diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.dcbc2e9181e895e14522d2a67351d9654790e35567e370f54120423dd4604b40/index.py b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.41c8a7cd37aeed043235c5685fbbd3711edb412ae285f9993951fd1bde8734a5/index.py similarity index 94% rename from packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.dcbc2e9181e895e14522d2a67351d9654790e35567e370f54120423dd4604b40/index.py rename to packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.41c8a7cd37aeed043235c5685fbbd3711edb412ae285f9993951fd1bde8734a5/index.py index 09cb21b8662bb..ee574409fb1de 100644 --- a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.dcbc2e9181e895e14522d2a67351d9654790e35567e370f54120423dd4604b40/index.py +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.41c8a7cd37aeed043235c5685fbbd3711edb412ae285f9993951fd1bde8734a5/index.py @@ -27,4 +27,4 @@ def handler(event, context): # If the bucket does not exist, then this error will be thrown raise RuntimeError(f'failed to delete bucket: {str(error)}') - return {'Data': {'Value': f'confirmed that bucket with name {s3_bucket_name} exists...bucket has been deleted' }} \ No newline at end of file + return {'Data': {'Value': f'confirmed that bucket with name {s3_bucket_name} exists...bucket has been deleted' }} diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip new file mode 100644 index 0000000000000..6dfff8f9c4f9f Binary files /dev/null and b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip differ diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.ts b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.ts new file mode 100644 index 0000000000000..8a91e6ebddc53 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/diff.ts @@ -0,0 +1,17 @@ +export function arrayDiff(oldValues: string[], newValues: string[]) { + const deletes = new Set(oldValues); + const adds = new Set(); + + for (const v of new Set(newValues)) { + if (deletes.has(v)) { + deletes.delete(v); + } else { + adds.add(v); + } + } + + return { + adds: Array.from(adds), + deletes: Array.from(deletes), + }; +} diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.ts b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.ts new file mode 100644 index 0000000000000..4ad18aed4f17d --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/external.ts @@ -0,0 +1,53 @@ +/* istanbul ignore file */ + +import * as tls from 'tls'; +import * as url from 'url'; +// eslint-disable-next-line import/no-extraneous-dependencies +import * as aws from 'aws-sdk'; + +let client: aws.IAM; + +function iam() { + if (!client) { client = new aws.IAM(); } + return client; +} + +function defaultLogger(fmt: string, ...args: any[]) { + // eslint-disable-next-line no-console + console.log(fmt, ...args); +} + +/** + * Downloads the CA thumbprint from the issuer URL + */ +async function downloadThumbprint(issuerUrl: string) { + external.log(`downloading certificate authority thumbprint for ${issuerUrl}`); + return new Promise((ok, ko) => { + const purl = url.parse(issuerUrl); + const port = purl.port ? parseInt(purl.port, 10) : 443; + if (!purl.host) { + return ko(new Error(`unable to determine host from issuer url ${issuerUrl}`)); + } + const socket = tls.connect(port, purl.host, { rejectUnauthorized: false, servername: purl.host }); + socket.once('error', ko); + socket.once('secureConnect', () => { + const cert = socket.getPeerCertificate(); + socket.end(); + const thumbprint = cert.fingerprint.split(':').join(''); + external.log(`certificate authority thumbprint for ${issuerUrl} is ${thumbprint}`); + ok(thumbprint); + }); + }); +} + +// allows unit test to replace with mocks +/* eslint-disable max-len */ +export const external = { + downloadThumbprint, + log: defaultLogger, + createOpenIDConnectProvider: (req: aws.IAM.CreateOpenIDConnectProviderRequest) => iam().createOpenIDConnectProvider(req).promise(), + deleteOpenIDConnectProvider: (req: aws.IAM.DeleteOpenIDConnectProviderRequest) => iam().deleteOpenIDConnectProvider(req).promise(), + updateOpenIDConnectProviderThumbprint: (req: aws.IAM.UpdateOpenIDConnectProviderThumbprintRequest) => iam().updateOpenIDConnectProviderThumbprint(req).promise(), + addClientIDToOpenIDConnectProvider: (req: aws.IAM.AddClientIDToOpenIDConnectProviderRequest) => iam().addClientIDToOpenIDConnectProvider(req).promise(), + removeClientIDFromOpenIDConnectProvider: (req: aws.IAM.RemoveClientIDFromOpenIDConnectProviderRequest) => iam().removeClientIDFromOpenIDConnectProvider(req).promise(), +}; diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.ts b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.ts new file mode 100644 index 0000000000000..ee276edd3fa9b --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174/index.ts @@ -0,0 +1,89 @@ +import { arrayDiff } from './diff'; +import { external } from './external'; + +export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent) { + if (event.RequestType === 'Create') { return onCreate(event); } + if (event.RequestType === 'Update') { return onUpdate(event); } + if (event.RequestType === 'Delete') { return onDelete(event); } + throw new Error('invalid request type'); +} + +async function onCreate(event: AWSLambda.CloudFormationCustomResourceCreateEvent) { + const issuerUrl = event.ResourceProperties.Url; + const thumbprints: string[] = (event.ResourceProperties.ThumbprintList ?? []).sort(); // keep sorted for UPDATE + const clients: string[] = (event.ResourceProperties.ClientIDList ?? []).sort(); + + if (thumbprints.length === 0) { + thumbprints.push(await external.downloadThumbprint(issuerUrl)); + } + + const resp = await external.createOpenIDConnectProvider({ + Url: issuerUrl, + ClientIDList: clients, + ThumbprintList: thumbprints, + }); + + return { + PhysicalResourceId: resp.OpenIDConnectProviderArn, + }; +} + +async function onUpdate(event: AWSLambda.CloudFormationCustomResourceUpdateEvent) { + const issuerUrl = event.ResourceProperties.Url; + const thumbprints: string[] = (event.ResourceProperties.ThumbprintList ?? []).sort(); // keep sorted for UPDATE + const clients: string[] = (event.ResourceProperties.ClientIDList ?? []).sort(); + + // determine which update we are talking about. + const oldIssuerUrl = event.OldResourceProperties.Url; + + // if this is a URL update, then we basically create a new resource and cfn will delete the old one + // since the physical resource ID will change. + if (oldIssuerUrl !== issuerUrl) { + return onCreate({ ...event, RequestType: 'Create' }); + } + + const providerArn = event.PhysicalResourceId; + + // if thumbprints changed, we can update in-place, but bear in mind that if the new thumbprint list + // is empty, we will grab it from the server like we do in CREATE + const oldThumbprints = (event.OldResourceProperties.ThumbprintList || []).sort(); + if (JSON.stringify(oldThumbprints) !== JSON.stringify(thumbprints)) { + const thumbprintList = thumbprints.length > 0 ? thumbprints : [await external.downloadThumbprint(issuerUrl)]; + external.log('updating thumbprint list from', oldThumbprints, 'to', thumbprints); + await external.updateOpenIDConnectProviderThumbprint({ + OpenIDConnectProviderArn: providerArn, + ThumbprintList: thumbprintList, + }); + + // don't return, we might have more updates... + } + + // if client ID list has changed, determine "diff" because the API is add/remove + const oldClients: string[] = (event.OldResourceProperties.ClientIDList || []).sort(); + const diff = arrayDiff(oldClients, clients); + external.log(`client ID diff: ${JSON.stringify(diff)}`); + + for (const addClient of diff.adds) { + external.log(`adding client id "${addClient}" to provider ${providerArn}`); + await external.addClientIDToOpenIDConnectProvider({ + OpenIDConnectProviderArn: providerArn, + ClientID: addClient, + }); + } + + for (const deleteClient of diff.deletes) { + external.log(`removing client id "${deleteClient}" from provider ${providerArn}`); + await external.removeClientIDFromOpenIDConnectProvider({ + OpenIDConnectProviderArn: providerArn, + ClientID: deleteClient, + }); + } + + return; +} + +async function onDelete(deleteEvent: AWSLambda.CloudFormationCustomResourceDeleteEvent) { + await external.deleteOpenIDConnectProvider({ + OpenIDConnectProviderArn: deleteEvent.PhysicalResourceId, + }); +} diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517/cluster.ts b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517/cluster.ts new file mode 100644 index 0000000000000..0177a7e21b695 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517/cluster.ts @@ -0,0 +1,338 @@ +/* eslint-disable no-console */ + +// eslint-disable-next-line import/no-extraneous-dependencies +import { IsCompleteResponse, OnEventResponse } from '@aws-cdk/custom-resources/lib/provider-framework/types'; +// eslint-disable-next-line import/no-extraneous-dependencies +import * as aws from 'aws-sdk'; +import { EksClient, ResourceEvent, ResourceHandler } from './common'; + +const MAX_CLUSTER_NAME_LEN = 100; + +export class ClusterResourceHandler extends ResourceHandler { + public get clusterName() { + if (!this.physicalResourceId) { + throw new Error('Cannot determine cluster name without physical resource ID'); + } + + return this.physicalResourceId; + } + + private readonly newProps: aws.EKS.CreateClusterRequest; + private readonly oldProps: Partial; + + constructor(eks: EksClient, event: ResourceEvent) { + super(eks, event); + + this.newProps = parseProps(this.event.ResourceProperties); + this.oldProps = event.RequestType === 'Update' ? parseProps(event.OldResourceProperties) : {}; + } + + // ------ + // CREATE + // ------ + + protected async onCreate(): Promise { + console.log('onCreate: creating cluster with options:', JSON.stringify(this.newProps, undefined, 2)); + if (!this.newProps.roleArn) { + throw new Error('"roleArn" is required'); + } + + const clusterName = this.newProps.name || this.generateClusterName(); + + const resp = await this.eks.createCluster({ + ...this.newProps, + name: clusterName, + }); + + if (!resp.cluster) { + throw new Error(`Error when trying to create cluster ${clusterName}: CreateCluster returned without cluster information`); + } + + return { + PhysicalResourceId: resp.cluster.name, + }; + } + + protected async isCreateComplete() { + return this.isActive(); + } + + // ------ + // DELETE + // ------ + + protected async onDelete(): Promise { + console.log(`onDelete: deleting cluster ${this.clusterName}`); + try { + await this.eks.deleteCluster({ name: this.clusterName }); + } catch (e) { + if (e.code !== 'ResourceNotFoundException') { + throw e; + } else { + console.log(`cluster ${this.clusterName} not found, idempotently succeeded`); + } + } + return { + PhysicalResourceId: this.clusterName, + }; + } + + protected async isDeleteComplete(): Promise { + console.log(`isDeleteComplete: waiting for cluster ${this.clusterName} to be deleted`); + + try { + const resp = await this.eks.describeCluster({ name: this.clusterName }); + console.log('describeCluster returned:', JSON.stringify(resp, undefined, 2)); + } catch (e) { + if (e.code === 'ResourceNotFoundException') { + console.log('received ResourceNotFoundException, this means the cluster has been deleted (or never existed)'); + return { IsComplete: true }; + } + + console.log('describeCluster error:', e); + throw e; + } + + return { + IsComplete: false, + }; + } + + // ------ + // UPDATE + // ------ + + protected async onUpdate() { + const updates = analyzeUpdate(this.oldProps, this.newProps); + console.log('onUpdate:', JSON.stringify({ updates }, undefined, 2)); + + // updates to encryption config is not supported + if (updates.updateEncryption) { + throw new Error('Cannot update cluster encryption configuration'); + } + + // if there is an update that requires replacement, go ahead and just create + // a new cluster with the new config. The old cluster will automatically be + // deleted by cloudformation upon success. + if (updates.replaceName || updates.replaceRole || updates.replaceVpc) { + + // if we are replacing this cluster and the cluster has an explicit + // physical name, the creation of the new cluster will fail with "there is + // already a cluster with that name". this is a common behavior for + // CloudFormation resources that support specifying a physical name. + if (this.oldProps.name === this.newProps.name && this.oldProps.name) { + throw new Error(`Cannot replace cluster "${this.oldProps.name}" since it has an explicit physical name. Either rename the cluster or remove the "name" configuration`); + } + + return this.onCreate(); + } + + // if a version update is required, issue the version update + if (updates.updateVersion) { + if (!this.newProps.version) { + throw new Error(`Cannot remove cluster version configuration. Current version is ${this.oldProps.version}`); + } + + return this.updateClusterVersion(this.newProps.version); + } + + if (updates.updateLogging || updates.updateAccess) { + const config: aws.EKS.UpdateClusterConfigRequest = { + name: this.clusterName, + logging: this.newProps.logging, + }; + if (updates.updateAccess) { + // Updating the cluster with securityGroupIds and subnetIds (as specified in the warning here: + // https://awscli.amazonaws.com/v2/documentation/api/latest/reference/eks/update-cluster-config.html) + // will fail, therefore we take only the access fields explicitly + config.resourcesVpcConfig = { + endpointPrivateAccess: this.newProps.resourcesVpcConfig.endpointPrivateAccess, + endpointPublicAccess: this.newProps.resourcesVpcConfig.endpointPublicAccess, + publicAccessCidrs: this.newProps.resourcesVpcConfig.publicAccessCidrs, + }; + } + const updateResponse = await this.eks.updateClusterConfig(config); + + return { EksUpdateId: updateResponse.update?.id }; + } + + // no updates + return; + } + + protected async isUpdateComplete() { + console.log('isUpdateComplete'); + + // if this is an EKS update, we will monitor the update event itself + if (this.event.EksUpdateId) { + const complete = await this.isEksUpdateComplete(this.event.EksUpdateId); + if (!complete) { + return { IsComplete: false }; + } + + // fall through: if the update is done, we simply delegate to isActive() + // in order to extract attributes and state from the cluster itself, which + // is supposed to be in an ACTIVE state after the update is complete. + } + + return this.isActive(); + } + + private async updateClusterVersion(newVersion: string) { + console.log(`updating cluster version to ${newVersion}`); + + // update-cluster-version will fail if we try to update to the same version, + // so skip in this case. + const cluster = (await this.eks.describeCluster({ name: this.clusterName })).cluster; + if (cluster?.version === newVersion) { + console.log(`cluster already at version ${cluster.version}, skipping version update`); + return; + } + + const updateResponse = await this.eks.updateClusterVersion({ name: this.clusterName, version: newVersion }); + return { EksUpdateId: updateResponse.update?.id }; + } + + private async isActive(): Promise { + console.log('waiting for cluster to become ACTIVE'); + const resp = await this.eks.describeCluster({ name: this.clusterName }); + console.log('describeCluster result:', JSON.stringify(resp, undefined, 2)); + const cluster = resp.cluster; + + // if cluster is undefined (shouldnt happen) or status is not ACTIVE, we are + // not complete. note that the custom resource provider framework forbids + // returning attributes (Data) if isComplete is false. + if (cluster?.status === 'FAILED') { + // not very informative, unfortunately the response doesn't contain any error + // information :\ + throw new Error('Cluster is in a FAILED status'); + } else if (cluster?.status !== 'ACTIVE') { + return { + IsComplete: false, + }; + } else { + return { + IsComplete: true, + Data: { + Name: cluster.name, + Endpoint: cluster.endpoint, + Arn: cluster.arn, + + // IMPORTANT: CFN expects that attributes will *always* have values, + // so return an empty string in case the value is not defined. + // Otherwise, CFN will throw with `Vendor response doesn't contain + // XXXX key`. + + CertificateAuthorityData: cluster.certificateAuthority?.data ?? '', + ClusterSecurityGroupId: cluster.resourcesVpcConfig?.clusterSecurityGroupId ?? '', + OpenIdConnectIssuerUrl: cluster.identity?.oidc?.issuer ?? '', + OpenIdConnectIssuer: cluster.identity?.oidc?.issuer?.substring(8) ?? '', // Strips off https:// from the issuer url + + // We can safely return the first item from encryption configuration array, because it has a limit of 1 item + // https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateCluster.html#AmazonEKS-CreateCluster-request-encryptionConfig + EncryptionConfigKeyArn: cluster.encryptionConfig?.shift()?.provider?.keyArn ?? '', + }, + }; + } + } + + private async isEksUpdateComplete(eksUpdateId: string) { + this.log({ isEksUpdateComplete: eksUpdateId }); + + const describeUpdateResponse = await this.eks.describeUpdate({ + name: this.clusterName, + updateId: eksUpdateId, + }); + + this.log({ describeUpdateResponse }); + + if (!describeUpdateResponse.update) { + throw new Error(`unable to describe update with id "${eksUpdateId}"`); + } + + switch (describeUpdateResponse.update.status) { + case 'InProgress': + return false; + case 'Successful': + return true; + case 'Failed': + case 'Cancelled': + throw new Error(`cluster update id "${eksUpdateId}" failed with errors: ${JSON.stringify(describeUpdateResponse.update.errors)}`); + default: + throw new Error(`unknown status "${describeUpdateResponse.update.status}" for update id "${eksUpdateId}"`); + } + } + + private generateClusterName() { + const suffix = this.requestId.replace(/-/g, ''); // 32 chars + const offset = MAX_CLUSTER_NAME_LEN - suffix.length - 1; + const prefix = this.logicalResourceId.slice(0, offset > 0 ? offset : 0); + return `${prefix}-${suffix}`; + } +} + +function parseProps(props: any): aws.EKS.CreateClusterRequest { + + const parsed = props?.Config ?? {}; + + // this is weird but these boolean properties are passed by CFN as a string, and we need them to be booleanic for the SDK. + // Otherwise it fails with 'Unexpected Parameter: params.resourcesVpcConfig.endpointPrivateAccess is expected to be a boolean' + + if (typeof (parsed.resourcesVpcConfig?.endpointPrivateAccess) === 'string') { + parsed.resourcesVpcConfig.endpointPrivateAccess = parsed.resourcesVpcConfig.endpointPrivateAccess === 'true'; + } + + if (typeof (parsed.resourcesVpcConfig?.endpointPublicAccess) === 'string') { + parsed.resourcesVpcConfig.endpointPublicAccess = parsed.resourcesVpcConfig.endpointPublicAccess === 'true'; + } + + if (typeof (parsed.logging?.clusterLogging[0].enabled) === 'string') { + parsed.logging.clusterLogging[0].enabled = parsed.logging.clusterLogging[0].enabled === 'true'; + } + + return parsed; + +} + +interface UpdateMap { + replaceName: boolean; // name + replaceVpc: boolean; // resourcesVpcConfig.subnetIds and securityGroupIds + replaceRole: boolean; // roleArn + + updateVersion: boolean; // version + updateLogging: boolean; // logging + updateEncryption: boolean; // encryption (cannot be updated) + updateAccess: boolean; // resourcesVpcConfig.endpointPrivateAccess and endpointPublicAccess +} + +function analyzeUpdate(oldProps: Partial, newProps: aws.EKS.CreateClusterRequest): UpdateMap { + console.log('old props: ', JSON.stringify(oldProps)); + console.log('new props: ', JSON.stringify(newProps)); + + const newVpcProps = newProps.resourcesVpcConfig || {}; + const oldVpcProps = oldProps.resourcesVpcConfig || {}; + + const oldPublicAccessCidrs = new Set(oldVpcProps.publicAccessCidrs ?? []); + const newPublicAccessCidrs = new Set(newVpcProps.publicAccessCidrs ?? []); + const newEnc = newProps.encryptionConfig || {}; + const oldEnc = oldProps.encryptionConfig || {}; + + return { + replaceName: newProps.name !== oldProps.name, + replaceVpc: + JSON.stringify(newVpcProps.subnetIds) !== JSON.stringify(oldVpcProps.subnetIds) || + JSON.stringify(newVpcProps.securityGroupIds) !== JSON.stringify(oldVpcProps.securityGroupIds), + updateAccess: + newVpcProps.endpointPrivateAccess !== oldVpcProps.endpointPrivateAccess || + newVpcProps.endpointPublicAccess !== oldVpcProps.endpointPublicAccess || + !setsEqual(newPublicAccessCidrs, oldPublicAccessCidrs), + replaceRole: newProps.roleArn !== oldProps.roleArn, + updateVersion: newProps.version !== oldProps.version, + updateEncryption: JSON.stringify(newEnc) !== JSON.stringify(oldEnc), + updateLogging: JSON.stringify(newProps.logging) !