hostAddr == "" { - framework.Failf("Unable to get LoadBalancer ingress address for service %s/%s", e2e.svc.Namespace, e2e.svc.Name) - } + if hostAddr == "" { + framework.Failf("Unable to get LoadBalancer ingress address for service %s/%s", e2e.svc.Namespace, e2e.svc.Name) + } - elbClient, err := getAWSClientLoadBalancer(e2e.ctx) - framework.ExpectNoError(err, "failed to create AWS ELB client") + elbClient, err := getAWSClientLoadBalancer(e2e.ctx) + framework.ExpectNoError(err, "failed to create AWS ELB client") - // DescribeLoadBalancers API doesn't support filtering by DNS name directly - // Use AWS SDK paginator to search through all load balancers - foundLB, err := getAWSLoadBalancerFromDNSName(e2e.ctx, elbClient, hostAddr) - framework.ExpectNoError(err, "failed to find load balancer with DNS name %s", hostAddr) - if foundLB == nil { - framework.Failf("Found load balancer is nil for DNS name %s", hostAddr) - } + // DescribeLoadBalancers API doesn't support filtering by DNS name directly + // Use AWS SDK paginator to search through all load balancers + foundLB, err := getAWSLoadBalancerFromDNSName(e2e.ctx, elbClient, hostAddr) + framework.ExpectNoError(err, "failed to find load balancer with DNS name %s", hostAddr) + if foundLB == nil { + framework.Failf("Found load balancer is nil for DNS name %s", hostAddr) + } - lbARN := aws.ToString(foundLB.LoadBalancerArn) - if lbARN == "" { - framework.Failf("Load balancer ARN is empty for DNS name %s", hostAddr) - } - framework.Logf("Found load balancer: %s with ARN: %s", aws.ToString(foundLB.LoadBalancerName), lbARN) - - // lookup target group ARN from load balancer ARN - targetGroups, err := elbClient.DescribeTargetGroups(e2e.ctx, &elbv2.DescribeTargetGroupsInput{ - LoadBalancerArn: aws.String(lbARN), - }) - framework.ExpectNoError(err, "failed to describe target groups") - gomega.Expect(len(targetGroups.TargetGroups)).To(gomega.Equal(1)) - - targetGroupAttributes, err := elbClient.DescribeTargetGroupAttributes(e2e.ctx, &elbv2.DescribeTargetGroupAttributesInput{ - TargetGroupArn: aws.String(aws.ToString(targetGroups.TargetGroups[0].TargetGroupArn)), - }) - framework.ExpectNoError(err, "failed to describe target group attributes") - - // verify if the target group attributes are set correctly - - annotationToDict := map[string]string{} - for _, v := range strings.Split(e2e.svc.Annotations[annotationLBTargetGroupAttributes], ",") { - parts := strings.Split(v, "=") - annotationToDict[parts[0]] = parts[1] - } - framework.Logf("TG attribute Annotation to dict: %v", annotationToDict) + lbARN := aws.ToString(foundLB.LoadBalancerArn) + if lbARN == "" { + framework.Failf("Load balancer ARN is empty for DNS name %s", hostAddr) + } + framework.Logf("Found load balancer: %s with ARN: %s", aws.ToString(foundLB.LoadBalancerName), lbARN) - framework.Logf("=== All Target Group Attributes from AWS ===") - for _, attr := range targetGroupAttributes.Attributes { - framework.Logf(" %s=%s", aws.ToString(attr.Key), aws.ToString(attr.Value)) - } + // lookup target group ARN from load balancer ARN + targetGroups, err := elbClient.DescribeTargetGroups(e2e.ctx, &elbv2.DescribeTargetGroupsInput{ + LoadBalancerArn: aws.String(lbARN), + }) + framework.ExpectNoError(err, "failed to describe target groups") + gomega.Expect(len(targetGroups.TargetGroups)).To(gomega.Equal(1)) - framework.Logf("=== Expected Target Group Attributes from Annotation ===") - for key, value := range annotationToDict { - framework.Logf(" %s=%s", key, value) - } + targetGroupAttributes, err := elbClient.DescribeTargetGroupAttributes(e2e.ctx, &elbv2.DescribeTargetGroupAttributesInput{ + TargetGroupArn: aws.String(aws.ToString(targetGroups.TargetGroups[0].TargetGroupArn)), + }) + framework.ExpectNoError(err, "failed to describe target group attributes") + + // verify if the target group attributes are set correctly + + annotationToDict := map[string]string{} + for _, v := range strings.Split(e2e.svc.Annotations[annotationLBTargetGroupAttributes], ",") { + parts := strings.Split(v, "=") + annotationToDict[parts[0]] = parts[1] + } + framework.Logf("TG attribute Annotation to dict: %v", annotationToDict) + + framework.Logf("=== All Target Group Attributes from AWS ===") + for _, attr := range targetGroupAttributes.Attributes { + framework.Logf(" %s=%s", aws.ToString(attr.Key), aws.ToString(attr.Value)) + } + + framework.Logf("=== Expected