== JSON.stringify(oldProps.logging), + }; +} + +function setsEqual(first: Set, second: Set) { + return first.size === second.size || [...first].every((e: string) => second.has(e)); +} diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517/common.ts b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517/common.ts new file mode 100644 index 0000000000000..21cf958df5a68 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517/common.ts @@ -0,0 +1,87 @@ +// eslint-disable-next-line import/no-extraneous-dependencies +import { IsCompleteResponse, OnEventResponse } from '@aws-cdk/custom-resources/lib/provider-framework/types'; + +// eslint-disable-next-line import/no-extraneous-dependencies +import * as aws from 'aws-sdk'; + +export interface EksUpdateId { + /** + * If this field is included in an event passed to "IsComplete", it means we + * initiated an EKS update that should be monitored using eks:DescribeUpdate + * instead of just looking at the cluster status. + */ + EksUpdateId?: string +} + +export type ResourceEvent = AWSLambda.CloudFormationCustomResourceEvent & EksUpdateId; + +export abstract class ResourceHandler { + protected readonly requestId: string; + protected readonly logicalResourceId: string; + protected readonly requestType: 'Create' | 'Update' | 'Delete'; + protected readonly physicalResourceId?: string; + protected readonly event: ResourceEvent; + + constructor(protected readonly eks: EksClient, event: ResourceEvent) { + this.requestType = event.RequestType; + this.requestId = event.RequestId; + this.logicalResourceId = event.LogicalResourceId; + this.physicalResourceId = (event as any).PhysicalResourceId; + this.event = event; + + const roleToAssume = event.ResourceProperties.AssumeRoleArn; + if (!roleToAssume) { + throw new Error('AssumeRoleArn must be provided'); + } + + eks.configureAssumeRole({ + RoleArn: roleToAssume, + RoleSessionName: `AWSCDK.EKSCluster.${this.requestType}.${this.requestId}`, + }); + } + + public onEvent() { + switch (this.requestType) { + case 'Create': return this.onCreate(); + case 'Update': return this.onUpdate(); + case 'Delete': return this.onDelete(); + } + + throw new Error(`Invalid request type ${this.requestType}`); + } + + public isComplete() { + switch (this.requestType) { + case 'Create': return this.isCreateComplete(); + case 'Update': return this.isUpdateComplete(); + case 'Delete': return this.isDeleteComplete(); + } + + throw new Error(`Invalid request type ${this.requestType}`); + } + + protected log(x: any) { + // eslint-disable-next-line no-console + console.log(JSON.stringify(x, undefined, 2)); + } + + protected abstract async onCreate(): Promise; + protected abstract async onDelete(): Promise; + protected abstract async onUpdate(): Promise<(OnEventResponse & EksUpdateId) | void>; + protected abstract async isCreateComplete(): Promise; + protected abstract async isDeleteComplete(): Promise; + protected abstract async isUpdateComplete(): Promise; +} + +export interface EksClient { + configureAssumeRole(request: aws.STS.AssumeRoleRequest): void; + createCluster(request: aws.EKS.CreateClusterRequest): Promise; + deleteCluster(request: aws.EKS.DeleteClusterRequest): Promise; + describeCluster(request: aws.EKS.DescribeClusterRequest): Promise; + updateClusterConfig(request: aws.EKS.UpdateClusterConfigRequest): Promise; + updateClusterVersion(request: aws.EKS.UpdateClusterVersionRequest): Promise; + describeUpdate(req: aws.EKS.DescribeUpdateRequest): Promise; + createFargateProfile(request: aws.EKS.CreateFargateProfileRequest): Promise; + describeFargateProfile(request: aws.EKS.DescribeFargateProfileRequest): Promise; + deleteFargateProfile(request: aws.EKS.DeleteFargateProfileRequest): Promise; +} diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517/consts.ts b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517/consts.ts new file mode 100644 index 0000000000000..bae91b9ba79ca --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517/consts.ts @@ -0,0 +1,2 @@ +export const CLUSTER_RESOURCE_TYPE = 'Custom::AWSCDK-EKS-Cluster'; +export const FARGATE_PROFILE_RESOURCE_TYPE = 'Custom::AWSCDK-EKS-FargateProfile'; \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517/fargate.ts b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517/fargate.ts new file mode 100644 index 0000000000000..b708690efd6d9 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517/fargate.ts @@ -0,0 +1,119 @@ +import * as aws from 'aws-sdk'; // eslint-disable-line import/no-extraneous-dependencies +import { ResourceHandler } from './common'; + +const MAX_NAME_LEN = 63; + +export class FargateProfileResourceHandler extends ResourceHandler { + protected async onCreate() { + const fargateProfileName = this.event.ResourceProperties.Config.fargateProfileName ?? this.generateProfileName(); + + const createFargateProfile: aws.EKS.CreateFargateProfileRequest = { + fargateProfileName, + ...this.event.ResourceProperties.Config, + }; + + this.log({ createFargateProfile }); + const createFargateProfileResponse = await this.eks.createFargateProfile(createFargateProfile); + this.log({ createFargateProfileResponse }); + + if (!createFargateProfileResponse.fargateProfile) { + throw new Error('invalid CreateFargateProfile response'); + } + + return { + PhysicalResourceId: createFargateProfileResponse.fargateProfile.fargateProfileName, + Data: { + fargateProfileArn: createFargateProfileResponse.fargateProfile.fargateProfileArn, + }, + }; + } + + protected async onDelete() { + if (!this.physicalResourceId) { + throw new Error('Cannot delete a profile without a physical id'); + } + + const deleteFargateProfile: aws.EKS.DeleteFargateProfileRequest = { + clusterName: this.event.ResourceProperties.Config.clusterName, + fargateProfileName: this.physicalResourceId, + }; + + this.log({ deleteFargateProfile }); + const deleteFargateProfileResponse = await this.eks.deleteFargateProfile(deleteFargateProfile); + this.log({ deleteFargateProfileResponse }); + + return; + } + + protected async onUpdate() { + // all updates require a replacement. as long as name is generated, we are + // good. if name is explicit, update will fail, which is common when trying + // to replace cfn resources with explicit physical names + return this.onCreate(); + } + + protected async isCreateComplete() { + return this.isUpdateComplete(); + } + + protected async isUpdateComplete() { + const status = await this.queryStatus(); + return { + IsComplete: status === 'ACTIVE', + }; + } + + protected async isDeleteComplete() { + const status = await this.queryStatus(); + return { + IsComplete: status === 'NOT_FOUND', + }; + } + + /** + * Generates a fargate profile name. + */ + private generateProfileName() { + const suffix = this.requestId.replace(/-/g, ''); // 32 chars + const offset = MAX_NAME_LEN - suffix.length - 1; + const prefix = this.logicalResourceId.slice(0, offset > 0 ? offset : 0); + return `${prefix}-${suffix}`; + } + + /** + * Queries the Fargate profile's current status and returns the status or + * NOT_FOUND if the profile doesn't exist (i.e. it has been deleted). + */ + private async queryStatus(): Promise { + if (!this.physicalResourceId) { + throw new Error('Unable to determine status for fargate profile without a resource name'); + } + + const describeFargateProfile: aws.EKS.DescribeFargateProfileRequest = { + clusterName: this.event.ResourceProperties.Config.clusterName, + fargateProfileName: this.physicalResourceId, + }; + + try { + + this.log({ describeFargateProfile }); + const describeFargateProfileResponse = await this.eks.describeFargateProfile(describeFargateProfile); + this.log({ describeFargateProfileResponse }); + const status = describeFargateProfileResponse.fargateProfile?.status; + + if (status === 'CREATE_FAILED' || status === 'DELETE_FAILED') { + throw new Error(status); + } + + return status; + } catch (describeFargateProfileError) { + if (describeFargateProfileError.code === 'ResourceNotFoundException') { + this.log('received ResourceNotFoundException, this means the profile has been deleted (or never existed)'); + return 'NOT_FOUND'; + } + + this.log({ describeFargateProfileError }); + throw describeFargateProfileError; + } + } +} diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517/index.ts b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517/index.ts new file mode 100644 index 0000000000000..f4db036cc6e48 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517/index.ts @@ -0,0 +1,67 @@ +/* eslint-disable no-console */ +// eslint-disable-next-line import/no-extraneous-dependencies +import { IsCompleteResponse } from '@aws-cdk/custom-resources/lib/provider-framework/types'; +// eslint-disable-next-line import/no-extraneous-dependencies +import * as aws from 'aws-sdk'; +import { ClusterResourceHandler } from './cluster'; +import { EksClient } from './common'; +import * as consts from './consts'; +import { FargateProfileResourceHandler } from './fargate'; + +// eslint-disable-next-line @typescript-eslint/no-require-imports, import/no-extraneous-dependencies +const ProxyAgent = require('proxy-agent'); + +aws.config.logger = console; +aws.config.update({ + httpOptions: { agent: new ProxyAgent() }, +}); + +let eks: aws.EKS | undefined; + +const defaultEksClient: EksClient = { + createCluster: req => getEksClient().createCluster(req).promise(), + deleteCluster: req => getEksClient().deleteCluster(req).promise(), + describeCluster: req => getEksClient().describeCluster(req).promise(), + describeUpdate: req => getEksClient().describeUpdate(req).promise(), + updateClusterConfig: req => getEksClient().updateClusterConfig(req).promise(), + updateClusterVersion: req => getEksClient().updateClusterVersion(req).promise(), + createFargateProfile: req => getEksClient().createFargateProfile(req).promise(), + deleteFargateProfile: req => getEksClient().deleteFargateProfile(req).promise(), + describeFargateProfile: req => getEksClient().describeFargateProfile(req).promise(), + configureAssumeRole: req => { + console.log(JSON.stringify({ assumeRole: req }, undefined, 2)); + const creds = new aws.ChainableTemporaryCredentials({ + params: req, + stsConfig: { stsRegionalEndpoints: 'regional' }, + }); + + eks = new aws.EKS({ credentials: creds }); + }, +}; + +function getEksClient() { + if (!eks) { + throw new Error('EKS client not initialized (call "configureAssumeRole")'); + } + + return eks; +} + +export async function onEvent(event: AWSLambda.CloudFormationCustomResourceEvent) { + const provider = createResourceHandler(event); + return provider.onEvent(); +} + +export async function isComplete(event: AWSLambda.CloudFormationCustomResourceEvent): Promise { + const provider = createResourceHandler(event); + return provider.isComplete(); +} + +function createResourceHandler(event: AWSLambda.CloudFormationCustomResourceEvent) { + switch (event.ResourceType) { + case consts.CLUSTER_RESOURCE_TYPE: return new ClusterResourceHandler(defaultEksClient, event); + case consts.FARGATE_PROFILE_RESOURCE_TYPE: return new FargateProfileResourceHandler(defaultEksClient, event); + default: + throw new Error(`Unsupported resource type "${event.ResourceType}`); + } +} diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b/.dockerignore b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b/.dockerignore new file mode 100644 index 0000000000000..3c3629e647f5d --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b/.dockerignore @@ -0,0 +1 @@ +node_modules diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.9448319c1840dec2adb7d4943d3dbd6c6944b64b7af0c1f4ca63fde4d959131c/Dockerfile b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b/Dockerfile similarity index 88% rename from packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.9448319c1840dec2adb7d4943d3dbd6c6944b64b7af0c1f4ca63fde4d959131c/Dockerfile rename to packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b/Dockerfile index 085558f3e7fa0..e40cbe1e47989 100644 --- a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.9448319c1840dec2adb7d4943d3dbd6c6944b64b7af0c1f4ca63fde4d959131c/Dockerfile +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b/Dockerfile @@ -13,4 +13,4 @@ COPY . /usr/src/app USER node -CMD [ "node", "sdk-call.js" ] \ No newline at end of file +CMD [ "node", "sdk-call.js" ] diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.9448319c1840dec2adb7d4943d3dbd6c6944b64b7af0c1f4ca63fde4d959131c/package.json b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b/package.json similarity index 100% rename from packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.9448319c1840dec2adb7d4943d3dbd6c6944b64b7af0c1f4ca63fde4d959131c/package.json rename to packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b/package.json diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.ts b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.ts new file mode 100644 index 0000000000000..9718dcef40645 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/consts.ts @@ -0,0 +1,14 @@ +/** + * Supported resource type. + */ +export const enum CfnUtilsResourceType { + /** + * CfnJson + */ + CFN_JSON = 'Custom::AWSCDKCfnJson', + + /** + * CfnJsonStringify + */ + CFN_JSON_STRINGIFY = 'Custom::AWSCDKCfnJsonStringify', +} diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.ts b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.ts new file mode 100644 index 0000000000000..f082001f80159 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3/index.ts @@ -0,0 +1,33 @@ +import { CfnUtilsResourceType } from './consts'; + +/** + * Parses the value of "Value" and reflects it back as attribute. + */ +export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent) { + + // dispatch based on resource type + if (event.ResourceType === CfnUtilsResourceType.CFN_JSON) { + return cfnJsonHandler(event); + } + if (event.ResourceType === CfnUtilsResourceType.CFN_JSON_STRINGIFY) { + return cfnJsonStringifyHandler(event); + } + + throw new Error(`unexpected resource type "${event.ResourceType}`); +} + +function cfnJsonHandler(event: AWSLambda.CloudFormationCustomResourceEvent) { + return { + Data: { + Value: JSON.parse(event.ResourceProperties.Value), + }, + }; +} + +function cfnJsonStringifyHandler(event: AWSLambda.CloudFormationCustomResourceEvent) { + return { + Data: { + Value: JSON.stringify(event.ResourceProperties.Value), + }, + }; +} diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip new file mode 100644 index 0000000000000..c01b09438e4ee Binary files /dev/null and b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip differ diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip new file mode 100644 index 0000000000000..82f9193d09f44 Binary files /dev/null and b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip differ diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb/apply/__init__.py b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb/apply/__init__.py new file mode 100644 index 0000000000000..60984a21a41e0 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb/apply/__init__.py @@ -0,0 +1,95 @@ +import json +import logging +import os +import subprocess + +logger = logging.getLogger() +logger.setLevel(logging.INFO) + +# these are coming from the kubectl layer +os.environ['PATH'] = '/opt/kubectl:/opt/awscli:' + os.environ['PATH'] + +outdir = os.environ.get('TEST_OUTDIR', '/tmp') +kubeconfig = os.path.join(outdir, 'kubeconfig') + + +def apply_handler(event, context): + logger.info(json.dumps(dict(event, ResponseURL='...'))) + + request_type = event['RequestType'] + props = event['ResourceProperties'] + + # resource properties (all required) + cluster_name = props['ClusterName'] + manifest_text = props['Manifest'] + role_arn = props['RoleArn'] + prune_label = props.get('PruneLabel', None) + overwrite = props.get('Overwrite', 'false').lower() == 'true' + skip_validation = props.get('SkipValidation', 'false').lower() == 'true' + + # "log in" to the cluster + cmd = [ 'aws', 'eks', 'update-kubeconfig', + '--role-arn', role_arn, + '--name', cluster_name, + '--kubeconfig', kubeconfig + ] + logger.info(f'Running command: {cmd}') + subprocess.check_call(cmd) + + if os.path.isfile(kubeconfig): + os.chmod(kubeconfig, 0o600) + + # write resource manifests in sequence: { r1 }{ r2 }{ r3 } (this is how + # a stream of JSON objects can be included in a k8s manifest). + manifest_list = json.loads(manifest_text) + manifest_file = os.path.join(outdir, 'manifest.yaml') + with open(manifest_file, "w") as f: + f.writelines(map(lambda obj: json.dumps(obj), manifest_list)) + + logger.info("manifest written to: %s" % manifest_file) + + kubectl_opts = [] + if skip_validation: + kubectl_opts.extend(['--validate=false']) + + if request_type == 'Create': + # if "overwrite" is enabled, then we use "apply" for CREATE operations + # which technically means we can determine the desired state of an + # existing resource. + if overwrite: + kubectl('apply', manifest_file, *kubectl_opts) + else: + # --save-config will allow us to use "apply" later + kubectl_opts.extend(['--save-config']) + kubectl('create', manifest_file, *kubectl_opts) + elif request_type == 'Update': + if prune_label is not None: + kubectl_opts.extend(['--prune', '-l', prune_label]) + + kubectl('apply', manifest_file, *kubectl_opts) + elif request_type == "Delete": + try: + kubectl('delete', manifest_file) + except Exception as e: + logger.info("delete error: %s" % e) + + +def kubectl(verb, file, *opts): + maxAttempts = 3 + retry = maxAttempts + while retry > 0: + try: + cmd = ['kubectl', verb, '--kubeconfig', kubeconfig, '-f', file] + list(opts) + logger.info(f'Running command: {cmd}') + output = subprocess.check_output(cmd, stderr=subprocess.STDOUT) + except subprocess.CalledProcessError as exc: + output = exc.output + if b'i/o timeout' in output and retry > 0: + retry = retry - 1 + logger.info("kubectl timed out, retries left: %s" % retry) + else: + raise Exception(output) + else: + logger.info(output) + return + raise Exception(f'Operation failed after {maxAttempts} attempts: {output}') diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb/get/__init__.py b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb/get/__init__.py new file mode 100644 index 0000000000000..2811dca09cf1e --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb/get/__init__.py @@ -0,0 +1,88 @@ +import json +import logging +import os +import subprocess +import time + +logger = logging.getLogger() +logger.setLevel(logging.INFO) + +# these are coming from the kubectl layer +os.environ['PATH'] = '/opt/kubectl:/opt/awscli:' + os.environ['PATH'] + +outdir = os.environ.get('TEST_OUTDIR', '/tmp') +kubeconfig = os.path.join(outdir, 'kubeconfig') + + +def get_handler(event, context): + logger.info(json.dumps(dict(event, ResponseURL='...'))) + + request_type = event['RequestType'] + props = event['ResourceProperties'] + + # resource properties (all required) + cluster_name = props['ClusterName'] + role_arn = props['RoleArn'] + + # "log in" to the cluster + subprocess.check_call([ 'aws', 'eks', 'update-kubeconfig', + '--role-arn', role_arn, + '--name', cluster_name, + '--kubeconfig', kubeconfig + ]) + + if os.path.isfile(kubeconfig): + os.chmod(kubeconfig, 0o600) + + object_type = props['ObjectType'] + object_name = props['ObjectName'] + object_namespace = props['ObjectNamespace'] + json_path = props['JsonPath'] + timeout_seconds = props['TimeoutSeconds'] + + # json path should be surrouded with '{}' + path = '{{{0}}}'.format(json_path) + if request_type == 'Create' or request_type == 'Update': + output = wait_for_output(['get', '-n', object_namespace, object_type, object_name, "-o=jsonpath='{{{0}}}'".format(json_path)], int(timeout_seconds)) + return {'Data': {'Value': output}} + elif request_type == 'Delete': + pass + else: + raise Exception("invalid request type %s" % request_type) + +def wait_for_output(args, timeout_seconds): + + end_time = time.time() + timeout_seconds + error = None + + while time.time() < end_time: + try: + # the output is surrounded with '', so we unquote + output = kubectl(args).decode('utf-8')[1:-1] + if output: + return output + except Exception as e: + error = str(e) + # also a recoverable error + if 'NotFound' in error: + pass + time.sleep(10) + + raise RuntimeError(f'Timeout waiting for output from kubectl command: {args} (last_error={error})') + +def kubectl(args): + retry = 3 + while retry > 0: + try: + cmd = [ 'kubectl', '--kubeconfig', kubeconfig ] + args + output = subprocess.check_output(cmd, stderr=subprocess.STDOUT) + except subprocess.CalledProcessError as exc: + output = exc.output + if b'i/o timeout' in output and retry > 0: + logger.info("kubectl timed out, retries left: %s" % retry) + retry = retry - 1 + else: + raise Exception(output) + else: + logger.info(output) + return output diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb/helm/__init__.py b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb/helm/__init__.py new file mode 100644 index 0000000000000..b9a741c8972c4 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb/helm/__init__.py @@ -0,0 +1,187 @@ +import json +import logging +import os +import re +import subprocess +import shutil +import tempfile +import zipfile +from urllib.parse import urlparse, unquote + +logger = logging.getLogger() +logger.setLevel(logging.INFO) + +# these are coming from the kubectl layer +os.environ['PATH'] = '/opt/helm:/opt/awscli:' + os.environ['PATH'] + +outdir = os.environ.get('TEST_OUTDIR', '/tmp') +kubeconfig = os.path.join(outdir, 'kubeconfig') + +def get_chart_asset_from_url(chart_asset_url): + chart_zip = os.path.join(outdir, 'chart.zip') + shutil.rmtree(chart_zip, ignore_errors=True) + subprocess.check_call(['aws', 's3', 'cp', chart_asset_url, chart_zip]) + chart_dir = os.path.join(outdir, 'chart') + shutil.rmtree(chart_dir, ignore_errors=True) + os.mkdir(chart_dir) + with zipfile.ZipFile(chart_zip, 'r') as zip_ref: + zip_ref.extractall(chart_dir) + return chart_dir + +def helm_handler(event, context): + logger.info(json.dumps(dict(event, ResponseURL='...'))) + + request_type = event['RequestType'] + props = event['ResourceProperties'] + + # resource properties + cluster_name = props['ClusterName'] + role_arn = props['RoleArn'] + release = props['Release'] + chart = props.get('Chart', None) + chart_asset_url = props.get('ChartAssetURL', None) + version = props.get('Version', None) + wait = props.get('Wait', False) + timeout = props.get('Timeout', None) + namespace = props.get('Namespace', None) + create_namespace = props.get('CreateNamespace', None) + repository = props.get('Repository', None) + values_text = props.get('Values', None) + + # "log in" to the cluster + subprocess.check_call([ 'aws', 'eks', 'update-kubeconfig', + '--role-arn', role_arn, + '--name', cluster_name, + '--kubeconfig', kubeconfig + ]) + + if os.path.isfile(kubeconfig): + os.chmod(kubeconfig, 0o600) + + # Write out the values to a file and include them with the install and upgrade + values_file = None + if not request_type == "Delete" and not values_text is None: + values = json.loads(values_text) + values_file = os.path.join(outdir, 'values.yaml') + with open(values_file, "w") as f: + f.write(json.dumps(values, indent=2)) + + if request_type == 'Create' or request_type == 'Update': + # Ensure chart or chart_asset_url are set + if chart == None and chart_asset_url == None: + raise RuntimeError(f'chart or chartAsset must be specified') + + if chart_asset_url != None: + assert(chart==None) + assert(repository==None) + assert(version==None) + if not chart_asset_url.startswith('s3://'): + raise RuntimeError(f'ChartAssetURL must point to as s3 location but is {chart_asset_url}') + # future work: support versions from s3 assets + chart = get_chart_asset_from_url(chart_asset_url) + + if repository is not None and repository.startswith('oci://'): + tmpdir = tempfile.TemporaryDirectory() + chart_dir = get_chart_from_oci(tmpdir.name, release, repository, version) + chart = chart_dir + + helm('upgrade', release, chart, repository, values_file, namespace, version, wait, timeout, create_namespace) + elif request_type == "Delete": + try: + helm('uninstall', release, namespace=namespace, timeout=timeout) + except Exception as e: + logger.info("delete error: %s" % e) + + +def get_oci_cmd(repository, version): + # Generates OCI command based on pattern. Public ECR vs Private ECR are treated differently. + cmnd = [] + private_ecr_pattern = '\d+.dkr.ecr.[a-z]+-[a-z]+-\d.amazonaws.com' + public_ecr = 'public.ecr.aws' + + registry = repository.rsplit('/', 1)[0].replace('oci://', '') + + if re.fullmatch(private_ecr_pattern, registry) is not None: + logger.info("Found AWS private repository") + region = registry.replace('.amazonaws.com', '').split('.')[-1] + cmnd = [ + f"aws ecr get-login-password --region {region} | " \ + f"helm registry login --username AWS --password-stdin {registry}; helm pull {repository} --version {version} --untar" + ] + elif registry.startswith(public_ecr): + logger.info("Found AWS public repository, will use default region as deployment") + region = os.environ.get('AWS_REGION', 'us-east-1') + + cmnd = [ + f"aws ecr-public get-login-password --region {region} | " \ + f"helm registry login --username AWS --password-stdin {public_ecr}; helm pull {repository} --version {version} --untar" + ] + else: + logger.error("OCI repository format not recognized, falling back to helm pull") + cmnd = ['helm', 'pull', repository, '--version', version, '--untar'] + + return cmnd + + +def get_chart_from_oci(tmpdir, release, repository = None, version = None): + + cmnd = get_oci_cmd(repository, version) + + maxAttempts = 3 + retry = maxAttempts + while retry > 0: + try: + logger.info(cmnd) + output = subprocess.check_output(cmnd, stderr=subprocess.STDOUT, cwd=tmpdir, shell=True) + logger.info(output) + + return os.path.join(tmpdir, release) + except subprocess.CalledProcessError as exc: + output = exc.output + if b'Broken pipe' in output: + retry = retry - 1 + logger.info("Broken pipe, retries left: %s" % retry) + else: + raise Exception(output) + raise Exception(f'Operation failed after {maxAttempts} attempts: {output}') + + +def helm(verb, release, chart = None, repo = None, file = None, namespace = None, version = None, wait = False, timeout = None, create_namespace = None): + import subprocess + + cmnd = ['helm', verb, release] + if not chart is None: + cmnd.append(chart) + if verb == 'upgrade': + cmnd.append('--install') + if create_namespace: + cmnd.append('--create-namespace') + if not repo is None: + cmnd.extend(['--repo', repo]) + if not file is None: + cmnd.extend(['--values', file]) + if not version is None: + cmnd.extend(['--version', version]) + if not namespace is None: + cmnd.extend(['--namespace', namespace]) + if wait: + cmnd.append('--wait') + if not timeout is None: + cmnd.extend(['--timeout', timeout]) + cmnd.extend(['--kubeconfig', kubeconfig]) + + maxAttempts = 3 + retry = maxAttempts + while retry > 0: + try: + output = subprocess.check_output(cmnd, stderr=subprocess.STDOUT, cwd=outdir) + logger.info(output) + return + except subprocess.CalledProcessError as exc: + output = exc.output + if b'Broken pipe' in output: + retry = retry - 1 + logger.info("Broken pipe, retries left: %s" % retry) + else: + raise Exception(output) + raise Exception(f'Operation failed after {maxAttempts} attempts: {output}') diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb/index.py b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb/index.py new file mode 100644 index 0000000000000..26f5b116f8dc5 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb/index.py @@ -0,0 +1,25 @@ +import json +import logging + +from apply import apply_handler +from helm import helm_handler +from patch import patch_handler +from get import get_handler + +def handler(event, context): + print(json.dumps(dict(event, ResponseURL='...'))) + + resource_type = event['ResourceType'] + if resource_type == 'Custom::AWSCDK-EKS-KubernetesResource': + return apply_handler(event, context) + + if resource_type == 'Custom::AWSCDK-EKS-HelmChart': + return helm_handler(event, context) + + if resource_type == 'Custom::AWSCDK-EKS-KubernetesPatch': + return patch_handler(event, context) + + if resource_type == 'Custom::AWSCDK-EKS-KubernetesObjectValue': + return get_handler(event, context) + + raise Exception("unknown resource type %s" % resource_type) diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb/patch/__init__.py b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb/patch/__init__.py new file mode 100644 index 0000000000000..d7a73c67ee88d --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/asset.d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb/patch/__init__.py @@ -0,0 +1,70 @@ +import json +import logging +import os +import subprocess + +logger = logging.getLogger() +logger.setLevel(logging.INFO) + +# these are coming from the kubectl layer +os.environ['PATH'] = '/opt/kubectl:/opt/awscli:' + os.environ['PATH'] + +outdir = os.environ.get('TEST_OUTDIR', '/tmp') +kubeconfig = os.path.join(outdir, 'kubeconfig') + + +def patch_handler(event, context): + logger.info(json.dumps(dict(event, ResponseURL='...'))) + + request_type = event['RequestType'] + props = event['ResourceProperties'] + + # resource properties (all required) + cluster_name = props['ClusterName'] + role_arn = props['RoleArn'] + + # "log in" to the cluster + subprocess.check_call([ 'aws', 'eks', 'update-kubeconfig', + '--role-arn', role_arn, + '--name', cluster_name, + '--kubeconfig', kubeconfig + ]) + + if os.path.isfile(kubeconfig): + os.chmod(kubeconfig, 0o600) + + resource_name = props['ResourceName'] + resource_namespace = props['ResourceNamespace'] + apply_patch_json = props['ApplyPatchJson'] + restore_patch_json = props['RestorePatchJson'] + patch_type = props['PatchType'] + + patch_json = None + if request_type == 'Create' or request_type == 'Update': + patch_json = apply_patch_json + elif request_type == 'Delete': + patch_json = restore_patch_json + else: + raise Exception("invalid request type %s" % request_type) + + kubectl([ 'patch', resource_name, '-n', resource_namespace, '-p', patch_json, '--type', patch_type ]) + + +def kubectl(args): + maxAttempts = 3 + retry = maxAttempts + while retry > 0: + try: + cmd = [ 'kubectl', '--kubeconfig', kubeconfig ] + args + output = subprocess.check_output(cmd, stderr=subprocess.STDOUT) + except subprocess.CalledProcessError as exc: + output = exc.output + if b'i/o timeout' in output and retry > 0: + retry = retry - 1 + logger.info("kubectl timed out, retries left: %s" % retry) + else: + raise Exception(output) + else: + logger.info(output) + return + raise Exception(f'Operation failed after {maxAttempts} attempts: {output}') \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/aws-eks-oidc-provider-test.assets.json b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/aws-eks-oidc-provider-test.assets.json new file mode 100644 index 0000000000000..0f8a1239c7700 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/aws-eks-oidc-provider-test.assets.json @@ -0,0 +1,175 @@ +{ + "version": "21.0.0", + "files": { + "4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee": { + "source": { + "path": "asset.4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517": { + "source": { + "path": "asset.73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037": { + "source": { + "path": "asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb": { + "source": { + "path": "asset.d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc": { + "source": { + "path": "asset.c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed": { + "source": { + "path": "asset.c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174": { + "source": { + "path": "asset.42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3": { + "source": { + "path": "asset.b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "41c8a7cd37aeed043235c5685fbbd3711edb412ae285f9993951fd1bde8734a5": { + "source": { + "path": "asset.41c8a7cd37aeed043235c5685fbbd3711edb412ae285f9993951fd1bde8734a5", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "41c8a7cd37aeed043235c5685fbbd3711edb412ae285f9993951fd1bde8734a5.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "e59f13ce93f53a92012f4cb1909dd1c644a3eaabecb3f91452ebb77d698e7b36": { + "source": { + "path": "awseksoidcprovidertestawscdkawseksClusterResourceProviderDB30B151.nested.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "e59f13ce93f53a92012f4cb1909dd1c644a3eaabecb3f91452ebb77d698e7b36.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "059554c62e9a55071f25739c539509931f3e6ca68eaba0d8dabc5a14b8891229": { + "source": { + "path": "awseksoidcprovidertestawscdkawseksKubectlProviderD23CBFFD.nested.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "059554c62e9a55071f25739c539509931f3e6ca68eaba0d8dabc5a14b8891229.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "5dd54e38fb3e5b666650f1d779742e66c02098650957306f6ccf1a4100f81d95": { + "source": { + "path": "aws-eks-oidc-provider-test.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "5dd54e38fb3e5b666650f1d779742e66c02098650957306f6ccf1a4100f81d95.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": { + "ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b": { + "source": { + "directory": "asset.ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b" + }, + "destinations": { + "current_account-current_region": { + "repositoryName": "cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}", + "imageTag": "ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-image-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/aws-eks-oidc-provider-test.template.json b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/aws-eks-oidc-provider-test.template.json new file mode 100644 index 0000000000000..889064f72cc2d --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/aws-eks-oidc-provider-test.template.json @@ -0,0 +1,1772 @@ +{ + "Resources": { + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "aws-eks-oidc-provider-test/Vpc" + } + ] + } + }, + "VpcPublicSubnet1Subnet5C2D37C4": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-eks-oidc-provider-test/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1RouteTable6C95E38E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-eks-oidc-provider-test/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1RouteTableAssociation97140677": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "VpcPublicSubnet1DefaultRoute3DA9E72A": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet1EIPD7E02669": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-eks-oidc-provider-test/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1NATGateway4D7517AA": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "AllocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet1EIPD7E02669", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-eks-oidc-provider-test/Vpc/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet1RouteTableAssociation97140677" + ] + }, + "VpcPublicSubnet2Subnet691E08A3": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-eks-oidc-provider-test/Vpc/PublicSubnet2" + } + ] + } + }, + "VpcPublicSubnet2RouteTable94F7E489": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-eks-oidc-provider-test/Vpc/PublicSubnet2" + } + ] + } + }, + "VpcPublicSubnet2RouteTableAssociationDD5762D8": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "VpcPublicSubnet2DefaultRoute97F91067": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPrivateSubnet1Subnet536B997A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet1" + } + ] + } + }, + "VpcPrivateSubnet1RouteTableB2C5B500": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet1" + } + ] + } + }, + "VpcPrivateSubnet1RouteTableAssociation70C59FA6": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + } + }, + "VpcPrivateSubnet1DefaultRouteBE02A9ED": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + } + } + }, + "VpcPrivateSubnet2Subnet3788AAA1": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet2" + } + ] + } + }, + "VpcPrivateSubnet2RouteTableA678073B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "Tags": [ + { + "Key": "kubernetes.io/role/internal-elb", + "Value": "1" + }, + { + "Key": "Name", + "Value": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet2" + } + ] + } + }, + "VpcPrivateSubnet2RouteTableAssociationA89CAD56": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + } + }, + "VpcPrivateSubnet2DefaultRoute060D2087": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + } + } + }, + "VpcIGWD7BA715C": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-eks-oidc-provider-test/Vpc" + } + ] + } + }, + "VpcVPCGWBF912B6E": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "Vpc8378EB38" + }, + "InternetGatewayId": { + "Ref": "VpcIGWD7BA715C" + } + } + }, + "ClusterRoleFA261979": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "eks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSClusterPolicy" + ] + ] + } + ] + } + }, + "ClusterControlPlaneSecurityGroupD274242C": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "EKS Control Plane Security Group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "ClusterCreationRole360249B6": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + }, + "DependsOn": [ + "VpcIGWD7BA715C", + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableB2C5B500", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet1Subnet536B997A", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableA678073B", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56", + "VpcPrivateSubnet2Subnet3788AAA1", + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet1EIPD7E02669", + "VpcPublicSubnet1NATGateway4D7517AA", + "VpcPublicSubnet1RouteTable6C95E38E", + "VpcPublicSubnet1RouteTableAssociation97140677", + "VpcPublicSubnet1Subnet5C2D37C4", + "VpcPublicSubnet2DefaultRoute97F91067", + "VpcPublicSubnet2RouteTable94F7E489", + "VpcPublicSubnet2RouteTableAssociationDD5762D8", + "VpcPublicSubnet2Subnet691E08A3", + "Vpc8378EB38", + "VpcVPCGWBF912B6E" + ] + }, + "ClusterCreationRoleDefaultPolicyE8BDFC7B": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "ClusterRoleFA261979", + "Arn" + ] + } + }, + { + "Action": [ + "eks:CreateCluster", + "eks:CreateFargateProfile", + "eks:DeleteCluster", + "eks:DescribeCluster", + "eks:DescribeUpdate", + "eks:TagResource", + "eks:UntagResource", + "eks:UpdateClusterConfig", + "eks:UpdateClusterVersion" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "eks:DeleteFargateProfile", + "eks:DescribeFargateProfile" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:DescribeDhcpOptions", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "iam:listAttachedRolePolicies" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "Roles": [ + { + "Ref": "ClusterCreationRole360249B6" + } + ] + }, + "DependsOn": [ + "VpcIGWD7BA715C", + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableB2C5B500", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet1Subnet536B997A", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableA678073B", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56", + "VpcPrivateSubnet2Subnet3788AAA1", + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet1EIPD7E02669", + "VpcPublicSubnet1NATGateway4D7517AA", + "VpcPublicSubnet1RouteTable6C95E38E", + "VpcPublicSubnet1RouteTableAssociation97140677", + "VpcPublicSubnet1Subnet5C2D37C4", + "VpcPublicSubnet2DefaultRoute97F91067", + "VpcPublicSubnet2RouteTable94F7E489", + "VpcPublicSubnet2RouteTableAssociationDD5762D8", + "VpcPublicSubnet2Subnet691E08A3", + "Vpc8378EB38", + "VpcVPCGWBF912B6E" + ] + }, + "Cluster9EE0221C": { + "Type": "Custom::AWSCDK-EKS-Cluster", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454", + "Outputs.awseksoidcprovidertestawscdkawseksClusterResourceProviderframeworkonEvent4FFC9C25Arn" + ] + }, + "Config": { + "version": "1.21", + "roleArn": { + "Fn::GetAtt": [ + "ClusterRoleFA261979", + "Arn" + ] + }, + "resourcesVpcConfig": { + "subnetIds": [ + { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ], + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "ClusterControlPlaneSecurityGroupD274242C", + "GroupId" + ] + } + ], + "endpointPublicAccess": true, + "endpointPrivateAccess": true + } + }, + "AssumeRoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "AttributesRevision": 2 + }, + "DependsOn": [ + "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "ClusterCreationRole360249B6", + "VpcIGWD7BA715C", + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableB2C5B500", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet1Subnet536B997A", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableA678073B", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56", + "VpcPrivateSubnet2Subnet3788AAA1", + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet1EIPD7E02669", + "VpcPublicSubnet1NATGateway4D7517AA", + "VpcPublicSubnet1RouteTable6C95E38E", + "VpcPublicSubnet1RouteTableAssociation97140677", + "VpcPublicSubnet1Subnet5C2D37C4", + "VpcPublicSubnet2DefaultRoute97F91067", + "VpcPublicSubnet2RouteTable94F7E489", + "VpcPublicSubnet2RouteTableAssociationDD5762D8", + "VpcPublicSubnet2Subnet691E08A3", + "Vpc8378EB38", + "VpcVPCGWBF912B6E" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClusterKubectlReadyBarrier200052AF": { + "Type": "AWS::SSM::Parameter", + "Properties": { + "Type": "String", + "Value": "aws:cdk:eks:kubectl-ready" + }, + "DependsOn": [ + "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "ClusterCreationRole360249B6", + "Cluster9EE0221C" + ] + }, + "ClusterMastersRole9AA35625": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "ClusterAwsAuthmanifestFE51F8AE": { + "Type": "Custom::AWSCDK-EKS-KubernetesResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.awseksoidcprovidertestawscdkawseksKubectlProviderframeworkonEventAF429689Arn" + ] + }, + "Manifest": { + "Fn::Join": [ + "", + [ + "[{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"aws-auth\",\"namespace\":\"kube-system\",\"labels\":{\"aws.cdk.eks/prune-c8040b423e0159532d75b8ac212a34a52ba20f201d\":\"\"}},\"data\":{\"mapRoles\":\"[{\\\"rolearn\\\":\\\"", + { + "Fn::GetAtt": [ + "ClusterMastersRole9AA35625", + "Arn" + ] + }, + "\\\",\\\"username\\\":\\\"", + { + "Fn::GetAtt": [ + "ClusterMastersRole9AA35625", + "Arn" + ] + }, + "\\\",\\\"groups\\\":[\\\"system:masters\\\"]},{\\\"rolearn\\\":\\\"", + { + "Fn::GetAtt": [ + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "Arn" + ] + }, + "\\\",\\\"username\\\":\\\"system:node:{{EC2PrivateDNSName}}\\\",\\\"groups\\\":[\\\"system:bootstrappers\\\",\\\"system:nodes\\\"]}]\",\"mapUsers\":\"[]\",\"mapAccounts\":\"[]\"}}]" + ] + ] + }, + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "RoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "PruneLabel": "aws.cdk.eks/prune-c8040b423e0159532d75b8ac212a34a52ba20f201d", + "Overwrite": true + }, + "DependsOn": [ + "ClusterKubectlReadyBarrier200052AF" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "ec2.", + { + "Ref": "AWS::URLSuffix" + } + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSWorkerNodePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKS_CNI_Policy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + } + ] + } + }, + "ClusterNodegroupDefaultCapacityDA0920A3": { + "Type": "AWS::EKS::Nodegroup", + "Properties": { + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "NodeRole": { + "Fn::GetAtt": [ + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "Arn" + ] + }, + "Subnets": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ], + "AmiType": "AL2_x86_64", + "ForceUpdateEnabled": true, + "InstanceTypes": [ + "m5.large" + ], + "ScalingConfig": { + "DesiredSize": 2, + "MaxSize": 2, + "MinSize": 2 + } + } + }, + "ClustermyserviceaccountConditionJson260229E4": { + "Type": "Custom::AWSCDKCfnJson", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "AWSCDKCfnUtilsProviderCustomResourceProviderHandlerCF82AA57", + "Arn" + ] + }, + "Value": { + "Fn::Join": [ + "", + [ + "{\"", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":oidc-provider/", + { + "Ref": "ClusterOpenIdConnectProviderE7EB0530" + } + ] + } + ] + }, + ":aud\":\"sts.amazonaws.com\",\"", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":oidc-provider/", + { + "Ref": "ClusterOpenIdConnectProviderE7EB0530" + } + ] + } + ] + }, + ":sub\":\"system:serviceaccount:default:awseksoidcprovidertestclustermyserviceaccount24420634\"}" + ] + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClustermyserviceaccountRole11FFD0A4": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRoleWithWebIdentity", + "Condition": { + "StringEquals": { + "Fn::GetAtt": [ + "ClustermyserviceaccountConditionJson260229E4", + "Value" + ] + } + }, + "Effect": "Allow", + "Principal": { + "Federated": { + "Ref": "ClusterOpenIdConnectProviderE7EB0530" + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "ClustermyserviceaccountRoleDefaultPolicy791F61C9": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:CreateBucket", + "Effect": "Allow", + "Resource": "arn:aws:s3:::*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ClustermyserviceaccountRoleDefaultPolicy791F61C9", + "Roles": [ + { + "Ref": "ClustermyserviceaccountRole11FFD0A4" + } + ] + } + }, + "ClustermyserviceaccountmanifestmyserviceaccountServiceAccountResource8FC996C5": { + "Type": "Custom::AWSCDK-EKS-KubernetesResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.awseksoidcprovidertestawscdkawseksKubectlProviderframeworkonEventAF429689Arn" + ] + }, + "Manifest": { + "Fn::Join": [ + "", + [ + "[{\"apiVersion\":\"v1\",\"kind\":\"ServiceAccount\",\"metadata\":{\"name\":\"awseksoidcprovidertestclustermyserviceaccount24420634\",\"namespace\":\"default\",\"labels\":{\"aws.cdk.eks/prune-c824bf8a0ae84b09c84baaa3da22d37423c33264a0\":\"\",\"app.kubernetes.io/name\":\"awseksoidcprovidertestclustermyserviceaccount24420634\"},\"annotations\":{\"eks.amazonaws.com/role-arn\":\"", + { + "Fn::GetAtt": [ + "ClustermyserviceaccountRole11FFD0A4", + "Arn" + ] + }, + "\"}}}]" + ] + ] + }, + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "RoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "PruneLabel": "aws.cdk.eks/prune-c824bf8a0ae84b09c84baaa3da22d37423c33264a0" + }, + "DependsOn": [ + "ClusterKubectlReadyBarrier200052AF" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "ClusterOpenIdConnectProviderE7EB0530": { + "Type": "Custom::AWSCDKOpenIdConnectProvider", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0", + "Arn" + ] + }, + "ClientIDList": [ + "sts.amazonaws.com" + ], + "ThumbprintList": [ + "9e99a48a9960b14926bb7f3b02e22da2b0ab7280" + ], + "Url": { + "Fn::GetAtt": [ + "Cluster9EE0221C", + "OpenIdConnectIssuerUrl" + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "Clustersdkcall3402E269": { + "Type": "Custom::AWSCDK-EKS-KubernetesResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B", + "Outputs.awseksoidcprovidertestawscdkawseksKubectlProviderframeworkonEventAF429689Arn" + ] + }, + "Manifest": { + "Fn::Join": [ + "", + [ + "[{\"apiVersion\":\"v1\",\"kind\":\"Pod\",\"metadata\":{\"labels\":{\"aws.cdk.eks/prune-c8c88f6b67ceb9f4140b1b57471ed94d088c917849\":\"\",\"cdk8s.io/metadata.addr\":\"sdk-call-image-Pod-c86043a4\"},\"name\":\"sdk-call-image-pod-c806267e\"},\"spec\":{\"automountServiceAccountToken\":true,\"containers\":[{\"image\":\"", + { + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b" + }, + "\",\"imagePullPolicy\":\"Always\",\"name\":\"main\",\"ports\":[{\"containerPort\":8080}],\"securityContext\":{\"privileged\":false,\"readOnlyRootFilesystem\":false,\"runAsNonRoot\":false}}],\"dnsPolicy\":\"ClusterFirst\",\"restartPolicy\":\"Never\",\"securityContext\":{\"fsGroupChangePolicy\":\"Always\",\"runAsNonRoot\":false},\"serviceAccountName\":\"awseksoidcprovidertestclustermyserviceaccount24420634\",\"setHostnameAsFQDN\":false}}]" + ] + ] + }, + "ClusterName": { + "Ref": "Cluster9EE0221C" + }, + "RoleArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "PruneLabel": "aws.cdk.eks/prune-c8c88f6b67ceb9f4140b1b57471ed94d088c917849" + }, + "DependsOn": [ + "ClusterKubectlReadyBarrier200052AF", + "ClustermyserviceaccountConditionJson260229E4", + "ClustermyserviceaccountmanifestmyserviceaccountServiceAccountResource8FC996C5", + "ClustermyserviceaccountRoleDefaultPolicy791F61C9", + "ClustermyserviceaccountRole11FFD0A4" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454": { + "Type": "AWS::CloudFormation::Stack", + "Properties": { + "TemplateURL": { + "Fn::Join": [ + "", + [ + "https://s3.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/e59f13ce93f53a92012f4cb1909dd1c644a3eaabecb3f91452ebb77d698e7b36.json" + ] + ] + }, + "Parameters": { + "referencetoawseksoidcprovidertestClusterCreationRole9C31DBFDArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + } + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B": { + "Type": "AWS::CloudFormation::Stack", + "Properties": { + "TemplateURL": { + "Fn::Join": [ + "", + [ + "https://s3.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/059554c62e9a55071f25739c539509931f3e6ca68eaba0d8dabc5a14b8891229.json" + ] + ] + }, + "Parameters": { + "referencetoawseksoidcprovidertestCluster40390314Arn": { + "Fn::GetAtt": [ + "Cluster9EE0221C", + "Arn" + ] + }, + "referencetoawseksoidcprovidertestClusterCreationRole9C31DBFDArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "referencetoawseksoidcprovidertestVpcPrivateSubnet1Subnet60CC97A0Ref": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + "referencetoawseksoidcprovidertestVpcPrivateSubnet2Subnet7E577D94Ref": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + }, + "referencetoawseksoidcprovidertestCluster40390314ClusterSecurityGroupId": { + "Fn::GetAtt": [ + "Cluster9EE0221C", + "ClusterSecurityGroupId" + ] + } + } + }, + "DependsOn": [ + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Resource": "*", + "Action": [ + "iam:CreateOpenIDConnectProvider", + "iam:DeleteOpenIDConnectProvider", + "iam:UpdateOpenIDConnectProviderThumbprint", + "iam:AddClientIDToOpenIDConnectProvider", + "iam:RemoveClientIDFromOpenIDConnectProvider" + ] + } + ] + } + } + ] + } + }, + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "42973d1d89f4a393a64981f78d088964ba13e63a3aab4478cd74109c77cf9174.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65", + "Arn" + ] + }, + "Runtime": "nodejs14.x" + }, + "DependsOn": [ + "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65" + ] + }, + "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ] + } + }, + "AWSCDKCfnUtilsProviderCustomResourceProviderHandlerCF82AA57": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "b9db8e64e56b84987288e77a56bf3c0fb982931aa35cb2dcff4bc8a115ae87b3.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867", + "Arn" + ] + }, + "Runtime": "nodejs14.x" + }, + "DependsOn": [ + "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867" + ] + }, + "S3BucketPingerFunctionServiceRole37E5E83A": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ] + ] + } + ] + }, + "DependsOn": [ + "ClusterAwsAuthmanifestFE51F8AE", + "ClusterControlPlaneSecurityGroupD274242C", + "ClusterKubectlReadyBarrier200052AF", + "ClusterMastersRole9AA35625", + "ClustermyserviceaccountConditionJson260229E4", + "ClustermyserviceaccountmanifestmyserviceaccountServiceAccountResource8FC996C5", + "ClustermyserviceaccountRoleDefaultPolicy791F61C9", + "ClustermyserviceaccountRole11FFD0A4", + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "ClusterNodegroupDefaultCapacityDA0920A3", + "ClusterOpenIdConnectProviderE7EB0530", + "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "ClusterCreationRole360249B6", + "Cluster9EE0221C", + "ClusterRoleFA261979", + "Clustersdkcall3402E269", + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + ] + }, + "S3BucketPingerFunctionServiceRoleDefaultPolicy0A5C5673": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteBucket", + "s3:ListBucket" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "S3BucketPingerFunctionServiceRoleDefaultPolicy0A5C5673", + "Roles": [ + { + "Ref": "S3BucketPingerFunctionServiceRole37E5E83A" + } + ] + }, + "DependsOn": [ + "ClusterAwsAuthmanifestFE51F8AE", + "ClusterControlPlaneSecurityGroupD274242C", + "ClusterKubectlReadyBarrier200052AF", + "ClusterMastersRole9AA35625", + "ClustermyserviceaccountConditionJson260229E4", + "ClustermyserviceaccountmanifestmyserviceaccountServiceAccountResource8FC996C5", + "ClustermyserviceaccountRoleDefaultPolicy791F61C9", + "ClustermyserviceaccountRole11FFD0A4", + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "ClusterNodegroupDefaultCapacityDA0920A3", + "ClusterOpenIdConnectProviderE7EB0530", + "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "ClusterCreationRole360249B6", + "Cluster9EE0221C", + "ClusterRoleFA261979", + "Clustersdkcall3402E269", + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + ] + }, + "S3BucketPingerFunctionSecurityGroup470A4668": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Automatic security group for Lambda Function awseksoidcprovidertestS3BucketPingerFunction2C5AC7DA", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + }, + "DependsOn": [ + "ClusterAwsAuthmanifestFE51F8AE", + "ClusterControlPlaneSecurityGroupD274242C", + "ClusterKubectlReadyBarrier200052AF", + "ClusterMastersRole9AA35625", + "ClustermyserviceaccountConditionJson260229E4", + "ClustermyserviceaccountmanifestmyserviceaccountServiceAccountResource8FC996C5", + "ClustermyserviceaccountRoleDefaultPolicy791F61C9", + "ClustermyserviceaccountRole11FFD0A4", + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "ClusterNodegroupDefaultCapacityDA0920A3", + "ClusterOpenIdConnectProviderE7EB0530", + "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "ClusterCreationRole360249B6", + "Cluster9EE0221C", + "ClusterRoleFA261979", + "Clustersdkcall3402E269", + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + ] + }, + "S3BucketPingerFunctionCCEDB9F3": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "41c8a7cd37aeed043235c5685fbbd3711edb412ae285f9993951fd1bde8734a5.zip" + }, + "Role": { + "Fn::GetAtt": [ + "S3BucketPingerFunctionServiceRole37E5E83A", + "Arn" + ] + }, + "Handler": "index.handler", + "Runtime": "python3.9", + "Timeout": 60, + "VpcConfig": { + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "S3BucketPingerFunctionSecurityGroup470A4668", + "GroupId" + ] + } + ], + "SubnetIds": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ] + } + }, + "DependsOn": [ + "ClusterAwsAuthmanifestFE51F8AE", + "ClusterControlPlaneSecurityGroupD274242C", + "ClusterKubectlReadyBarrier200052AF", + "ClusterMastersRole9AA35625", + "ClustermyserviceaccountConditionJson260229E4", + "ClustermyserviceaccountmanifestmyserviceaccountServiceAccountResource8FC996C5", + "ClustermyserviceaccountRoleDefaultPolicy791F61C9", + "ClustermyserviceaccountRole11FFD0A4", + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "ClusterNodegroupDefaultCapacityDA0920A3", + "ClusterOpenIdConnectProviderE7EB0530", + "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "ClusterCreationRole360249B6", + "Cluster9EE0221C", + "ClusterRoleFA261979", + "Clustersdkcall3402E269", + "S3BucketPingerFunctionServiceRoleDefaultPolicy0A5C5673", + "S3BucketPingerFunctionServiceRole37E5E83A", + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + ] + }, + "S3BucketPingerProviderframeworkonEventServiceRole3DD0DF8B": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + }, + "DependsOn": [ + "ClusterAwsAuthmanifestFE51F8AE", + "ClusterControlPlaneSecurityGroupD274242C", + "ClusterKubectlReadyBarrier200052AF", + "ClusterMastersRole9AA35625", + "ClustermyserviceaccountConditionJson260229E4", + "ClustermyserviceaccountmanifestmyserviceaccountServiceAccountResource8FC996C5", + "ClustermyserviceaccountRoleDefaultPolicy791F61C9", + "ClustermyserviceaccountRole11FFD0A4", + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "ClusterNodegroupDefaultCapacityDA0920A3", + "ClusterOpenIdConnectProviderE7EB0530", + "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "ClusterCreationRole360249B6", + "Cluster9EE0221C", + "ClusterRoleFA261979", + "Clustersdkcall3402E269" + ] + }, + "S3BucketPingerProviderframeworkonEventServiceRoleDefaultPolicyF4F06433": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "S3BucketPingerFunctionCCEDB9F3", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "S3BucketPingerFunctionCCEDB9F3", + "Arn" + ] + }, + ":*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "S3BucketPingerProviderframeworkonEventServiceRoleDefaultPolicyF4F06433", + "Roles": [ + { + "Ref": "S3BucketPingerProviderframeworkonEventServiceRole3DD0DF8B" + } + ] + }, + "DependsOn": [ + "ClusterAwsAuthmanifestFE51F8AE", + "ClusterControlPlaneSecurityGroupD274242C", + "ClusterKubectlReadyBarrier200052AF", + "ClusterMastersRole9AA35625", + "ClustermyserviceaccountConditionJson260229E4", + "ClustermyserviceaccountmanifestmyserviceaccountServiceAccountResource8FC996C5", + "ClustermyserviceaccountRoleDefaultPolicy791F61C9", + "ClustermyserviceaccountRole11FFD0A4", + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "ClusterNodegroupDefaultCapacityDA0920A3", + "ClusterOpenIdConnectProviderE7EB0530", + "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "ClusterCreationRole360249B6", + "Cluster9EE0221C", + "ClusterRoleFA261979", + "Clustersdkcall3402E269" + ] + }, + "S3BucketPingerProviderframeworkonEvent449BB2C0": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" + }, + "Role": { + "Fn::GetAtt": [ + "S3BucketPingerProviderframeworkonEventServiceRole3DD0DF8B", + "Arn" + ] + }, + "Description": "AWS CDK resource provider framework - onEvent (aws-eks-oidc-provider-test/S3BucketPinger/Provider)", + "Environment": { + "Variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "S3BucketPingerFunctionCCEDB9F3", + "Arn" + ] + } + } + }, + "Handler": "framework.onEvent", + "Runtime": "nodejs14.x", + "Timeout": 900 + }, + "DependsOn": [ + "ClusterAwsAuthmanifestFE51F8AE", + "ClusterControlPlaneSecurityGroupD274242C", + "ClusterKubectlReadyBarrier200052AF", + "ClusterMastersRole9AA35625", + "ClustermyserviceaccountConditionJson260229E4", + "ClustermyserviceaccountmanifestmyserviceaccountServiceAccountResource8FC996C5", + "ClustermyserviceaccountRoleDefaultPolicy791F61C9", + "ClustermyserviceaccountRole11FFD0A4", + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "ClusterNodegroupDefaultCapacityDA0920A3", + "ClusterOpenIdConnectProviderE7EB0530", + "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "ClusterCreationRole360249B6", + "Cluster9EE0221C", + "ClusterRoleFA261979", + "Clustersdkcall3402E269", + "S3BucketPingerProviderframeworkonEventServiceRoleDefaultPolicyF4F06433", + "S3BucketPingerProviderframeworkonEventServiceRole3DD0DF8B" + ] + }, + "S3BucketPinger32144E5E": { + "Type": "AWS::CloudFormation::CustomResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "S3BucketPingerProviderframeworkonEvent449BB2C0", + "Arn" + ] + } + }, + "DependsOn": [ + "ClusterAwsAuthmanifestFE51F8AE", + "ClusterControlPlaneSecurityGroupD274242C", + "ClusterKubectlReadyBarrier200052AF", + "ClusterMastersRole9AA35625", + "ClustermyserviceaccountConditionJson260229E4", + "ClustermyserviceaccountmanifestmyserviceaccountServiceAccountResource8FC996C5", + "ClustermyserviceaccountRoleDefaultPolicy791F61C9", + "ClustermyserviceaccountRole11FFD0A4", + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "ClusterNodegroupDefaultCapacityDA0920A3", + "ClusterOpenIdConnectProviderE7EB0530", + "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "ClusterCreationRole360249B6", + "Cluster9EE0221C", + "ClusterRoleFA261979", + "Clustersdkcall3402E269" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Outputs": { + "ClusterConfigCommand43AAE40F": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks update-kubeconfig --name ", + { + "Ref": "Cluster9EE0221C" + }, + " --region ", + { + "Ref": "AWS::Region" + }, + " --role-arn ", + { + "Fn::GetAtt": [ + "ClusterMastersRole9AA35625", + "Arn" + ] + } + ] + ] + } + }, + "ClusterGetTokenCommand06AE992E": { + "Value": { + "Fn::Join": [ + "", + [ + "aws eks get-token --cluster-name ", + { + "Ref": "Cluster9EE0221C" + }, + " --region ", + { + "Ref": "AWS::Region" + }, + " --role-arn ", + { + "Fn::GetAtt": [ + "ClusterMastersRole9AA35625", + "Arn" + ] + } + ] + ] + } + }, + "PingerResponse": { + "Value": { + "Fn::GetAtt": [ + "S3BucketPinger32144E5E", + "Value" + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/awscdkeksserviceaccountsdkcallDefaultTestDeployAssertC5196707.assets.json b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/awscdkeksserviceaccountsdkcallDefaultTestDeployAssertC5196707.assets.json new file mode 100644 index 0000000000000..ecad5bae4f311 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/awscdkeksserviceaccountsdkcallDefaultTestDeployAssertC5196707.assets.json @@ -0,0 +1,19 @@ +{ + "version": "21.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "awscdkeksserviceaccountsdkcallDefaultTestDeployAssertC5196707.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/awscdkeksserviceaccountsdkcallDefaultTestDeployAssertC5196707.template.json b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/awscdkeksserviceaccountsdkcallDefaultTestDeployAssertC5196707.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/awscdkeksserviceaccountsdkcallDefaultTestDeployAssertC5196707.