Target Group Attributes from Annotation ===") + for key, value := range annotationToDict { + framework.Logf(" %s=%s", key, value) + } - // Check if our expected attributes are present and match - framework.Logf("=== Verifying Target Group Attributes ===") - for _, attr := range targetGroupAttributes.Attributes { - if expectedValue, ok := annotationToDict[aws.ToString(attr.Key)]; ok { - actualValue := aws.ToString(attr.Value) - framework.Logf("Checking attribute: %s", aws.ToString(attr.Key)) - framework.Logf(" Expected: %s", expectedValue) - framework.Logf(" Actual: %s", actualValue) - - if actualValue != expectedValue { - framework.Failf("Target group attribute mismatch for %s: expected %s, got %s", aws.ToString(attr.Key), expectedValue, actualValue) - } else { - framework.Logf("✓ Target group attribute %s matches expected value %s", aws.ToString(attr.Key), expectedValue) - } + // Check if our expected attributes are present and match + framework.Logf("=== Verifying Target Group Attributes ===") + for _, attr := range targetGroupAttributes.Attributes { + if expectedValue, ok := annotationToDict[aws.ToString(attr.Key)]; ok { + actualValue := aws.ToString(attr.Value) + framework.Logf("Checking attribute: %s", aws.ToString(attr.Key)) + framework.Logf(" Expected: %s", expectedValue) + framework.Logf(" Actual: %s", actualValue) + + if actualValue != expectedValue { + framework.Failf("Target group attribute mismatch for %s: expected %s, got %s", aws.ToString(attr.Key), expectedValue, actualValue) + } else { + framework.Logf("✓ Target group attribute %s matches expected value %s", aws.ToString(attr.Key), expectedValue) } } - }, + } }, - } + }, +} + +// managedSgModeNLBTests: NLB tests related to managed/BYO security groups, requiring NLBSecurityGroupMode=Managed in the cloud config +var managedSgModeNLBTests = []loadBalancerTestCases{ + // Test creation of NLB with Bring Your Own (BYO) Security Group from the start. + // This test validates: + // - NLB can be created with BYO SG annotation from the start + // - NLB has ONLY the BYO SG attached (no managed SG) + // - NLB is reachable with BYO SG + { + name: "NLB created with BYO Security Group should have BYO Security Group associated", + resourceSuffix: "nlb-byo", + listenerCount: 1, + extraAnnotations: map[string]string{ + annotationLBType: "nlb", + }, + hookPostServiceConfig: func(cfg *e2eTestConfig) { + framework.Logf("Creating BYO security group for NLB") - serviceNameBase := "lbconfig-test" - for _, tc := range cases { - It(tc.name, func(ctx context.Context) { - By("setting up test environment and discovering worker nodes") - e2e := newE2eTestConfig(cs) - e2e.discoverClusterWorkerNode() - framework.Logf("[SETUP] Test case: %s", tc.name) - framework.Logf("[SETUP] Worker nodes discovered: %d nodes, selector: %s, sample node: %s", e2e.nodeCount, e2e.nodeSelector, e2e.nodeSingleSample) + securityGroupName := cfg.svc.Namespace + "-" + cfg.svc.Name + "-nlb-byo-sg" + var err error + cfg.byoSecurityGroupID, err = createSecurityGroup(cfg.ctx, cfg, securityGroupName, fmt.Sprintf("BYO Security Group for NLB e2e test service %s/%s", cfg.svc.Namespace, cfg.svc.Name)) + framework.ExpectNoError(err, "Failed to create BYO security group") + framework.Logf("Created BYO security group: %s", cfg.byoSecurityGroupID) + + DeferCleanup(func(ctx context.Context) { + if cfg.byoSecurityGroupID != "" { + framework.Logf("Cleaning up BYO security group: %s", cfg.byoSecurityGroupID) + framework.Logf("Waiting for ENIs to be detached from security group...") + gomega.Eventually(ctx, func() error { + return deleteSecurityGroup(ctx, cfg.byoSecurityGroupID) + }, 2*time.Minute, 5*time.Second).Should(gomega.Succeed(), "Failed to delete BYO security group") + framework.Logf("✓ Deleted BYO security group: %s", cfg.byoSecurityGroupID) + } + }) - loadBalancerCreateTimeout := e2eservice.GetServiceLoadBalancerCreationTimeout(ctx, cs) - framework.Logf("[CONFIG] AWS load balancer timeout: %s", loadBalancerCreateTimeout) + framework.ExpectNoError(authorizeSecurityGroupToPorts(cfg.ctx, cfg.byoSecurityGroupID, cfg.svc.Spec.Ports), "Failed to authorize BYO security group to service ports") - By("building service configuration with annotations") - serviceName := serviceNameBase - if len(tc.resourceSuffix) > 0 { - serviceName = serviceName + "-" + tc.resourceSuffix - } - framework.Logf("[CONFIG] Service name: %s, namespace: %s", serviceName, ns.Name) - e2e.LBJig = e2eservice.NewTestJig(cs, ns.Name, serviceName) - - // Hook annotations to support dynamic config - e2e.svc = e2e.buildService(tc.listenerCount, tc.extraAnnotations) - framework.Logf("[CONFIG] Service ports: %d, extra annotations: %v", len(e2e.svc.Spec.Ports), tc.extraAnnotations) - - if tc.hookPostServiceConfig != nil { - By("executing hook post-service-config: applying service configuration") - framework.Logf("[HOOK] Executing post-service-config hook") - tc.hookPostServiceConfig(e2e) - framework.Logf("[HOOK] Final service annotations: %v", e2e.svc.Annotations) + cfg.svc.Annotations[annotationLBSecurityGroups] = cfg.byoSecurityGroupID + framework.Logf("Added BYO SG annotation: %s=%s", annotationLBSecurityGroups, cfg.byoSecurityGroupID) + }, + hookPreTest: func(cfg *e2eTestConfig) { + framework.Logf("Verifying NLB has only BYO SG attached") + + if len(cfg.svc.Status.LoadBalancer.Ingress) == 0 { + framework.Failf("No ingress found in LoadBalancer status for service %s/%s", cfg.svc.Namespace, cfg.svc.Name) } + lbDNS := cfg.svc.Status.LoadBalancer.Ingress[0].Hostname + framework.Logf("NLB DNS: %s", lbDNS) + + attachedSGs, err := getLoadBalancerSecurityGroups(cfg.ctx, lbDNS) + framework.ExpectNoError(err, "Failed to get NLB security groups") + framework.Logf("NLB %s has security groups: %+v", lbDNS, attachedSGs) - By("creating LoadBalancer service in Kubernetes") - if _, err := e2e.LBJig.Client.CoreV1().Services(e2e.LBJig.Namespace).Create(context.TODO(), e2e.svc, metav1.CreateOptions{}); err != nil { - framework.ExpectNoError(fmt.Errorf("failed to create LoadBalancer Service %q: %v", e2e.svc.Name, err)) + if len(attachedSGs) != 1 { + framework.Failf("Expected NLB to have exactly 1 security group (BYO SG), got %d: %v", len(attachedSGs), attachedSGs) } - framework.Logf("[K8S] LoadBalancer service created successfully") + if attachedSGs[0] != cfg.byoSecurityGroupID { + framework.Failf("Expected NLB to have BYO SG %q, got %q", cfg.byoSecurityGroupID, attachedSGs[0]) + } + framework.Logf("✓ Verified: NLB has only the BYO SG attached: %s", cfg.byoSecurityGroupID) + }, + }, + // Test transition of NLB from Managed Security Group to Bring Your Own (BYO) Security Group (SG) + // This test validates: + // - NLB created with managed (cluster-owned) SG + // - After annotation is added to use BYO SG the NLB should transition to + // have BYO SG attached and managed SG deleted + // - NLB is reachable + { + name: "NLB should transition from Managed SG to BYO Security Group", + resourceSuffix: "nlb-m2b", + listenerCount: 1, + extraAnnotations: map[string]string{ + annotationLBType: "nlb", + }, + hookPostServiceConfig: func(cfg *e2eTestConfig) { + framework.Logf("Creating BYO security group for later transition") - By("waiting for AWS load balancer provisioning") + securityGroupName := cfg.svc.Namespace + "-" + cfg.svc.Name + "-nlb-byo-sg" var err error - e2e.svc, err = e2e.LBJig.WaitForLoadBalancer(ctx, loadBalancerCreateTimeout) - // Collect comprehensive debugging information when LoadBalancer provisioning fails - if err != nil { - serviceName := e2e.LBJig.Name - if e2e.svc != nil { - serviceName = e2e.svc.Name + cfg.byoSecurityGroupID, err = createSecurityGroup(cfg.ctx, cfg, securityGroupName, fmt.Sprintf("BYO Security Group for NLB e2e test service %s/%s", cfg.svc.Namespace, cfg.svc.Name)) + framework.ExpectNoError(err, "Failed to create BYO security group") + framework.Logf("Created BYO security group: %s", cfg.byoSecurityGroupID) + + DeferCleanup(func(ctx context.Context) { + if cfg.byoSecurityGroupID != "" { + framework.Logf("Cleaning up BYO security group: %s", cfg.byoSecurityGroupID) + framework.Logf("Waiting for ENIs to be detached from security group...") + gomega.Eventually(ctx, func() error { + return deleteSecurityGroup(ctx, cfg.byoSecurityGroupID) + }, 2*time.Minute, 5*time.Second).Should(gomega.Succeed(), "Failed to delete BYO security group after waiting for ENI detachment") + framework.Logf("✓ Deleted BYO security group: %s", cfg.byoSecurityGroupID) } - framework.Logf("ERROR: LoadBalancer provisioning failed for service %q: %v", serviceName, err) - framework.Logf("ERROR: LoadBalancer provisioning timeout reached after %v", loadBalancerCreateTimeout) - - // Ensure we have detailed debugging information before failing - framework.Logf("=== LoadBalancer Provisioning Failure Debug Information ===") - gatherEventosOnFailure(e2e.ctx, e2e.kubeClient, e2e.LBJig.Namespace, e2e.LBJig.Name) - framework.Logf("=== End of LoadBalancer Provisioning Failure Debug Information ===") + }) - // Fail the test immediately to prevent further execution - framework.ExpectNoError(err, "LoadBalancer provisioning failed - check debug information above") + framework.ExpectNoError(authorizeSecurityGroupToPorts(cfg.ctx, cfg.byoSecurityGroupID, cfg.svc.Spec.Ports), "Failed to authorize BYO security group to service ports") + }, + hookPreTest: func(cfg *e2eTestConfig) { + framework.Logf("Transitioning from managed SG to BYO SG") + lbDNS := cfg.svc.Status.LoadBalancer.Ingress[0].Hostname + + // Step 1: Verify NLB has managed SG + framework.Logf("Step 1: Verifying NLB has managed security group") + managedSGs, err := getLoadBalancerSecurityGroups(cfg.ctx, lbDNS) + framework.ExpectNoError(err, "Failed to get load balancer security groups") + framework.Logf("NLB %s has security groups: %+v", lbDNS, managedSGs) + + if len(managedSGs) != 1 { + framework.Failf("Expected NLB to have 1 managed security group, got %d", len(managedSGs)) } - framework.Logf("[AWS] Load balancer provisioned successfully") + managedSGID := managedSGs[0] + framework.Logf("Managed SG ID: %s", managedSGID) + + // Step 2: Add BYO SG annotation + framework.Logf("Step 2: Adding BYO SG annotation to service") + cfg.svc.Annotations[annotationLBSecurityGroups] = cfg.byoSecurityGroupID + newSvc, err := cfg.kubeClient.CoreV1().Services(cfg.LBJig.Namespace).Update(cfg.ctx, cfg.svc, metav1.UpdateOptions{}) + framework.ExpectNoError(err, "Failed to update Kubernetes Service with BYO SG annotation") + cfg.svc = newSvc + framework.Logf("Updated service with BYO SG annotation: %s=%s", annotationLBSecurityGroups, cfg.byoSecurityGroupID) + + // Step 3: Wait for controller to process the update and verify NLB now has BYO SG + framework.Logf("Step 3: Waiting for controller to update NLB security groups and verifying BYO SG is attached") + gomega.Eventually(cfg.ctx, func() ([]string, error) { + return getLoadBalancerSecurityGroups(cfg.ctx, lbDNS) + }, 2*time.Minute, 5*time.Second).Should(gomega.And( + gomega.HaveLen(1), + gomega.ContainElement(cfg.byoSecurityGroupID), + ), "NLB should have exactly 1 security group (BYO SG) after annotation update") + framework.Logf("✓ Verified: NLB has only the BYO SG attached: %s", cfg.byoSecurityGroupID) + + // Verify managed SG was deleted + framework.Logf("Verifying managed SG %s was deleted", managedSGID) + gomega.Eventually(cfg.ctx, func() error { + _, err := getSecurityGroup(cfg.ctx, managedSGID) + return err + }, 2*time.Minute, 5*time.Second).Should(gomega.And( + gomega.HaveOccurred(), + gomega.MatchError(gomega.ContainSubstring("InvalidGroup.NotFound")), + ), "Managed SG should be deleted after transition to BYO SG") + framework.Logf("✓ Verified: Managed SG %s was deleted", managedSGID) + }, + }, + // Test transition of NLB from BYO Security Group to managed Security Group (SG) + // This test validates: + // - NLB created with BYO SG + // - After annotation for BYO SG is removed the NLB should transition to + // have a new managed SG attached and the BYO SG deassociated (but not deleted) + // - NLB is reachable + { + name: "NLB should transition from BYO SG to Managed Security Group", + resourceSuffix: "nlb-b2m", + listenerCount: 1, + extraAnnotations: map[string]string{ + annotationLBType: "nlb", + }, + hookPostServiceConfig: func(cfg *e2eTestConfig) { + framework.Logf("running hook post-service-config to create BYO security group before service creation") - By("creating backend server pods") - _, err = e2e.LBJig.Run(ctx, e2e.buildDeployment(tc.requireAffinity)) - if err != nil { - serviceName := e2e.LBJig.Name - if e2e.svc != nil { - serviceName = e2e.svc.Name + // Create BYO security group + securityGroupName := cfg.svc.Namespace + "-" + cfg.svc.Name + "-nlb-byo-sg" + var err error + cfg.byoSecurityGroupID, err = createSecurityGroup(cfg.ctx, cfg, securityGroupName, fmt.Sprintf("BYO Security Group for NLB e2e test service %s/%s", cfg.svc.Namespace, cfg.svc.Name)) + framework.ExpectNoError(err, "Failed to create BYO security group") + framework.Logf("Created BYO security group: %s", cfg.byoSecurityGroupID) + + DeferCleanup(func(ctx context.Context) { + if cfg.byoSecurityGroupID != "" { + framework.Logf("Cleaning up BYO security group: %s", cfg.byoSecurityGroupID) + framework.Logf("Waiting for ENIs to be detached from security group...") + gomega.Eventually(ctx, func() error { + return deleteSecurityGroup(ctx, cfg.byoSecurityGroupID) + }, 2*time.Minute, 5*time.Second).Should(gomega.Succeed(), "Failed to delete BYO security group after waiting for ENI detachment") + framework.Logf("✓ Deleted BYO security group: %s", cfg.byoSecurityGroupID) } - framework.Logf("ERROR: LoadBalancer provisioning failed for service %q: %v", serviceName, err) - framework.Logf("ERROR: LoadBalancer provisioning timeout reached after %v", loadBalancerCreateTimeout) + }) - // Ensure we have detailed debugging information before failing - framework.Logf("=== LoadBalancer Provisioning Failure Debug Information ===") - gatherEventosOnFailure(e2e.ctx, e2e.kubeClient, e2e.LBJig.Namespace, e2e.LBJig.Name) - framework.Logf("=== End of LoadBalancer Provisioning Failure Debug Information ===") + framework.ExpectNoError(authorizeSecurityGroupToPorts(cfg.ctx, cfg.byoSecurityGroupID, cfg.svc.Spec.Ports), "Failed to authorize BYO security group to service ports") - // Fail the test immediately to prevent further execution - framework.ExpectNoError(err, "LoadBalancer provisioning failed - check debug information above") + cfg.svc.Annotations[annotationLBSecurityGroups] = cfg.byoSecurityGroupID + framework.Logf("Added BYO SG annotation: %s=%s", annotationLBSecurityGroups, cfg.byoSecurityGroupID) + }, + hookPreTest: func(cfg *e2eTestConfig) { + framework.Logf("running hook pre-test to transition from BYO SG to managed SG") + lbDNS := cfg.svc.Status.LoadBalancer.Ingress[0].Hostname + + // Step 1: Verify NLB has BYO SG + framework.Logf("Step 1: Verifying NLB has BYO security group") + byoSGs, err := getLoadBalancerSecurityGroups(cfg.ctx, lbDNS) + framework.ExpectNoError(err, "Failed to get load balancer security groups") + framework.Logf("NLB %s has security groups: %+v", lbDNS, byoSGs) + + if len(byoSGs) != 1 { + framework.Failf("Expected NLB to have exactly 1 security group (BYO SG), got %d: %v", len(byoSGs), byoSGs) + } + if byoSGs[0] != cfg.byoSecurityGroupID { + framework.Failf("Expected NLB to have BYO SG %q, got %q", cfg.byoSecurityGroupID, byoSGs[0]) } + framework.Logf("✓ Verified: NLB has BYO SG attached: %s", cfg.byoSecurityGroupID) + + // Step 2: Remove BYO SG annotation + framework.Logf("Step 2: Removing BYO SG annotation from service") + delete(cfg.svc.Annotations, annotationLBSecurityGroups) + newSvc, err := cfg.kubeClient.CoreV1().Services(cfg.LBJig.Namespace).Update(cfg.ctx, cfg.svc, metav1.UpdateOptions{}) + framework.ExpectNoError(err, "Failed to update Kubernetes Service to remove BYO SG annotation") + cfg.svc = newSvc + framework.Logf("Removed BYO SG annotation from service") + + // Step 3: Wait for controller to process the update and verify NLB has new managed SG + framework.Logf("Step 3: Waiting for controller to update NLB security groups and verifying new managed SG is attached") + err = wait.PollUntilContextTimeout(cfg.ctx, 5*time.Second, 2*time.Minute, true, func(ctx context.Context) (bool, error) { + managedSGs, err := getLoadBalancerSecurityGroups(cfg.ctx, lbDNS) + if err != nil { + framework.Logf("Failed to get load balancer security groups: %v", err) + return false, nil + } + if len(managedSGs) == 0 { + framework.Logf("No security groups attached yet") + return false, nil + } + if managedSGs[0] == cfg.byoSecurityGroupID { + framework.Logf("Still has BYO SG attached") + return false, nil + } + framework.Logf("NLB %s has security groups after removing BYO annotation: %+v", lbDNS, managedSGs) + return true, nil + }) + framework.ExpectNoError(err, "Failed waiting for NLB to get new managed SG") + + // Verify BYO SG still exists but is not attached + framework.Logf("Verifying BYO SG %s still exists", cfg.byoSecurityGroupID) + byoSG, err := getSecurityGroup(cfg.ctx, cfg.byoSecurityGroupID) + framework.ExpectNoError(err, "Failed to get BYO security group") + gomega.Expect(byoSG).ToNot(gomega.BeNil(), "BYO SG should still exist after transition to managed SG") + framework.Logf("✓ Verified: BYO SG %s still exists and was not deleted", cfg.byoSecurityGroupID) + }, + }, +} - framework.Logf("[K8S] Backend pods created, affinity required: %t", tc.requireAffinity) +// execute load balancer tests +var _ = Describe("[cloud-provider-aws-e2e]", func() { + f := framework.NewDefaultFramework("cloud-provider-aws") + f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged - if tc.hookPostServiceCreate != nil { - By("executing hook post-service-create: applying service configuration") - tc.hookPostServiceCreate(e2e) - } + var ( + cs clientset.Interface + ns *v1.Namespace + ) - By("collecting service and load balancer information") - if e2e.svc == nil { - framework.Logf("=== Service Validation Error Debug Information ===") - gatherEventosOnFailure(e2e.ctx, e2e.kubeClient, e2e.LBJig.Namespace, e2e.LBJig.Name) - framework.Logf("=== End of Service Validation Error Debug Information ===") - framework.Failf("Service is nil after LoadBalancer provisioning for service %s", e2e.LBJig.Name) - } - if len(e2e.svc.Spec.Ports) == 0 { - framework.Logf("=== Service Ports Error Debug Information ===") - framework.Logf("Service spec: %+v", e2e.svc.Spec) - gatherEventosOnFailure(e2e.ctx, e2e.kubeClient, e2e.LBJig.Namespace, e2e.LBJig.Name) - framework.Logf("=== End of Service Ports Error Debug Information ===") - framework.Failf("No ports found in service spec for service %s/%s", e2e.svc.Namespace, e2e.svc.Name) - } - if len(e2e.svc.Status.LoadBalancer.Ingress) == 0 { - framework.Logf("=== LoadBalancer Ingress Error Debug Information ===") - framework.Logf("Service status: %+v", e2e.svc.Status) - gatherEventosOnFailure(e2e.ctx, e2e.kubeClient, e2e.LBJig.Namespace, e2e.LBJig.Name) - framework.Logf("=== End of LoadBalancer Ingress Error Debug Information ===") - framework.Failf("No ingress found in LoadBalancer status for service %s/%s", e2e.svc.Namespace, e2e.svc.Name) - } + BeforeEach(func() { + cs = f.ClientSet + ns = f.Namespace + }) - svcPort := int(e2e.svc.Spec.Ports[0].Port) - ingressAddress := e2eservice.GetIngressPoint(&e2e.svc.Status.LoadBalancer.Ingress[0]) - framework.Logf("[LB-INFO] Ingress address: %s, port: %d", ingressAddress, svcPort) + AfterEach(func() { + // After each test + }) - if ingressAddress == "" { - framework.Logf("=== Empty Ingress Address Debug Information ===") - framework.Logf("LoadBalancer ingress[0]: %+v", e2e.svc.Status.LoadBalancer.Ingress[0]) - gatherEventosOnFailure(e2e.ctx, e2e.kubeClient, e2e.LBJig.Namespace, e2e.LBJig.Name) - framework.Logf("=== End of Empty Ingress Address Debug Information ===") - framework.Failf("LoadBalancer ingress address is empty for service %s/%s", e2e.svc.Namespace, e2e.svc.Name) - } + // run all load balancer tests with the default configuration + Context("loadbalancer", func() { + // CLB tests + for _, tc := range clbTests { + It(tc.name, func(ctx context.Context) { + runTestCase(ctx, tc, cs, ns) + }) + } - if tc.hookPreTest != nil { - By("executing pre-test hook") - tc.hookPreTest(e2e) - } + // Generic NLB tests + for _, tc := range nlbTests { + It(tc.name, func(ctx context.Context) { + runTestCase(ctx, tc, cs, ns) + }) + } - // overrideTestRunInClusterReachableHTTP changes the default test function to run the client in the cluster. - if tc.overrideTestRunInClusterReachableHTTP { - By("testing HTTP connectivity for internal load balancer") - framework.Logf("[TEST] Running internal connectivity test from node: %s", e2e.nodeSingleSample) - err := inClusterTestReachableHTTP(cs, ns.Name, e2e.nodeSingleSample, ingressAddress, svcPort) - if err != nil && tc.skipTestFailure { - Skip(err.Error()) - } - framework.ExpectNoError(err) - } else { - By("testing HTTP connectivity for external/internet-facing load balancer") - framework.Logf("[TEST] Running external connectivity test to %s:%d", ingressAddress, svcPort) - e2eservice.TestReachableHTTP(ctx, ingressAddress, svcPort, e2eservice.LoadBalancerLagTimeoutAWS) - } - framework.Logf("[TEST] HTTP connectivity test completed successfully") + // NLBSecurityGroupMode=Managed specific tests + for _, tc := range managedSgModeNLBTests { + It(tc.name, func(ctx context.Context) { + runTestCase(ctx, tc, cs, ns) + }) + } + }) + + // Run relevant NLB tests with NLBSecurityGroupMode disabled via cloud config override + Context("[nlb-security-group-mode-disabled] loadbalancer", Serial, Ordered, func() { + cloudConfigMgr := newCloudConfigManager(withRestartTimeout(3 * time.Minute)) - // Update the service to cluster IP - By("cleaning up: converting service to ClusterIP") - _, err = e2e.LBJig.UpdateService(ctx, func(s *v1.Service) { - s.Spec.Type = v1.ServiceTypeClusterIP + BeforeAll(func(ctx context.Context) { + // Disable NLB managed security group mode by setting an empty config + err := cloudConfigMgr.setCloudConfig(ctx, cs, "") + framework.ExpectNoError(err, "Failed to disable NLB managed security group mode") + }) + + // Only run nlb tests not tied to NLBSecurityGroupMode=Managed + for _, tc := range nlbTests { + It(tc.name, func(ctx context.Context) { + runTestCase(ctx, tc, cs, ns) }) - framework.ExpectNoError(err) - - // Wait for the load balancer to be destroyed asynchronously - By("cleaning up: waiting for load balancer destruction") - framework.Logf("[CLEANUP] Waiting for load balancer destruction") - _, err = e2e.LBJig.WaitForLoadBalancerDestroy(ctx, ingressAddress, svcPort, loadBalancerCreateTimeout) - framework.ExpectNoError(err) - framework.Logf("[CLEANUP] Load balancer destroyed successfully") + } + + AfterAll(func(ctx context.Context) { + // Restore original CCM configuration + err := cloudConfigMgr.restoreCloudConfig(ctx, cs) + framework.ExpectNoError(err, "Failed to restore original CCM configuration") }) - } + }) }) type e2eTestConfig struct { @@ -416,6 +712,7 @@ type e2eTestConfig struct { cfgPodProtocol v1.Protocol cfgDefaultAnnotations map[string]string LBJig *e2eservice.TestJig + byoSecurityGroupID string // service instance svc *v1.Service @@ -998,3 +1295,153 @@ func gatherEventosOnFailure(ctx context.Context, cs clientset.Interface, namespa gatherControllerLogs(ctx, cs, namespace, resourceName) gatherServiceStatus(ctx, cs, namespace, resourceName) } + +// getAWSClientEC2 creates an EC2 client for AWS operations +func getAWSClientEC2(ctx context.Context) (*ec2.Client, error) { + cfg, err := config.LoadDefaultConfig(ctx, + config.WithRetryer(func() aws.Retryer { + return retry.AddWithMaxAttempts(retry.NewStandard(), 10) + }), + ) + if err != nil { + return nil, fmt.Errorf("failed to load AWS config: %w", err) + } + return ec2.NewFromConfig(cfg), nil +} + +// createSecurityGroup creates a security group for testing +func createSecurityGroup(ctx context.Context, cfg *e2eTestConfig, name, description string) (string, error) { + ec2Client, err := getAWSClientEC2(ctx) + if err != nil { + return "", err + } + + // Get VPC ID from any node in the cluster + nodes, err := cfg.kubeClient.CoreV1().Nodes().List(ctx, metav1.ListOptions{}) + if err != nil { + return "", fmt.Errorf("failed to list nodes: %w", err) + } + if len(nodes.Items) == 0 { + return "", fmt.Errorf("no nodes found in cluster") + } + + // Extract VPC ID from node's provider ID + // Provider ID format: aws:///us-west-2a/i-0123456789abcdef0 + providerID := nodes.Items[0].Spec.ProviderID + if providerID == "" { + return "", fmt.Errorf("node %s has no provider ID", nodes.Items[0].Name) + } + + // Get instance details to find VPC ID + instanceID := providerID[strings.LastIndex(providerID, "/")+1:] + describeResult, err := ec2Client.DescribeInstances(ctx, &ec2.DescribeInstancesInput{ + InstanceIds: []string{instanceID}, + }) + if err != nil { + return "", fmt.Errorf("failed to describe instance: %w", err) + } + if len(describeResult.Reservations) == 0 || len(describeResult.Reservations[0].Instances) == 0 { + return "", fmt.Errorf("instance not found: %s", instanceID) + } + + vpcID := describeResult.Reservations[0].Instances[0].VpcId + if vpcID == nil { + return "", fmt.Errorf("instance has no VPC ID") + } + + // Create security group + result, err := ec2Client.CreateSecurityGroup(ctx, &ec2.CreateSecurityGroupInput{ + GroupName: aws.String(name), + Description: aws.String(description), + VpcId: vpcID, + }) + if err != nil { + return "", fmt.Errorf("failed to create security group: %w", err) + } + + return aws.ToString(result.GroupId), nil +} + +// authorizeSecurityGroupToPorts adds ingress rules for the given service ports +func authorizeSecurityGroupToPorts(ctx context.Context, securityGroupID string, ports []v1.ServicePort) error { + ec2Client, err := getAWSClientEC2(ctx) + if err != nil { + return err + } + + permissions := make([]ec2types.IpPermission, 0, len(ports)) + for _, port := range ports { + protocol := strings.ToLower(string(port.Protocol)) + permissions = append(permissions, ec2types.IpPermission{ + IpProtocol: aws.String(protocol), + FromPort: aws.Int32(port.Port), + ToPort: aws.Int32(port.Port), + IpRanges: []ec2types.IpRange{ + {CidrIp: aws.String("0.0.0.0/0")}, + }, + }) + } + + _, err = ec2Client.AuthorizeSecurityGroupIngress(ctx, &ec2.AuthorizeSecurityGroupIngressInput{ + GroupId: aws.String(securityGroupID), + IpPermissions: permissions, + }) + if err != nil { + return fmt.Errorf("failed to authorize security group ingress: %w", err) + } + + return nil +} + +// getLoadBalancerSecurityGroups retrieves security groups attached to a load balancer +func getLoadBalancerSecurityGroups(ctx context.Context, lbDNS string) ([]string, error) { + elbClient, err := getAWSClientLoadBalancer(ctx) + if err != nil { + return nil, err + } + + lb, err := getAWSLoadBalancerFromDNSName(ctx, elbClient, lbDNS) + if err != nil { + return nil, err + } + + return lb.SecurityGroups, nil +} + +// deleteSecurityGroup deletes a security group +func deleteSecurityGroup(ctx context.Context, securityGroupID string) error { + ec2Client, err := getAWSClientEC2(ctx) + if err != nil { + return err + } + + _, err = ec2Client.DeleteSecurityGroup(ctx, &ec2.DeleteSecurityGroupInput{ + GroupId: aws.String(securityGroupID), + }) + if err != nil { + return fmt.Errorf("failed to delete security group %s: %w", securityGroupID, err) + } + + return nil +} + +// getSecurityGroup retrieves a security group by ID +func getSecurityGroup(ctx context.Context, securityGroupID string) (*ec2types.SecurityGroup, error) { + ec2Client, err := getAWSClientEC2(ctx) + if err != nil { + return nil, err + } + + result, err := ec2Client.DescribeSecurityGroups(ctx, &ec2.DescribeSecurityGroupsInput{ + GroupIds: []string{securityGroupID}, + }) + if err != nil { + return nil, fmt.Errorf("failed to describe security group: %w", err) + } + + if len(result.SecurityGroups) == 0 { + return nil, fmt.Errorf("security group not found: %s", securityGroupID) + } + + return &result.SecurityGroups[0], nil +} diff --git a/openshift-tests/ccm-aws-tests/vendor/modules.txt b/openshift-tests/ccm-aws-tests/vendor/modules.txt index c10bb0464..fb635fdb1 100644 --- a/openshift-tests/ccm-aws-tests/vendor/modules.txt +++ b/openshift-tests/ccm-aws-tests/vendor/modules.txt @@ -7,7 +7,7 @@ github.com/Masterminds/semver/v3 # github.com/antlr4-go/antlr/v4 v4.13.1 ## explicit; go 1.22 github.com/antlr4-go/antlr/v4 -# github.com/aws/aws-sdk-go-v2 v1.41.6 +# github.com/aws/aws-sdk-go-v2 v1.41.7 ## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/aws github.com/aws/aws-sdk-go-v2/aws/defaults @@ -50,16 +50,16 @@ github.com/aws/aws-sdk-go-v2/credentials/stscreds ## explicit; go 1.22 github.com/aws/aws-sdk-go-v2/feature/ec2/imds github.com/aws/aws-sdk-go-v2/feature/ec2/imds/internal/config -# github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.22 +# github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.23 ## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/internal/configsources -# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.22 +# github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.23 ## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 # github.com/aws/aws-sdk-go-v2/internal/ini v1.8.3 ## explicit; go 1.22 github.com/aws/aws-sdk-go-v2/internal/ini -# github.com/aws/aws-sdk-go-v2/service/ec2 v1.299.0 +# github.com/aws/aws-sdk-go-v2/service/ec2 v1.303.0 ## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/service/ec2 github.com/aws/aws-sdk-go-v2/service/ec2/internal/endpoints @@ -69,10 +69,10 @@ github.com/aws/aws-sdk-go-v2/service/ec2/types github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2/internal/endpoints github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2/types -# github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.8 +# github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.9 ## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding -# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.22 +# github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.23 ## explicit; go 1.24 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url # github.com/aws/aws-sdk-go-v2/service/sso v1.25.3 @@ -90,7 +90,7 @@ github.com/aws/aws-sdk-go-v2/service/ssooidc/types github.com/aws/aws-sdk-go-v2/service/sts github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints github.com/aws/aws-sdk-go-v2/service/sts/types -# github.com/aws/smithy-go v1.25.0 +# github.com/aws/smithy-go v1.25.1 ## explicit; go 1.24 github.com/aws/smithy-go github.com/aws/smithy-go/auth