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/awseksoidcprovidertestawscdkawseksClusterResourceProviderDB30B151.nested.template.json b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/awseksoidcprovidertestawscdkawseksClusterResourceProviderDB30B151.nested.template.json new file mode 100644 index 0000000000000..bf5e47dddb930 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/awseksoidcprovidertestawscdkawseksClusterResourceProviderDB30B151.nested.template.json @@ -0,0 +1,839 @@ +{ + "Resources": { + "NodeProxyAgentLayer924C1971": { + "Type": "AWS::Lambda::LayerVersion", + "Properties": { + "Content": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip" + }, + "Description": "/opt/nodejs/node_modules/proxy-agent" + } + }, + "OnEventHandlerServiceRole15A26729": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "OnEventHandlerServiceRoleDefaultPolicyC57085D4": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Resource": { + "Ref": "referencetoawseksoidcprovidertestClusterCreationRole9C31DBFDArn" + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "OnEventHandlerServiceRoleDefaultPolicyC57085D4", + "Roles": [ + { + "Ref": "OnEventHandlerServiceRole15A26729" + } + ] + } + }, + "OnEventHandler42BEBAE0": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517.zip" + }, + "Role": { + "Fn::GetAtt": [ + "OnEventHandlerServiceRole15A26729", + "Arn" + ] + }, + "Description": "onEvent handler for EKS cluster resource provider", + "Environment": { + "Variables": { + "AWS_STS_REGIONAL_ENDPOINTS": "regional" + } + }, + "Handler": "index.onEvent", + "Layers": [ + { + "Ref": "NodeProxyAgentLayer924C1971" + } + ], + "Runtime": "nodejs14.x", + "Timeout": 60 + }, + "DependsOn": [ + "OnEventHandlerServiceRoleDefaultPolicyC57085D4", + "OnEventHandlerServiceRole15A26729" + ] + }, + "IsCompleteHandlerServiceRole5810CC58": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "IsCompleteHandlerServiceRoleDefaultPolicy8F64197B": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Resource": { + "Ref": "referencetoawseksoidcprovidertestClusterCreationRole9C31DBFDArn" + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "IsCompleteHandlerServiceRoleDefaultPolicy8F64197B", + "Roles": [ + { + "Ref": "IsCompleteHandlerServiceRole5810CC58" + } + ] + } + }, + "IsCompleteHandler7073F4DA": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517.zip" + }, + "Role": { + "Fn::GetAtt": [ + "IsCompleteHandlerServiceRole5810CC58", + "Arn" + ] + }, + "Description": "isComplete handler for EKS cluster resource provider", + "Environment": { + "Variables": { + "AWS_STS_REGIONAL_ENDPOINTS": "regional" + } + }, + "Handler": "index.isComplete", + "Layers": [ + { + "Ref": "NodeProxyAgentLayer924C1971" + } + ], + "Runtime": "nodejs14.x", + "Timeout": 60 + }, + "DependsOn": [ + "IsCompleteHandlerServiceRoleDefaultPolicy8F64197B", + "IsCompleteHandlerServiceRole5810CC58" + ] + }, + "ProviderframeworkonEventServiceRole9FF04296": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "IsCompleteHandler7073F4DA", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "OnEventHandler42BEBAE0", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "IsCompleteHandler7073F4DA", + "Arn" + ] + }, + ":*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "OnEventHandler42BEBAE0", + "Arn" + ] + }, + ":*" + ] + ] + } + ] + }, + { + "Action": "states:StartExecution", + "Effect": "Allow", + "Resource": { + "Ref": "Providerwaiterstatemachine5D4A9DF0" + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133", + "Roles": [ + { + "Ref": "ProviderframeworkonEventServiceRole9FF04296" + } + ] + } + }, + "ProviderframeworkonEvent83C1D0A7": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" + }, + "Role": { + "Fn::GetAtt": [ + "ProviderframeworkonEventServiceRole9FF04296", + "Arn" + ] + }, + "Description": "AWS CDK resource provider framework - onEvent (aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider)", + "Environment": { + "Variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "OnEventHandler42BEBAE0", + "Arn" + ] + }, + "USER_IS_COMPLETE_FUNCTION_ARN": { + "Fn::GetAtt": [ + "IsCompleteHandler7073F4DA", + "Arn" + ] + }, + "WAITER_STATE_MACHINE_ARN": { + "Ref": "Providerwaiterstatemachine5D4A9DF0" + } + } + }, + "Handler": "framework.onEvent", + "Runtime": "nodejs14.x", + "Timeout": 900 + }, + "DependsOn": [ + "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133", + "ProviderframeworkonEventServiceRole9FF04296" + ] + }, + "ProviderframeworkisCompleteServiceRoleB1087139": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "IsCompleteHandler7073F4DA", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "OnEventHandler42BEBAE0", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "IsCompleteHandler7073F4DA", + "Arn" + ] + }, + ":*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "OnEventHandler42BEBAE0", + "Arn" + ] + }, + ":*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC", + "Roles": [ + { + "Ref": "ProviderframeworkisCompleteServiceRoleB1087139" + } + ] + } + }, + "ProviderframeworkisComplete26D7B0CB": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" + }, + "Role": { + "Fn::GetAtt": [ + "ProviderframeworkisCompleteServiceRoleB1087139", + "Arn" + ] + }, + "Description": "AWS CDK resource provider framework - isComplete (aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider)", + "Environment": { + "Variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "OnEventHandler42BEBAE0", + "Arn" + ] + }, + "USER_IS_COMPLETE_FUNCTION_ARN": { + "Fn::GetAtt": [ + "IsCompleteHandler7073F4DA", + "Arn" + ] + } + } + }, + "Handler": "framework.isComplete", + "Runtime": "nodejs14.x", + "Timeout": 900 + }, + "DependsOn": [ + "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC", + "ProviderframeworkisCompleteServiceRoleB1087139" + ] + }, + "ProviderframeworkonTimeoutServiceRole28643D26": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "IsCompleteHandler7073F4DA", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "OnEventHandler42BEBAE0", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "IsCompleteHandler7073F4DA", + "Arn" + ] + }, + ":*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "OnEventHandler42BEBAE0", + "Arn" + ] + }, + ":*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F", + "Roles": [ + { + "Ref": "ProviderframeworkonTimeoutServiceRole28643D26" + } + ] + } + }, + "ProviderframeworkonTimeout0B47CA38": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" + }, + "Role": { + "Fn::GetAtt": [ + "ProviderframeworkonTimeoutServiceRole28643D26", + "Arn" + ] + }, + "Description": "AWS CDK resource provider framework - onTimeout (aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider)", + "Environment": { + "Variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "OnEventHandler42BEBAE0", + "Arn" + ] + }, + "USER_IS_COMPLETE_FUNCTION_ARN": { + "Fn::GetAtt": [ + "IsCompleteHandler7073F4DA", + "Arn" + ] + } + } + }, + "Handler": "framework.onTimeout", + "Runtime": "nodejs14.x", + "Timeout": 900 + }, + "DependsOn": [ + "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F", + "ProviderframeworkonTimeoutServiceRole28643D26" + ] + }, + "ProviderwaiterstatemachineRole0C7159F9": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::FindInMap": [ + "ServiceprincipalMap", + { + "Ref": "AWS::Region" + }, + "states" + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "ProviderframeworkisComplete26D7B0CB", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "ProviderframeworkonTimeout0B47CA38", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "ProviderframeworkisComplete26D7B0CB", + "Arn" + ] + }, + ":*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "ProviderframeworkonTimeout0B47CA38", + "Arn" + ] + }, + ":*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A", + "Roles": [ + { + "Ref": "ProviderwaiterstatemachineRole0C7159F9" + } + ] + } + }, + "Providerwaiterstatemachine5D4A9DF0": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"framework-isComplete-task\",\"States\":{\"framework-isComplete-task\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":60,\"MaxAttempts\":60,\"BackoffRate\":1}],\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"Next\":\"framework-onTimeout-task\"}],\"Type\":\"Task\",\"Resource\":\"", + { + "Fn::GetAtt": [ + "ProviderframeworkisComplete26D7B0CB", + "Arn" + ] + }, + "\"},\"framework-onTimeout-task\":{\"End\":true,\"Type\":\"Task\",\"Resource\":\"", + { + "Fn::GetAtt": [ + "ProviderframeworkonTimeout0B47CA38", + "Arn" + ] + }, + "\"}}}" + ] + ] + }, + "RoleArn": { + "Fn::GetAtt": [ + "ProviderwaiterstatemachineRole0C7159F9", + "Arn" + ] + } + }, + "DependsOn": [ + "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A", + "ProviderwaiterstatemachineRole0C7159F9" + ] + } + }, + "Mappings": { + "ServiceprincipalMap": { + "af-south-1": { + "states": "states.af-south-1.amazonaws.com" + }, + "ap-east-1": { + "states": "states.ap-east-1.amazonaws.com" + }, + "ap-northeast-1": { + "states": "states.ap-northeast-1.amazonaws.com" + }, + "ap-northeast-2": { + "states": "states.ap-northeast-2.amazonaws.com" + }, + "ap-northeast-3": { + "states": "states.ap-northeast-3.amazonaws.com" + }, + "ap-south-1": { + "states": "states.ap-south-1.amazonaws.com" + }, + "ap-southeast-1": { + "states": "states.ap-southeast-1.amazonaws.com" + }, + "ap-southeast-2": { + "states": "states.ap-southeast-2.amazonaws.com" + }, + "ap-southeast-3": { + "states": "states.ap-southeast-3.amazonaws.com" + }, + "ca-central-1": { + "states": "states.ca-central-1.amazonaws.com" + }, + "cn-north-1": { + "states": "states.cn-north-1.amazonaws.com" + }, + "cn-northwest-1": { + "states": "states.cn-northwest-1.amazonaws.com" + }, + "eu-central-1": { + "states": "states.eu-central-1.amazonaws.com" + }, + "eu-north-1": { + "states": "states.eu-north-1.amazonaws.com" + }, + "eu-south-1": { + "states": "states.eu-south-1.amazonaws.com" + }, + "eu-south-2": { + "states": "states.eu-south-2.amazonaws.com" + }, + "eu-west-1": { + "states": "states.eu-west-1.amazonaws.com" + }, + "eu-west-2": { + "states": "states.eu-west-2.amazonaws.com" + }, + "eu-west-3": { + "states": "states.eu-west-3.amazonaws.com" + }, + "me-south-1": { + "states": "states.me-south-1.amazonaws.com" + }, + "sa-east-1": { + "states": "states.sa-east-1.amazonaws.com" + }, + "us-east-1": { + "states": "states.us-east-1.amazonaws.com" + }, + "us-east-2": { + "states": "states.us-east-2.amazonaws.com" + }, + "us-gov-east-1": { + "states": "states.us-gov-east-1.amazonaws.com" + }, + "us-gov-west-1": { + "states": "states.us-gov-west-1.amazonaws.com" + }, + "us-iso-east-1": { + "states": "states.amazonaws.com" + }, + "us-iso-west-1": { + "states": "states.amazonaws.com" + }, + "us-isob-east-1": { + "states": "states.amazonaws.com" + }, + "us-west-1": { + "states": "states.us-west-1.amazonaws.com" + }, + "us-west-2": { + "states": "states.us-west-2.amazonaws.com" + } + } + }, + "Outputs": { + "awseksoidcprovidertestawscdkawseksClusterResourceProviderframeworkonEvent4FFC9C25Arn": { + "Value": { + "Fn::GetAtt": [ + "ProviderframeworkonEvent83C1D0A7", + "Arn" + ] + } + } + }, + "Parameters": { + "referencetoawseksoidcprovidertestClusterCreationRole9C31DBFDArn": { + "Type": "String" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/awseksoidcprovidertestawscdkawseksKubectlProviderD23CBFFD.nested.template.json b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/awseksoidcprovidertestawscdkawseksKubectlProviderD23CBFFD.nested.template.json new file mode 100644 index 0000000000000..c3409067a02f8 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/awseksoidcprovidertestawscdkawseksKubectlProviderD23CBFFD.nested.template.json @@ -0,0 +1,324 @@ +{ + "Resources": { + "HandlerServiceRoleFCDC14AE": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + } + ] + } + }, + "HandlerServiceRoleDefaultPolicyCBD0CC91": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "eks:DescribeCluster", + "Effect": "Allow", + "Resource": { + "Ref": "referencetoawseksoidcprovidertestCluster40390314Arn" + } + }, + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Resource": { + "Ref": "referencetoawseksoidcprovidertestClusterCreationRole9C31DBFDArn" + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "HandlerServiceRoleDefaultPolicyCBD0CC91", + "Roles": [ + { + "Ref": "HandlerServiceRoleFCDC14AE" + } + ] + } + }, + "Handler886CB40B": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb.zip" + }, + "Role": { + "Fn::GetAtt": [ + "HandlerServiceRoleFCDC14AE", + "Arn" + ] + }, + "Description": "onEvent handler for EKS kubectl resource provider", + "Handler": "index.handler", + "Layers": [ + { + "Ref": "AwsCliLayerF44AAF94" + }, + { + "Ref": "KubectlLayer600207B5" + } + ], + "MemorySize": 1024, + "Runtime": "python3.7", + "Timeout": 900, + "VpcConfig": { + "SecurityGroupIds": [ + { + "Ref": "referencetoawseksoidcprovidertestCluster40390314ClusterSecurityGroupId" + } + ], + "SubnetIds": [ + { + "Ref": "referencetoawseksoidcprovidertestVpcPrivateSubnet1Subnet60CC97A0Ref" + }, + { + "Ref": "referencetoawseksoidcprovidertestVpcPrivateSubnet2Subnet7E577D94Ref" + } + ] + } + }, + "DependsOn": [ + "HandlerServiceRoleDefaultPolicyCBD0CC91", + "HandlerServiceRoleFCDC14AE" + ] + }, + "AwsCliLayerF44AAF94": { + "Type": "AWS::Lambda::LayerVersion", + "Properties": { + "Content": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip" + }, + "Description": "/opt/awscli/aws" + } + }, + "KubectlLayer600207B5": { + "Type": "AWS::Lambda::LayerVersion", + "Properties": { + "Content": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip" + }, + "Description": "/opt/kubectl/kubectl and /opt/helm/helm" + } + }, + "ProviderframeworkonEventServiceRole9FF04296": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ] + ] + } + ] + } + }, + "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "Handler886CB40B", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Handler886CB40B", + "Arn" + ] + }, + ":*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133", + "Roles": [ + { + "Ref": "ProviderframeworkonEventServiceRole9FF04296" + } + ] + } + }, + "ProviderframeworkonEvent83C1D0A7": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" + }, + "Role": { + "Fn::GetAtt": [ + "ProviderframeworkonEventServiceRole9FF04296", + "Arn" + ] + }, + "Description": "AWS CDK resource provider framework - onEvent (aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Provider)", + "Environment": { + "Variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "Handler886CB40B", + "Arn" + ] + } + } + }, + "Handler": "framework.onEvent", + "Runtime": "nodejs14.x", + "Timeout": 900, + "VpcConfig": { + "SecurityGroupIds": [ + { + "Ref": "referencetoawseksoidcprovidertestCluster40390314ClusterSecurityGroupId" + } + ], + "SubnetIds": [ + { + "Ref": "referencetoawseksoidcprovidertestVpcPrivateSubnet1Subnet60CC97A0Ref" + }, + { + "Ref": "referencetoawseksoidcprovidertestVpcPrivateSubnet2Subnet7E577D94Ref" + } + ] + } + }, + "DependsOn": [ + "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133", + "ProviderframeworkonEventServiceRole9FF04296" + ] + } + }, + "Outputs": { + "awseksoidcprovidertestawscdkawseksKubectlProviderframeworkonEventAF429689Arn": { + "Value": { + "Fn::GetAtt": [ + "ProviderframeworkonEvent83C1D0A7", + "Arn" + ] + } + } + }, + "Parameters": { + "referencetoawseksoidcprovidertestCluster40390314Arn": { + "Type": "String" + }, + "referencetoawseksoidcprovidertestClusterCreationRole9C31DBFDArn": { + "Type": "String" + }, + "referencetoawseksoidcprovidertestVpcPrivateSubnet1Subnet60CC97A0Ref": { + "Type": "String" + }, + "referencetoawseksoidcprovidertestVpcPrivateSubnet2Subnet7E577D94Ref": { + "Type": "String" + }, + "referencetoawseksoidcprovidertestCluster40390314ClusterSecurityGroupId": { + "Type": "String" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/cdk.out b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/cdk.out new file mode 100644 index 0000000000000..8ecc185e9dbee --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/cdk.out @@ -0,0 +1 @@ +{"version":"21.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/integ.json b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/integ.json new file mode 100644 index 0000000000000..d9a08a8303917 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/integ.json @@ -0,0 +1,12 @@ +{ + "version": "21.0.0", + "testCases": { + "aws-cdk-eks-service-account-sdk-call/DefaultTest": { + "stacks": [ + "aws-eks-oidc-provider-test" + ], + "assertionStack": "aws-cdk-eks-service-account-sdk-call/DefaultTest/DeployAssert", + "assertionStackName": "awscdkeksserviceaccountsdkcallDefaultTestDeployAssertC5196707" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/manifest.json b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/manifest.json new file mode 100644 index 0000000000000..8165b67361b9d --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/manifest.json @@ -0,0 +1,645 @@ +{ + "version": "21.0.0", + "artifacts": { + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "aws-eks-oidc-provider-test.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "aws-eks-oidc-provider-test.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "aws-eks-oidc-provider-test": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "aws-eks-oidc-provider-test.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/5dd54e38fb3e5b666650f1d779742e66c02098650957306f6ccf1a4100f81d95.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "aws-eks-oidc-provider-test.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "aws-eks-oidc-provider-test.assets" + ], + "metadata": { + "/aws-eks-oidc-provider-test/Vpc/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpc8378EB38" + } + ], + "/aws-eks-oidc-provider-test/Vpc/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1Subnet5C2D37C4" + } + ], + "/aws-eks-oidc-provider-test/Vpc/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTable6C95E38E" + } + ], + "/aws-eks-oidc-provider-test/Vpc/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTableAssociation97140677" + } + ], + "/aws-eks-oidc-provider-test/Vpc/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1DefaultRoute3DA9E72A" + } + ], + "/aws-eks-oidc-provider-test/Vpc/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1EIPD7E02669" + } + ], + "/aws-eks-oidc-provider-test/Vpc/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1NATGateway4D7517AA" + } + ], + "/aws-eks-oidc-provider-test/Vpc/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2Subnet691E08A3" + } + ], + "/aws-eks-oidc-provider-test/Vpc/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTable94F7E489" + } + ], + "/aws-eks-oidc-provider-test/Vpc/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTableAssociationDD5762D8" + } + ], + "/aws-eks-oidc-provider-test/Vpc/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2DefaultRoute97F91067" + } + ], + "/aws-eks-oidc-provider-test/Vpc/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1Subnet536B997A" + } + ], + "/aws-eks-oidc-provider-test/Vpc/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1RouteTableB2C5B500" + } + ], + "/aws-eks-oidc-provider-test/Vpc/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1RouteTableAssociation70C59FA6" + } + ], + "/aws-eks-oidc-provider-test/Vpc/PrivateSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1DefaultRouteBE02A9ED" + } + ], + "/aws-eks-oidc-provider-test/Vpc/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2Subnet3788AAA1" + } + ], + "/aws-eks-oidc-provider-test/Vpc/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2RouteTableA678073B" + } + ], + "/aws-eks-oidc-provider-test/Vpc/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + } + ], + "/aws-eks-oidc-provider-test/Vpc/PrivateSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2DefaultRoute060D2087" + } + ], + "/aws-eks-oidc-provider-test/Vpc/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIGWD7BA715C" + } + ], + "/aws-eks-oidc-provider-test/Vpc/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcVPCGWBF912B6E" + } + ], + "/aws-eks-oidc-provider-test/Cluster/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterRoleFA261979" + } + ], + "/aws-eks-oidc-provider-test/Cluster/ControlPlaneSecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterControlPlaneSecurityGroupD274242C" + } + ], + "/aws-eks-oidc-provider-test/Cluster/Resource/CreationRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterCreationRole360249B6" + } + ], + "/aws-eks-oidc-provider-test/Cluster/Resource/CreationRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterCreationRoleDefaultPolicyE8BDFC7B" + } + ], + "/aws-eks-oidc-provider-test/Cluster/Resource/Resource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "Cluster9EE0221C" + } + ], + "/aws-eks-oidc-provider-test/Cluster/KubectlReadyBarrier": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterKubectlReadyBarrier200052AF" + } + ], + "/aws-eks-oidc-provider-test/Cluster/MastersRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterMastersRole9AA35625" + } + ], + "/aws-eks-oidc-provider-test/Cluster/AwsAuth/manifest/Resource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterAwsAuthmanifestFE51F8AE" + } + ], + "/aws-eks-oidc-provider-test/Cluster/NodegroupDefaultCapacity/NodeGroupRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04" + } + ], + "/aws-eks-oidc-provider-test/Cluster/NodegroupDefaultCapacity/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterNodegroupDefaultCapacityDA0920A3" + } + ], + "/aws-eks-oidc-provider-test/Cluster/ConfigCommand": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterConfigCommand43AAE40F" + } + ], + "/aws-eks-oidc-provider-test/Cluster/GetTokenCommand": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterGetTokenCommand06AE992E" + } + ], + "/aws-eks-oidc-provider-test/Cluster/my-service-account/ConditionJson/Resource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "ClustermyserviceaccountConditionJson260229E4" + } + ], + "/aws-eks-oidc-provider-test/Cluster/my-service-account/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ClustermyserviceaccountRole11FFD0A4" + } + ], + "/aws-eks-oidc-provider-test/Cluster/my-service-account/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ClustermyserviceaccountRoleDefaultPolicy791F61C9" + } + ], + "/aws-eks-oidc-provider-test/Cluster/my-service-account/manifest-my-service-accountServiceAccountResource/Resource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "ClustermyserviceaccountmanifestmyserviceaccountServiceAccountResource8FC996C5" + } + ], + "/aws-eks-oidc-provider-test/Cluster/OpenIdConnectProvider/Resource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "ClusterOpenIdConnectProviderE7EB0530" + } + ], + "/aws-eks-oidc-provider-test/Cluster/sdk-call/Resource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "Clustersdkcall3402E269" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/NodeProxyAgentLayer/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "NodeProxyAgentLayer924C1971" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/OnEventHandler/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "OnEventHandlerServiceRole15A26729" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/OnEventHandler/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "OnEventHandlerServiceRoleDefaultPolicyC57085D4" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/OnEventHandler/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "OnEventHandler42BEBAE0" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/IsCompleteHandler/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "IsCompleteHandlerServiceRole5810CC58" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/IsCompleteHandler/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "IsCompleteHandlerServiceRoleDefaultPolicy8F64197B" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/IsCompleteHandler/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "IsCompleteHandler7073F4DA" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onEvent/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkonEventServiceRole9FF04296" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onEvent/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onEvent/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkonEvent83C1D0A7" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-isComplete/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkisCompleteServiceRoleB1087139" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-isComplete/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-isComplete/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkisComplete26D7B0CB" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onTimeout/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkonTimeoutServiceRole28643D26" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onTimeout/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onTimeout/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkonTimeout0B47CA38" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/waiter-state-machine/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderwaiterstatemachineRole0C7159F9" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/waiter-state-machine/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/waiter-state-machine/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Providerwaiterstatemachine5D4A9DF0" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Service-principalMap": [ + { + "type": "aws:cdk:logicalId", + "data": "ServiceprincipalMap" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/awseksoidcprovidertestawscdkawseksClusterResourceProviderframeworkonEvent4FFC9C25Arn": [ + { + "type": "aws:cdk:logicalId", + "data": "awseksoidcprovidertestawscdkawseksClusterResourceProviderframeworkonEvent4FFC9C25Arn" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/reference-to-awseksoidcprovidertestClusterCreationRole9C31DBFDArn": [ + { + "type": "aws:cdk:logicalId", + "data": "referencetoawseksoidcprovidertestClusterCreationRole9C31DBFDArn" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider.NestedStack/@aws-cdk--aws-eks.ClusterResourceProvider.NestedStackResource": [ + { + "type": "aws:cdk:logicalId", + "data": "awscdkawseksClusterResourceProviderNestedStackawscdkawseksClusterResourceProviderNestedStackResource9827C454" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Handler/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "HandlerServiceRoleFCDC14AE" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Handler/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "HandlerServiceRoleDefaultPolicyCBD0CC91" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Handler/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Handler886CB40B" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/AwsCliLayer/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AwsCliLayerF44AAF94" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/KubectlLayer/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "KubectlLayer600207B5" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Provider/framework-onEvent/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkonEventServiceRole9FF04296" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Provider/framework-onEvent/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Provider/framework-onEvent/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkonEvent83C1D0A7" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/awseksoidcprovidertestawscdkawseksKubectlProviderframeworkonEventAF429689Arn": [ + { + "type": "aws:cdk:logicalId", + "data": "awseksoidcprovidertestawscdkawseksKubectlProviderframeworkonEventAF429689Arn" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/reference-to-awseksoidcprovidertestCluster40390314Arn": [ + { + "type": "aws:cdk:logicalId", + "data": "referencetoawseksoidcprovidertestCluster40390314Arn" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/reference-to-awseksoidcprovidertestClusterCreationRole9C31DBFDArn": [ + { + "type": "aws:cdk:logicalId", + "data": "referencetoawseksoidcprovidertestClusterCreationRole9C31DBFDArn" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/reference-to-awseksoidcprovidertestVpcPrivateSubnet1Subnet60CC97A0Ref": [ + { + "type": "aws:cdk:logicalId", + "data": "referencetoawseksoidcprovidertestVpcPrivateSubnet1Subnet60CC97A0Ref" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/reference-to-awseksoidcprovidertestVpcPrivateSubnet2Subnet7E577D94Ref": [ + { + "type": "aws:cdk:logicalId", + "data": "referencetoawseksoidcprovidertestVpcPrivateSubnet2Subnet7E577D94Ref" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/reference-to-awseksoidcprovidertestCluster40390314ClusterSecurityGroupId": [ + { + "type": "aws:cdk:logicalId", + "data": "referencetoawseksoidcprovidertestCluster40390314ClusterSecurityGroupId" + } + ], + "/aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider.NestedStack/@aws-cdk--aws-eks.KubectlProvider.NestedStackResource": [ + { + "type": "aws:cdk:logicalId", + "data": "awscdkawseksKubectlProviderNestedStackawscdkawseksKubectlProviderNestedStackResourceA7AEBA6B" + } + ], + "/aws-eks-oidc-provider-test/Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderRole517FED65" + } + ], + "/aws-eks-oidc-provider-test/Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomAWSCDKOpenIdConnectProviderCustomResourceProviderHandlerF2C543E0" + } + ], + "/aws-eks-oidc-provider-test/AWSCDKCfnUtilsProviderCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "AWSCDKCfnUtilsProviderCustomResourceProviderRoleFE0EE867" + } + ], + "/aws-eks-oidc-provider-test/AWSCDKCfnUtilsProviderCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "AWSCDKCfnUtilsProviderCustomResourceProviderHandlerCF82AA57" + } + ], + "/aws-eks-oidc-provider-test/S3BucketPinger/Function/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "S3BucketPingerFunctionServiceRole37E5E83A" + } + ], + "/aws-eks-oidc-provider-test/S3BucketPinger/Function/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "S3BucketPingerFunctionServiceRoleDefaultPolicy0A5C5673" + } + ], + "/aws-eks-oidc-provider-test/S3BucketPinger/Function/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "S3BucketPingerFunctionSecurityGroup470A4668" + } + ], + "/aws-eks-oidc-provider-test/S3BucketPinger/Function/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "S3BucketPingerFunctionCCEDB9F3" + } + ], + "/aws-eks-oidc-provider-test/S3BucketPinger/Provider/framework-onEvent/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "S3BucketPingerProviderframeworkonEventServiceRole3DD0DF8B" + } + ], + "/aws-eks-oidc-provider-test/S3BucketPinger/Provider/framework-onEvent/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "S3BucketPingerProviderframeworkonEventServiceRoleDefaultPolicyF4F06433" + } + ], + "/aws-eks-oidc-provider-test/S3BucketPinger/Provider/framework-onEvent/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "S3BucketPingerProviderframeworkonEvent449BB2C0" + } + ], + "/aws-eks-oidc-provider-test/S3BucketPinger/Resource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "S3BucketPinger32144E5E" + } + ], + "/aws-eks-oidc-provider-test/PingerResponse": [ + { + "type": "aws:cdk:logicalId", + "data": "PingerResponse" + } + ], + "/aws-eks-oidc-provider-test/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-eks-oidc-provider-test/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-eks-oidc-provider-test" + }, + "awscdkeksserviceaccountsdkcallDefaultTestDeployAssertC5196707.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "awscdkeksserviceaccountsdkcallDefaultTestDeployAssertC5196707.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "awscdkeksserviceaccountsdkcallDefaultTestDeployAssertC5196707": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "awscdkeksserviceaccountsdkcallDefaultTestDeployAssertC5196707.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "awscdkeksserviceaccountsdkcallDefaultTestDeployAssertC5196707.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "awscdkeksserviceaccountsdkcallDefaultTestDeployAssertC5196707.assets" + ], + "metadata": { + "/aws-cdk-eks-service-account-sdk-call/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/aws-cdk-eks-service-account-sdk-call/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "aws-cdk-eks-service-account-sdk-call/DefaultTest/DeployAssert" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/tree.json b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/tree.json new file mode 100644 index 0000000000000..c3d02c6142092 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/cdk-integ.out.eks-service-account-sdk-call/tree.json @@ -0,0 +1,3890 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.133" + } + }, + "aws-eks-oidc-provider-test": { + "id": "aws-eks-oidc-provider-test", + "path": "aws-eks-oidc-provider-test", + "children": { + "sdk-call-making-docker-image": { + "id": "sdk-call-making-docker-image", + "path": "aws-eks-oidc-provider-test/sdk-call-making-docker-image", + "children": { + "Staging": { + "id": "Staging", + "path": "aws-eks-oidc-provider-test/sdk-call-making-docker-image/Staging", + "constructInfo": { + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" + } + }, + "Repository": { + "id": "Repository", + "path": "aws-eks-oidc-provider-test/sdk-call-making-docker-image/Repository", + "constructInfo": { + "fqn": "@aws-cdk/aws-ecr.RepositoryBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ecr-assets.DockerImageAsset", + "version": "0.0.0" + } + }, + "Vpc": { + "id": "Vpc", + "path": "aws-eks-oidc-provider-test/Vpc", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/Vpc/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "aws-eks-oidc-provider-test/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnVPC", + "version": "0.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "aws-eks-oidc-provider-test/Vpc/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-eks-oidc-provider-test/Vpc/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "Vpc8378EB38" + }, + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "kubernetes.io/role/elb", + "value": "1" + }, + { + "key": "Name", + "value": "aws-eks-oidc-provider-test/Vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-eks-oidc-provider-test/Vpc/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-eks-oidc-provider-test/Vpc/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "Vpc8378EB38" + }, + "tags": [ + { + "key": "kubernetes.io/role/elb", + "value": "1" + }, + { + "key": "Name", + "value": "aws-eks-oidc-provider-test/Vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-eks-oidc-provider-test/Vpc/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-eks-oidc-provider-test/Vpc/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRoute", + "version": "0.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "aws-eks-oidc-provider-test/Vpc/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "kubernetes.io/role/elb", + "value": "1" + }, + { + "key": "Name", + "value": "aws-eks-oidc-provider-test/Vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnEIP", + "version": "0.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "aws-eks-oidc-provider-test/Vpc/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "allocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet1EIPD7E02669", + "AllocationId" + ] + }, + "tags": [ + { + "key": "kubernetes.io/role/elb", + "value": "1" + }, + { + "key": "Name", + "value": "aws-eks-oidc-provider-test/Vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnNatGateway", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "aws-eks-oidc-provider-test/Vpc/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-eks-oidc-provider-test/Vpc/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "Vpc8378EB38" + }, + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "kubernetes.io/role/elb", + "value": "1" + }, + { + "key": "Name", + "value": "aws-eks-oidc-provider-test/Vpc/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-eks-oidc-provider-test/Vpc/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-eks-oidc-provider-test/Vpc/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "Vpc8378EB38" + }, + "tags": [ + { + "key": "kubernetes.io/role/elb", + "value": "1" + }, + { + "key": "Name", + "value": "aws-eks-oidc-provider-test/Vpc/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-eks-oidc-provider-test/Vpc/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "subnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-eks-oidc-provider-test/Vpc/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.PublicSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "Vpc8378EB38" + }, + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "kubernetes.io/role/internal-elb", + "value": "1" + }, + { + "key": "Name", + "value": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "Vpc8378EB38" + }, + "tags": [ + { + "key": "kubernetes.io/role/internal-elb", + "value": "1" + }, + { + "key": "Name", + "value": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "subnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "Vpc8378EB38" + }, + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "kubernetes.io/role/internal-elb", + "value": "1" + }, + { + "key": "Name", + "value": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnet", + "version": "0.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "Vpc8378EB38" + }, + "tags": [ + { + "key": "kubernetes.io/role/internal-elb", + "value": "1" + }, + { + "key": "Name", + "value": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRouteTable", + "version": "0.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "subnetId": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSubnetRouteTableAssociation", + "version": "0.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnRoute", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.PrivateSubnet", + "version": "0.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "aws-eks-oidc-provider-test/Vpc/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "aws-eks-oidc-provider-test/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnInternetGateway", + "version": "0.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "aws-eks-oidc-provider-test/Vpc/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "Vpc8378EB38" + }, + "internetGatewayId": { + "Ref": "VpcIGWD7BA715C" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnVPCGatewayAttachment", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.Vpc", + "version": "0.0.0" + } + }, + "Cluster": { + "id": "Cluster", + "path": "aws-eks-oidc-provider-test/Cluster", + "children": { + "Role": { + "id": "Role", + "path": "aws-eks-oidc-provider-test/Cluster/Role", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/Cluster/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "eks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSClusterPolicy" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "ControlPlaneSecurityGroup": { + "id": "ControlPlaneSecurityGroup", + "path": "aws-eks-oidc-provider-test/Cluster/ControlPlaneSecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/Cluster/ControlPlaneSecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "EKS Control Plane Security Group", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/Cluster/Resource", + "children": { + "CreationRole": { + "id": "CreationRole", + "path": "aws-eks-oidc-provider-test/Cluster/Resource/CreationRole", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/Cluster/Resource/CreationRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-eks-oidc-provider-test/Cluster/Resource/CreationRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/Cluster/Resource/CreationRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "ClusterRoleFA261979", + "Arn" + ] + } + }, + { + "Action": [ + "eks:CreateCluster", + "eks:CreateFargateProfile", + "eks:DeleteCluster", + "eks:DescribeCluster", + "eks:DescribeUpdate", + "eks:TagResource", + "eks:UntagResource", + "eks:UpdateClusterConfig", + "eks:UpdateClusterVersion" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "eks:DeleteFargateProfile", + "eks:DescribeFargateProfile" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": [ + "ec2:DescribeDhcpOptions", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "iam:listAttachedRolePolicies" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "ClusterCreationRoleDefaultPolicyE8BDFC7B", + "roles": [ + { + "Ref": "ClusterCreationRole360249B6" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/Cluster/Resource/Resource", + "children": { + "Default": { + "id": "Default", + "path": "aws-eks-oidc-provider-test/Cluster/Resource/Resource/Default", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.133" + } + }, + "KubectlReadyBarrier": { + "id": "KubectlReadyBarrier", + "path": "aws-eks-oidc-provider-test/Cluster/KubectlReadyBarrier", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" + } + }, + "ClusterSecurityGroup": { + "id": "ClusterSecurityGroup", + "path": "aws-eks-oidc-provider-test/Cluster/ClusterSecurityGroup", + "constructInfo": { + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" + } + }, + "MastersRole": { + "id": "MastersRole", + "path": "aws-eks-oidc-provider-test/Cluster/MastersRole", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/Cluster/MastersRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "AwsAuth": { + "id": "AwsAuth", + "path": "aws-eks-oidc-provider-test/Cluster/AwsAuth", + "children": { + "manifest": { + "id": "manifest", + "path": "aws-eks-oidc-provider-test/Cluster/AwsAuth/manifest", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/Cluster/AwsAuth/manifest/Resource", + "children": { + "Default": { + "id": "Default", + "path": "aws-eks-oidc-provider-test/Cluster/AwsAuth/manifest/Resource/Default", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-eks.KubernetesManifest", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-eks.AwsAuth", + "version": "0.0.0" + } + }, + "NodegroupDefaultCapacity": { + "id": "NodegroupDefaultCapacity", + "path": "aws-eks-oidc-provider-test/Cluster/NodegroupDefaultCapacity", + "children": { + "NodeGroupRole": { + "id": "NodeGroupRole", + "path": "aws-eks-oidc-provider-test/Cluster/NodegroupDefaultCapacity/NodeGroupRole", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/Cluster/NodegroupDefaultCapacity/NodeGroupRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "ec2.", + { + "Ref": "AWS::URLSuffix" + } + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKSWorkerNodePolicy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEKS_CNI_Policy" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/Cluster/NodegroupDefaultCapacity/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EKS::Nodegroup", + "aws:cdk:cloudformation:props": { + "clusterName": { + "Ref": "Cluster9EE0221C" + }, + "nodeRole": { + "Fn::GetAtt": [ + "ClusterNodegroupDefaultCapacityNodeGroupRole55953B04", + "Arn" + ] + }, + "subnets": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ], + "amiType": "AL2_x86_64", + "forceUpdateEnabled": true, + "instanceTypes": [ + "m5.large" + ], + "scalingConfig": { + "desiredSize": 2, + "maxSize": 2, + "minSize": 2 + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-eks.CfnNodegroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-eks.Nodegroup", + "version": "0.0.0" + } + }, + "ConfigCommand": { + "id": "ConfigCommand", + "path": "aws-eks-oidc-provider-test/Cluster/ConfigCommand", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnOutput", + "version": "0.0.0" + } + }, + "GetTokenCommand": { + "id": "GetTokenCommand", + "path": "aws-eks-oidc-provider-test/Cluster/GetTokenCommand", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnOutput", + "version": "0.0.0" + } + }, + "my-service-account": { + "id": "my-service-account", + "path": "aws-eks-oidc-provider-test/Cluster/my-service-account", + "children": { + "ConditionJson": { + "id": "ConditionJson", + "path": "aws-eks-oidc-provider-test/Cluster/my-service-account/ConditionJson", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/Cluster/my-service-account/ConditionJson/Resource", + "children": { + "Default": { + "id": "Default", + "path": "aws-eks-oidc-provider-test/Cluster/my-service-account/ConditionJson/Resource/Default", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.CfnJson", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "aws-eks-oidc-provider-test/Cluster/my-service-account/Role", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/Cluster/my-service-account/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRoleWithWebIdentity", + "Condition": { + "StringEquals": { + "Fn::GetAtt": [ + "ClustermyserviceaccountConditionJson260229E4", + "Value" + ] + } + }, + "Effect": "Allow", + "Principal": { + "Federated": { + "Ref": "ClusterOpenIdConnectProviderE7EB0530" + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-eks-oidc-provider-test/Cluster/my-service-account/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/Cluster/my-service-account/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "s3:CreateBucket", + "Effect": "Allow", + "Resource": "arn:aws:s3:::*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "ClustermyserviceaccountRoleDefaultPolicy791F61C9", + "roles": [ + { + "Ref": "ClustermyserviceaccountRole11FFD0A4" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "manifest-my-service-accountServiceAccountResource": { + "id": "manifest-my-service-accountServiceAccountResource", + "path": "aws-eks-oidc-provider-test/Cluster/my-service-account/manifest-my-service-accountServiceAccountResource", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/Cluster/my-service-account/manifest-my-service-accountServiceAccountResource/Resource", + "children": { + "Default": { + "id": "Default", + "path": "aws-eks-oidc-provider-test/Cluster/my-service-account/manifest-my-service-accountServiceAccountResource/Resource/Default", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-eks.KubernetesManifest", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-eks.ServiceAccount", + "version": "0.0.0" + } + }, + "OpenIdConnectProvider": { + "id": "OpenIdConnectProvider", + "path": "aws-eks-oidc-provider-test/Cluster/OpenIdConnectProvider", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/Cluster/OpenIdConnectProvider/Resource", + "children": { + "Default": { + "id": "Default", + "path": "aws-eks-oidc-provider-test/Cluster/OpenIdConnectProvider/Resource/Default", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-eks.OpenIdConnectProvider", + "version": "0.0.0" + } + }, + "sdk-call": { + "id": "sdk-call", + "path": "aws-eks-oidc-provider-test/Cluster/sdk-call", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/Cluster/sdk-call/Resource", + "children": { + "Default": { + "id": "Default", + "path": "aws-eks-oidc-provider-test/Cluster/sdk-call/Resource/Default", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-eks.KubernetesManifest", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-eks.Cluster", + "version": "0.0.0" + } + }, + "@aws-cdk--aws-eks.ClusterResourceProvider": { + "id": "@aws-cdk--aws-eks.ClusterResourceProvider", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider", + "children": { + "NodeProxyAgentLayer": { + "id": "NodeProxyAgentLayer", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/NodeProxyAgentLayer", + "children": { + "Code": { + "id": "Code", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/NodeProxyAgentLayer/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/NodeProxyAgentLayer/Code/Stage", + "constructInfo": { + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/NodeProxyAgentLayer/Code/AssetBucket", + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3-assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/NodeProxyAgentLayer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::LayerVersion", + "aws:cdk:cloudformation:props": { + "content": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee.zip" + }, + "description": "/opt/nodejs/node_modules/proxy-agent" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.CfnLayerVersion", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/lambda-layer-node-proxy-agent.NodeProxyAgentLayer", + "version": "0.0.0" + } + }, + "OnEventHandler": { + "id": "OnEventHandler", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/OnEventHandler", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/OnEventHandler/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/OnEventHandler/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/OnEventHandler/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/OnEventHandler/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Resource": { + "Ref": "referencetoawseksoidcprovidertestClusterCreationRole9C31DBFDArn" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "OnEventHandlerServiceRoleDefaultPolicyC57085D4", + "roles": [ + { + "Ref": "OnEventHandlerServiceRole15A26729" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/OnEventHandler/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/OnEventHandler/Code/Stage", + "constructInfo": { + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/OnEventHandler/Code/AssetBucket", + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3-assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/OnEventHandler/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517.zip" + }, + "role": { + "Fn::GetAtt": [ + "OnEventHandlerServiceRole15A26729", + "Arn" + ] + }, + "description": "onEvent handler for EKS cluster resource provider", + "environment": { + "variables": { + "AWS_STS_REGIONAL_ENDPOINTS": "regional" + } + }, + "handler": "index.onEvent", + "layers": [ + { + "Ref": "NodeProxyAgentLayer924C1971" + } + ], + "runtime": "nodejs14.x", + "timeout": 60 + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.Function", + "version": "0.0.0" + } + }, + "IsCompleteHandler": { + "id": "IsCompleteHandler", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/IsCompleteHandler", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/IsCompleteHandler/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/IsCompleteHandler/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/IsCompleteHandler/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/IsCompleteHandler/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Resource": { + "Ref": "referencetoawseksoidcprovidertestClusterCreationRole9C31DBFDArn" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "IsCompleteHandlerServiceRoleDefaultPolicy8F64197B", + "roles": [ + { + "Ref": "IsCompleteHandlerServiceRole5810CC58" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/IsCompleteHandler/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/IsCompleteHandler/Code/Stage", + "constructInfo": { + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/IsCompleteHandler/Code/AssetBucket", + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3-assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/IsCompleteHandler/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "73edfa4462023915a2f13bf570acae05c5111817c606f9837f832152920ba517.zip" + }, + "role": { + "Fn::GetAtt": [ + "IsCompleteHandlerServiceRole5810CC58", + "Arn" + ] + }, + "description": "isComplete handler for EKS cluster resource provider", + "environment": { + "variables": { + "AWS_STS_REGIONAL_ENDPOINTS": "regional" + } + }, + "handler": "index.isComplete", + "layers": [ + { + "Ref": "NodeProxyAgentLayer924C1971" + } + ], + "runtime": "nodejs14.x", + "timeout": 60 + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.Function", + "version": "0.0.0" + } + }, + "Provider": { + "id": "Provider", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider", + "children": { + "framework-onEvent": { + "id": "framework-onEvent", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onEvent", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onEvent/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onEvent/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onEvent/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onEvent/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "IsCompleteHandler7073F4DA", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "OnEventHandler42BEBAE0", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "IsCompleteHandler7073F4DA", + "Arn" + ] + }, + ":*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "OnEventHandler42BEBAE0", + "Arn" + ] + }, + ":*" + ] + ] + } + ] + }, + { + "Action": "states:StartExecution", + "Effect": "Allow", + "Resource": { + "Ref": "Providerwaiterstatemachine5D4A9DF0" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133", + "roles": [ + { + "Ref": "ProviderframeworkonEventServiceRole9FF04296" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onEvent/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onEvent/Code/Stage", + "constructInfo": { + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onEvent/Code/AssetBucket", + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3-assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onEvent/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" + }, + "role": { + "Fn::GetAtt": [ + "ProviderframeworkonEventServiceRole9FF04296", + "Arn" + ] + }, + "description": "AWS CDK resource provider framework - onEvent (aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider)", + "environment": { + "variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "OnEventHandler42BEBAE0", + "Arn" + ] + }, + "USER_IS_COMPLETE_FUNCTION_ARN": { + "Fn::GetAtt": [ + "IsCompleteHandler7073F4DA", + "Arn" + ] + }, + "WAITER_STATE_MACHINE_ARN": { + "Ref": "Providerwaiterstatemachine5D4A9DF0" + } + } + }, + "handler": "framework.onEvent", + "runtime": "nodejs14.x", + "timeout": 900 + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.Function", + "version": "0.0.0" + } + }, + "framework-isComplete": { + "id": "framework-isComplete", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-isComplete", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-isComplete/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-isComplete/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-isComplete/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-isComplete/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "IsCompleteHandler7073F4DA", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "OnEventHandler42BEBAE0", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "IsCompleteHandler7073F4DA", + "Arn" + ] + }, + ":*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "OnEventHandler42BEBAE0", + "Arn" + ] + }, + ":*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC", + "roles": [ + { + "Ref": "ProviderframeworkisCompleteServiceRoleB1087139" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-isComplete/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-isComplete/Code/Stage", + "constructInfo": { + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-isComplete/Code/AssetBucket", + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3-assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-isComplete/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" + }, + "role": { + "Fn::GetAtt": [ + "ProviderframeworkisCompleteServiceRoleB1087139", + "Arn" + ] + }, + "description": "AWS CDK resource provider framework - isComplete (aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider)", + "environment": { + "variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "OnEventHandler42BEBAE0", + "Arn" + ] + }, + "USER_IS_COMPLETE_FUNCTION_ARN": { + "Fn::GetAtt": [ + "IsCompleteHandler7073F4DA", + "Arn" + ] + } + } + }, + "handler": "framework.isComplete", + "runtime": "nodejs14.x", + "timeout": 900 + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.Function", + "version": "0.0.0" + } + }, + "framework-onTimeout": { + "id": "framework-onTimeout", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onTimeout", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onTimeout/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onTimeout/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onTimeout/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onTimeout/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "IsCompleteHandler7073F4DA", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "OnEventHandler42BEBAE0", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "IsCompleteHandler7073F4DA", + "Arn" + ] + }, + ":*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "OnEventHandler42BEBAE0", + "Arn" + ] + }, + ":*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F", + "roles": [ + { + "Ref": "ProviderframeworkonTimeoutServiceRole28643D26" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onTimeout/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onTimeout/Code/Stage", + "constructInfo": { + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onTimeout/Code/AssetBucket", + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3-assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onTimeout/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" + }, + "role": { + "Fn::GetAtt": [ + "ProviderframeworkonTimeoutServiceRole28643D26", + "Arn" + ] + }, + "description": "AWS CDK resource provider framework - onTimeout (aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider)", + "environment": { + "variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "OnEventHandler42BEBAE0", + "Arn" + ] + }, + "USER_IS_COMPLETE_FUNCTION_ARN": { + "Fn::GetAtt": [ + "IsCompleteHandler7073F4DA", + "Arn" + ] + } + } + }, + "handler": "framework.onTimeout", + "runtime": "nodejs14.x", + "timeout": 900 + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.Function", + "version": "0.0.0" + } + }, + "waiter-state-machine": { + "id": "waiter-state-machine", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/waiter-state-machine", + "children": { + "Role": { + "id": "Role", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/waiter-state-machine/Role", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/waiter-state-machine/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::FindInMap": [ + "ServiceprincipalMap", + { + "Ref": "AWS::Region" + }, + "states" + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/waiter-state-machine/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/waiter-state-machine/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "ProviderframeworkisComplete26D7B0CB", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "ProviderframeworkonTimeout0B47CA38", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "ProviderframeworkisComplete26D7B0CB", + "Arn" + ] + }, + ":*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "ProviderframeworkonTimeout0B47CA38", + "Arn" + ] + }, + ":*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A", + "roles": [ + { + "Ref": "ProviderwaiterstatemachineRole0C7159F9" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/waiter-state-machine/Resource", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.133" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/custom-resources.Provider", + "version": "0.0.0" + } + }, + "Service-principalMap": { + "id": "Service-principalMap", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Service-principalMap", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnMapping", + "version": "0.0.0" + } + }, + "awseksoidcprovidertestawscdkawseksClusterResourceProviderframeworkonEvent4FFC9C25Arn": { + "id": "awseksoidcprovidertestawscdkawseksClusterResourceProviderframeworkonEvent4FFC9C25Arn", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/awseksoidcprovidertestawscdkawseksClusterResourceProviderframeworkonEvent4FFC9C25Arn", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnOutput", + "version": "0.0.0" + } + }, + "reference-to-awseksoidcprovidertestClusterCreationRole9C31DBFDArn": { + "id": "reference-to-awseksoidcprovidertestClusterCreationRole9C31DBFDArn", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/reference-to-awseksoidcprovidertestClusterCreationRole9C31DBFDArn", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnParameter", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.NestedStack", + "version": "0.0.0" + } + }, + "@aws-cdk--aws-eks.ClusterResourceProvider.NestedStack": { + "id": "@aws-cdk--aws-eks.ClusterResourceProvider.NestedStack", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider.NestedStack", + "children": { + "@aws-cdk--aws-eks.ClusterResourceProvider.NestedStackResource": { + "id": "@aws-cdk--aws-eks.ClusterResourceProvider.NestedStackResource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider.NestedStack/@aws-cdk--aws-eks.ClusterResourceProvider.NestedStackResource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudFormation::Stack", + "aws:cdk:cloudformation:props": { + "templateUrl": { + "Fn::Join": [ + "", + [ + "https://s3.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/e59f13ce93f53a92012f4cb1909dd1c644a3eaabecb3f91452ebb77d698e7b36.json" + ] + ] + }, + "parameters": { + "referencetoawseksoidcprovidertestClusterCreationRole9C31DBFDArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + } + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.CfnStack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.133" + } + }, + "@aws-cdk--aws-eks.KubectlProvider": { + "id": "@aws-cdk--aws-eks.KubectlProvider", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider", + "children": { + "Handler": { + "id": "Handler", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Handler", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Handler/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Handler/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Handler/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Handler/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "eks:DescribeCluster", + "Effect": "Allow", + "Resource": { + "Ref": "referencetoawseksoidcprovidertestCluster40390314Arn" + } + }, + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Resource": { + "Ref": "referencetoawseksoidcprovidertestClusterCreationRole9C31DBFDArn" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "HandlerServiceRoleDefaultPolicyCBD0CC91", + "roles": [ + { + "Ref": "HandlerServiceRoleFCDC14AE" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Handler/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Handler/Code/Stage", + "constructInfo": { + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Handler/Code/AssetBucket", + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3-assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Handler/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "d01d4b7367b49a3e222279017fe50e41d6b2272d436b2e82038d0036deb2cdcb.zip" + }, + "role": { + "Fn::GetAtt": [ + "HandlerServiceRoleFCDC14AE", + "Arn" + ] + }, + "description": "onEvent handler for EKS kubectl resource provider", + "handler": "index.handler", + "layers": [ + { + "Ref": "AwsCliLayerF44AAF94" + }, + { + "Ref": "KubectlLayer600207B5" + } + ], + "memorySize": 1024, + "runtime": "python3.7", + "timeout": 900, + "vpcConfig": { + "subnetIds": [ + { + "Ref": "referencetoawseksoidcprovidertestVpcPrivateSubnet1Subnet60CC97A0Ref" + }, + { + "Ref": "referencetoawseksoidcprovidertestVpcPrivateSubnet2Subnet7E577D94Ref" + } + ], + "securityGroupIds": [ + { + "Ref": "referencetoawseksoidcprovidertestCluster40390314ClusterSecurityGroupId" + } + ] + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.Function", + "version": "0.0.0" + } + }, + "AwsCliLayer": { + "id": "AwsCliLayer", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/AwsCliLayer", + "children": { + "Code": { + "id": "Code", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/AwsCliLayer/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/AwsCliLayer/Code/Stage", + "constructInfo": { + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/AwsCliLayer/Code/AssetBucket", + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3-assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/AwsCliLayer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::LayerVersion", + "aws:cdk:cloudformation:props": { + "content": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "c409e6c5845f1f349df8cd84e160bf6f1c35d2b060b63e1f032f9bd39d4542cc.zip" + }, + "description": "/opt/awscli/aws" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.CfnLayerVersion", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/lambda-layer-awscli.AwsCliLayer", + "version": "0.0.0" + } + }, + "KubectlLayer": { + "id": "KubectlLayer", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/KubectlLayer", + "children": { + "Code": { + "id": "Code", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/KubectlLayer/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/KubectlLayer/Code/Stage", + "constructInfo": { + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/KubectlLayer/Code/AssetBucket", + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3-assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/KubectlLayer/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::LayerVersion", + "aws:cdk:cloudformation:props": { + "content": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "c6964dbf0c556ec82ce09622e99ad6f6d4e488cdaac0ef9e8492e078ec61ffed.zip" + }, + "description": "/opt/kubectl/kubectl and /opt/helm/helm" + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.CfnLayerVersion", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/lambda-layer-kubectl.KubectlLayer", + "version": "0.0.0" + } + }, + "Provider": { + "id": "Provider", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Provider", + "children": { + "framework-onEvent": { + "id": "framework-onEvent", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Provider/framework-onEvent", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Provider/framework-onEvent/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Provider/framework-onEvent/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Provider/framework-onEvent/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Provider/framework-onEvent/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "Handler886CB40B", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Handler886CB40B", + "Arn" + ] + }, + ":*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133", + "roles": [ + { + "Ref": "ProviderframeworkonEventServiceRole9FF04296" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Provider/framework-onEvent/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Provider/framework-onEvent/Code/Stage", + "constructInfo": { + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Provider/framework-onEvent/Code/AssetBucket", + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3-assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Provider/framework-onEvent/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" + }, + "role": { + "Fn::GetAtt": [ + "ProviderframeworkonEventServiceRole9FF04296", + "Arn" + ] + }, + "description": "AWS CDK resource provider framework - onEvent (aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Provider)", + "environment": { + "variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "Handler886CB40B", + "Arn" + ] + } + } + }, + "handler": "framework.onEvent", + "runtime": "nodejs14.x", + "timeout": 900, + "vpcConfig": { + "subnetIds": [ + { + "Ref": "referencetoawseksoidcprovidertestVpcPrivateSubnet1Subnet60CC97A0Ref" + }, + { + "Ref": "referencetoawseksoidcprovidertestVpcPrivateSubnet2Subnet7E577D94Ref" + } + ], + "securityGroupIds": [ + { + "Ref": "referencetoawseksoidcprovidertestCluster40390314ClusterSecurityGroupId" + } + ] + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.Function", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/custom-resources.Provider", + "version": "0.0.0" + } + }, + "awseksoidcprovidertestawscdkawseksKubectlProviderframeworkonEventAF429689Arn": { + "id": "awseksoidcprovidertestawscdkawseksKubectlProviderframeworkonEventAF429689Arn", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/awseksoidcprovidertestawscdkawseksKubectlProviderframeworkonEventAF429689Arn", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnOutput", + "version": "0.0.0" + } + }, + "reference-to-awseksoidcprovidertestCluster40390314Arn": { + "id": "reference-to-awseksoidcprovidertestCluster40390314Arn", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/reference-to-awseksoidcprovidertestCluster40390314Arn", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnParameter", + "version": "0.0.0" + } + }, + "reference-to-awseksoidcprovidertestClusterCreationRole9C31DBFDArn": { + "id": "reference-to-awseksoidcprovidertestClusterCreationRole9C31DBFDArn", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/reference-to-awseksoidcprovidertestClusterCreationRole9C31DBFDArn", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnParameter", + "version": "0.0.0" + } + }, + "reference-to-awseksoidcprovidertestVpcPrivateSubnet1Subnet60CC97A0Ref": { + "id": "reference-to-awseksoidcprovidertestVpcPrivateSubnet1Subnet60CC97A0Ref", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/reference-to-awseksoidcprovidertestVpcPrivateSubnet1Subnet60CC97A0Ref", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnParameter", + "version": "0.0.0" + } + }, + "reference-to-awseksoidcprovidertestVpcPrivateSubnet2Subnet7E577D94Ref": { + "id": "reference-to-awseksoidcprovidertestVpcPrivateSubnet2Subnet7E577D94Ref", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/reference-to-awseksoidcprovidertestVpcPrivateSubnet2Subnet7E577D94Ref", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnParameter", + "version": "0.0.0" + } + }, + "reference-to-awseksoidcprovidertestCluster40390314ClusterSecurityGroupId": { + "id": "reference-to-awseksoidcprovidertestCluster40390314ClusterSecurityGroupId", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/reference-to-awseksoidcprovidertestCluster40390314ClusterSecurityGroupId", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnParameter", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-eks.KubectlProvider", + "version": "0.0.0" + } + }, + "@aws-cdk--aws-eks.KubectlProvider.NestedStack": { + "id": "@aws-cdk--aws-eks.KubectlProvider.NestedStack", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider.NestedStack", + "children": { + "@aws-cdk--aws-eks.KubectlProvider.NestedStackResource": { + "id": "@aws-cdk--aws-eks.KubectlProvider.NestedStackResource", + "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider.NestedStack/@aws-cdk--aws-eks.KubectlProvider.NestedStackResource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudFormation::Stack", + "aws:cdk:cloudformation:props": { + "templateUrl": { + "Fn::Join": [ + "", + [ + "https://s3.", + { + "Ref": "AWS::Region" + }, + ".", + { + "Ref": "AWS::URLSuffix" + }, + "/", + { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "/059554c62e9a55071f25739c539509931f3e6ca68eaba0d8dabc5a14b8891229.json" + ] + ] + }, + "parameters": { + "referencetoawseksoidcprovidertestCluster40390314Arn": { + "Fn::GetAtt": [ + "Cluster9EE0221C", + "Arn" + ] + }, + "referencetoawseksoidcprovidertestClusterCreationRole9C31DBFDArn": { + "Fn::GetAtt": [ + "ClusterCreationRole360249B6", + "Arn" + ] + }, + "referencetoawseksoidcprovidertestVpcPrivateSubnet1Subnet60CC97A0Ref": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + "referencetoawseksoidcprovidertestVpcPrivateSubnet2Subnet7E577D94Ref": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + }, + "referencetoawseksoidcprovidertestCluster40390314ClusterSecurityGroupId": { + "Fn::GetAtt": [ + "Cluster9EE0221C", + "ClusterSecurityGroupId" + ] + } + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.CfnStack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.133" + } + }, + "Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider": { + "id": "Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider", + "path": "aws-eks-oidc-provider-test/Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "aws-eks-oidc-provider-test/Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "aws-eks-oidc-provider-test/Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Role", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "aws-eks-oidc-provider-test/Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.CustomResourceProvider", + "version": "0.0.0" + } + }, + "AWSCDKCfnUtilsProviderCustomResourceProvider": { + "id": "AWSCDKCfnUtilsProviderCustomResourceProvider", + "path": "aws-eks-oidc-provider-test/AWSCDKCfnUtilsProviderCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "aws-eks-oidc-provider-test/AWSCDKCfnUtilsProviderCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "aws-eks-oidc-provider-test/AWSCDKCfnUtilsProviderCustomResourceProvider/Role", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" + } + }, + "Handler": { + "id": "Handler", + "path": "aws-eks-oidc-provider-test/AWSCDKCfnUtilsProviderCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.CustomResourceProvider", + "version": "0.0.0" + } + }, + "S3BucketPinger": { + "id": "S3BucketPinger", + "path": "aws-eks-oidc-provider-test/S3BucketPinger", + "children": { + "Function": { + "id": "Function", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Function", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Function/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Function/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Function/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Function/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "s3:DeleteBucket", + "s3:ListBucket" + ], + "Effect": "Allow", + "Resource": "arn:aws:s3:::*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "S3BucketPingerFunctionServiceRoleDefaultPolicy0A5C5673", + "roles": [ + { + "Ref": "S3BucketPingerFunctionServiceRole37E5E83A" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Function/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Function/Code/Stage", + "constructInfo": { + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Function/Code/AssetBucket", + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3-assets.Asset", + "version": "0.0.0" + } + }, + "SecurityGroup": { + "id": "SecurityGroup", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Function/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Function/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "Automatic security group for Lambda Function awseksoidcprovidertestS3BucketPingerFunction2C5AC7DA", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.CfnSecurityGroup", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-ec2.SecurityGroup", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Function/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "41c8a7cd37aeed043235c5685fbbd3711edb412ae285f9993951fd1bde8734a5.zip" + }, + "role": { + "Fn::GetAtt": [ + "S3BucketPingerFunctionServiceRole37E5E83A", + "Arn" + ] + }, + "handler": "index.handler", + "runtime": "python3.9", + "timeout": 60, + "vpcConfig": { + "subnetIds": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ], + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "S3BucketPingerFunctionSecurityGroup470A4668", + "GroupId" + ] + } + ] + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.Function", + "version": "0.0.0" + } + }, + "Provider": { + "id": "Provider", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Provider", + "children": { + "framework-onEvent": { + "id": "framework-onEvent", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Provider/framework-onEvent", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Provider/framework-onEvent/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Provider/framework-onEvent/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Provider/framework-onEvent/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Provider/framework-onEvent/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "S3BucketPingerFunctionCCEDB9F3", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "S3BucketPingerFunctionCCEDB9F3", + "Arn" + ] + }, + ":*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "S3BucketPingerProviderframeworkonEventServiceRoleDefaultPolicyF4F06433", + "roles": [ + { + "Ref": "S3BucketPingerProviderframeworkonEventServiceRole3DD0DF8B" + } + ] + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-iam.Role", + "version": "0.0.0" + } + }, + "Code": { + "id": "Code", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Provider/framework-onEvent/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Provider/framework-onEvent/Code/Stage", + "constructInfo": { + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Provider/framework-onEvent/Code/AssetBucket", + "constructInfo": { + "fqn": "@aws-cdk/aws-s3.BucketBase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-s3-assets.Asset", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Provider/framework-onEvent/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" + }, + "role": { + "Fn::GetAtt": [ + "S3BucketPingerProviderframeworkonEventServiceRole3DD0DF8B", + "Arn" + ] + }, + "description": "AWS CDK resource provider framework - onEvent (aws-eks-oidc-provider-test/S3BucketPinger/Provider)", + "environment": { + "variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "S3BucketPingerFunctionCCEDB9F3", + "Arn" + ] + } + } + }, + "handler": "framework.onEvent", + "runtime": "nodejs14.x", + "timeout": 900 + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.CfnFunction", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/aws-lambda.Function", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/custom-resources.Provider", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Resource", + "children": { + "Default": { + "id": "Default", + "path": "aws-eks-oidc-provider-test/S3BucketPinger/Resource/Default", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.CustomResource", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.133" + } + }, + "PingerResponse": { + "id": "PingerResponse", + "path": "aws-eks-oidc-provider-test/PingerResponse", + "constructInfo": { + "fqn": "@aws-cdk/core.CfnOutput", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + }, + "aws-cdk-eks-service-account-sdk-call": { + "id": "aws-cdk-eks-service-account-sdk-call", + "path": "aws-cdk-eks-service-account-sdk-call", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "aws-cdk-eks-service-account-sdk-call/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "aws-cdk-eks-service-account-sdk-call/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.1.133" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "aws-cdk-eks-service-account-sdk-call/DefaultTest/DeployAssert", + "constructInfo": { + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests.IntegTest", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671/cfn-response.js b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671/cfn-response.js deleted file mode 100644 index 6319e06391def..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671/cfn-response.js +++ /dev/null @@ -1,83 +0,0 @@ -"use strict"; -Object.defineProperty(exports, "__esModule", { value: true }); -exports.Retry = exports.safeHandler = exports.includeStackTraces = exports.submitResponse = exports.MISSING_PHYSICAL_ID_MARKER = exports.CREATE_FAILED_PHYSICAL_ID_MARKER = void 0; -/* eslint-disable max-len */ -/* eslint-disable no-console */ -const url = require("url"); -const outbound_1 = require("./outbound"); -const util_1 = require("./util"); -exports.CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; -exports.MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; -async function submitResponse(status, event, options = {}) { - const json = { - Status: status, - Reason: options.reason || status, - StackId: event.StackId, - RequestId: event.RequestId, - PhysicalResourceId: event.PhysicalResourceId || exports.MISSING_PHYSICAL_ID_MARKER, - LogicalResourceId: event.LogicalResourceId, - NoEcho: options.noEcho, - Data: event.Data, - }; - util_1.log('submit response to cloudformation', json); - const responseBody = JSON.stringify(json); - const parsedUrl = url.parse(event.ResponseURL); - await outbound_1.httpRequest({ - hostname: parsedUrl.hostname, - path: parsedUrl.path, - method: 'PUT', - headers: { - 'content-type': '', - 'content-length': responseBody.length, - }, - }, responseBody); -} -exports.submitResponse = submitResponse; -exports.includeStackTraces = true; // for unit tests -function safeHandler(block) { - return async (event) => { - // ignore DELETE event when the physical resource ID is the marker that - // indicates that this DELETE is a subsequent DELETE to a failed CREATE - // operation. - if (event.RequestType === 'Delete' && event.PhysicalResourceId === exports.CREATE_FAILED_PHYSICAL_ID_MARKER) { - util_1.log('ignoring DELETE event caused by a failed CREATE event'); - await submitResponse('SUCCESS', event); - return; - } - try { - await block(event); - } - catch (e) { - // tell waiter state machine to retry - if (e instanceof Retry) { - util_1.log('retry requested by handler'); - throw e; - } - if (!event.PhysicalResourceId) { - // special case: if CREATE fails, which usually implies, we usually don't - // have a physical resource id. in this case, the subsequent DELETE - // operation does not have any meaning, and will likely fail as well. to - // address this, we use a marker so the provider framework can simply - // ignore the subsequent DELETE. - if (event.RequestType === 'Create') { - util_1.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); - event.PhysicalResourceId = exports.CREATE_FAILED_PHYSICAL_ID_MARKER; - } - else { - // otherwise, if PhysicalResourceId is not specified, something is - // terribly wrong because all other events should have an ID. - util_1.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify({ ...event, ResponseURL: '...' })}`); - } - } - // this is an actual error, fail the activity altogether and exist. - await submitResponse('FAILED', event, { - reason: exports.includeStackTraces ? e.stack : e.message, - }); - } - }; -} -exports.safeHandler = safeHandler; -class Retry extends Error { -} -exports.Retry = Retry; -//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2ZuLXJlc3BvbnNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiY2ZuLXJlc3BvbnNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDRCQUE0QjtBQUM1QiwrQkFBK0I7QUFDL0IsMkJBQTJCO0FBQzNCLHlDQUF5QztBQUN6QyxpQ0FBNkI7QUFFaEIsUUFBQSxnQ0FBZ0MsR0FBRyx3REFBd0QsQ0FBQztBQUM1RixRQUFBLDBCQUEwQixHQUFHLDhEQUE4RCxDQUFDO0FBZ0JsRyxLQUFLLFVBQVUsY0FBYyxDQUFDLE1BQTRCLEVBQUUsS0FBaUMsRUFBRSxVQUF5QyxFQUFHO0lBQ2hKLE1BQU0sSUFBSSxHQUFtRDtRQUMzRCxNQUFNLEVBQUUsTUFBTTtRQUNkLE1BQU0sRUFBRSxPQUFPLENBQUMsTUFBTSxJQUFJLE1BQU07UUFDaEMsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPO1FBQ3RCLFNBQVMsRUFBRSxLQUFLLENBQUMsU0FBUztRQUMxQixrQkFBa0IsRUFBRSxLQUFLLENBQUMsa0JBQWtCLElBQUksa0NBQTBCO1FBQzFFLGlCQUFpQixFQUFFLEtBQUssQ0FBQyxpQkFBaUI7UUFDMUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxNQUFNO1FBQ3RCLElBQUksRUFBRSxLQUFLLENBQUMsSUFBSTtLQUNqQixDQUFDO0lBRUYsVUFBRyxDQUFDLG1DQUFtQyxFQUFFLElBQUksQ0FBQyxDQUFDO0lBRS9DLE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUM7SUFFMUMsTUFBTSxTQUFTLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDL0MsTUFBTSxzQkFBVyxDQUFDO1FBQ2hCLFFBQVEsRUFBRSxTQUFTLENBQUMsUUFBUTtRQUM1QixJQUFJLEVBQUUsU0FBUyxDQUFDLElBQUk7UUFDcEIsTUFBTSxFQUFFLEtBQUs7UUFDYixPQUFPLEVBQUU7WUFDUCxjQUFjLEVBQUUsRUFBRTtZQUNsQixnQkFBZ0IsRUFBRSxZQUFZLENBQUMsTUFBTTtTQUN0QztLQUNGLEVBQUUsWUFBWSxDQUFDLENBQUM7QUFDbkIsQ0FBQztBQTFCRCx3Q0EwQkM7QUFFVSxRQUFBLGtCQUFrQixHQUFHLElBQUksQ0FBQyxDQUFDLGlCQUFpQjtBQUV2RCxTQUFnQixXQUFXLENBQUMsS0FBb0M7SUFDOUQsT0FBTyxLQUFLLEVBQUUsS0FBVSxFQUFFLEVBQUU7UUFFMUIsdUVBQXVFO1FBQ3ZFLHVFQUF1RTtRQUN2RSxhQUFhO1FBQ2IsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsSUFBSSxLQUFLLENBQUMsa0JBQWtCLEtBQUssd0NBQWdDLEVBQUU7WUFDbkcsVUFBRyxDQUFDLHVEQUF1RCxDQUFDLENBQUM7WUFDN0QsTUFBTSxjQUFjLENBQUMsU0FBUyxFQUFFLEtBQUssQ0FBQyxDQUFDO1lBQ3ZDLE9BQU87U0FDUjtRQUVELElBQUk7WUFDRixNQUFNLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQztTQUNwQjtRQUFDLE9BQU8sQ0FBQyxFQUFFO1lBQ1YscUNBQXFDO1lBQ3JDLElBQUksQ0FBQyxZQUFZLEtBQUssRUFBRTtnQkFDdEIsVUFBRyxDQUFDLDRCQUE0QixDQUFDLENBQUM7Z0JBQ2xDLE1BQU0sQ0FBQyxDQUFDO2FBQ1Q7WUFFRCxJQUFJLENBQUMsS0FBSyxDQUFDLGtCQUFrQixFQUFFO2dCQUM3Qix5RUFBeUU7Z0JBQ3pFLG1FQUFtRTtnQkFDbkUsd0VBQXdFO2dCQUN4RSxxRUFBcUU7Z0JBQ3JFLGdDQUFnQztnQkFDaEMsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsRUFBRTtvQkFDbEMsVUFBRyxDQUFDLDRHQUE0RyxDQUFDLENBQUM7b0JBQ2xILEtBQUssQ0FBQyxrQkFBa0IsR0FBRyx3Q0FBZ0MsQ0FBQztpQkFDN0Q7cUJBQU07b0JBQ0wsa0VBQWtFO29CQUNsRSw2REFBNkQ7b0JBQzdELFVBQUcsQ0FBQyw2REFBNkQsSUFBSSxDQUFDLFNBQVMsQ0FBQyxFQUFFLEdBQUcsS0FBSyxFQUFFLFdBQVcsRUFBRSxLQUFLLEVBQUUsQ0FBQyxFQUFFLENBQUMsQ0FBQztpQkFDdEg7YUFDRjtZQUVELG1FQUFtRTtZQUNuRSxNQUFNLGNBQWMsQ0FBQyxRQUFRLEVBQUUsS0FBSyxFQUFFO2dCQUNwQyxNQUFNLEVBQUUsMEJBQWtCLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxPQUFPO2FBQ2pELENBQUMsQ0FBQztTQUNKO0lBQ0gsQ0FBQyxDQUFDO0FBQ0osQ0FBQztBQTNDRCxrQ0EyQ0M7QUFFRCxNQUFhLEtBQU0sU0FBUSxLQUFLO0NBQUk7QUFBcEMsc0JBQW9DIiwic291cmNlc0NvbnRlbnQiOlsiLyogZXNsaW50LWRpc2FibGUgbWF4LWxlbiAqL1xuLyogZXNsaW50LWRpc2FibGUgbm8tY29uc29sZSAqL1xuaW1wb3J0ICogYXMgdXJsIGZyb20gJ3VybCc7XG5pbXBvcnQgeyBodHRwUmVxdWVzdCB9IGZyb20gJy4vb3V0Ym91bmQnO1xuaW1wb3J0IHsgbG9nIH0gZnJvbSAnLi91dGlsJztcblxuZXhwb3J0IGNvbnN0IENSRUFURV9GQUlMRURfUEhZU0lDQUxfSURfTUFSS0VSID0gJ0FXU0NESzo6Q3VzdG9tUmVzb3VyY2VQcm92aWRlckZyYW1ld29yazo6Q1JFQVRFX0ZBSUxFRCc7XG5leHBvcnQgY29uc3QgTUlTU0lOR19QSFlTSUNBTF9JRF9NQVJLRVIgPSAnQVdTQ0RLOjpDdXN0b21SZXNvdXJjZVByb3ZpZGVyRnJhbWV3b3JrOjpNSVNTSU5HX1BIWVNJQ0FMX0lEJztcblxuZXhwb3J0IGludGVyZmFjZSBDbG91ZEZvcm1hdGlvblJlc3BvbnNlT3B0aW9ucyB7XG4gIHJlYWRvbmx5IHJlYXNvbj86IHN0cmluZztcbiAgcmVhZG9ubHkgbm9FY2hvPzogYm9vbGVhbjtcbn1cblxuZXhwb3J0IGludGVyZmFjZSBDbG91ZEZvcm1hdGlvbkV2ZW50Q29udGV4dCB7XG4gIFN0YWNrSWQ6IHN0cmluZztcbiAgUmVxdWVzdElkOiBzdHJpbmc7XG4gIFBoeXNpY2FsUmVzb3VyY2VJZD86IHN0cmluZztcbiAgTG9naWNhbFJlc291cmNlSWQ6IHN0cmluZztcbiAgUmVzcG9uc2VVUkw6IHN0cmluZztcbiAgRGF0YT86IGFueVxufVxuXG5leHBvcnQgYXN5bmMgZnVuY3Rpb24gc3VibWl0UmVzcG9uc2Uoc3RhdHVzOiAnU1VDQ0VTUycgfCAnRkFJTEVEJywgZXZlbnQ6IENsb3VkRm9ybWF0aW9uRXZlbnRDb250ZXh0LCBvcHRpb25zOiBDbG91ZEZvcm1hdGlvblJlc3BvbnNlT3B0aW9ucyA9IHsgfSkge1xuICBjb25zdCBqc29uOiBBV1NMYW1iZGEuQ2xvdWRGb3JtYXRpb25DdXN0b21SZXNvdXJjZVJlc3BvbnNlID0ge1xuICAgIFN0YXR1czogc3RhdHVzLFxuICAgIFJlYXNvbjogb3B0aW9ucy5yZWFzb24gfHwgc3RhdHVzLFxuICAgIFN0YWNrSWQ6IGV2ZW50LlN0YWNrSWQsXG4gICAgUmVxdWVzdElkOiBldmVudC5SZXF1ZXN0SWQsXG4gICAgUGh5c2ljYWxSZXNvdXJjZUlkOiBldmVudC5QaHlzaWNhbFJlc291cmNlSWQgfHwgTUlTU0lOR19QSFlTSUNBTF9JRF9NQVJLRVIsXG4gICAgTG9naWNhbFJlc291cmNlSWQ6IGV2ZW50LkxvZ2ljYWxSZXNvdXJjZUlkLFxuICAgIE5vRWNobzogb3B0aW9ucy5ub0VjaG8sXG4gICAgRGF0YTogZXZlbnQuRGF0YSxcbiAgfTtcblxuICBsb2coJ3N1Ym1pdCByZXNwb25zZSB0byBjbG91ZGZvcm1hdGlvbicsIGpzb24pO1xuXG4gIGNvbnN0IHJlc3BvbnNlQm9keSA9IEpTT04uc3RyaW5naWZ5KGpzb24pO1xuXG4gIGNvbnN0IHBhcnNlZFVybCA9IHVybC5wYXJzZShldmVudC5SZXNwb25zZVVSTCk7XG4gIGF3YWl0IGh0dHBSZXF1ZXN0KHtcbiAgICBob3N0bmFtZTogcGFyc2VkVXJsLmhvc3RuYW1lLFxuICAgIHBhdGg6IHBhcnNlZFVybC5wYXRoLFxuICAgIG1ldGhvZDogJ1BVVCcsXG4gICAgaGVhZGVyczoge1xuICAgICAgJ2NvbnRlbnQtdHlwZSc6ICcnLFxuICAgICAgJ2NvbnRlbnQtbGVuZ3RoJzogcmVzcG9uc2VCb2R5Lmxlbmd0aCxcbiAgICB9LFxuICB9LCByZXNwb25zZUJvZHkpO1xufVxuXG5leHBvcnQgbGV0IGluY2x1ZGVTdGFja1RyYWNlcyA9IHRydWU7IC8vIGZvciB1bml0IHRlc3RzXG5cbmV4cG9ydCBmdW5jdGlvbiBzYWZlSGFuZGxlcihibG9jazogKGV2ZW50OiBhbnkpID0+IFByb21pc2U8dm9pZD4pIHtcbiAgcmV0dXJuIGFzeW5jIChldmVudDogYW55KSA9PiB7XG5cbiAgICAvLyBpZ25vcmUgREVMRVRFIGV2ZW50IHdoZW4gdGhlIHBoeXNpY2FsIHJlc291cmNlIElEIGlzIHRoZSBtYXJrZXIgdGhhdFxuICAgIC8vIGluZGljYXRlcyB0aGF0IHRoaXMgREVMRVRFIGlzIGEgc3Vic2VxdWVudCBERUxFVEUgdG8gYSBmYWlsZWQgQ1JFQVRFXG4gICAgLy8gb3BlcmF0aW9uLlxuICAgIGlmIChldmVudC5SZXF1ZXN0VHlwZSA9PT0gJ0RlbGV0ZScgJiYgZXZlbnQuUGh5c2ljYWxSZXNvdXJjZUlkID09PSBDUkVBVEVfRkFJTEVEX1BIWVNJQ0FMX0lEX01BUktFUikge1xuICAgICAgbG9nKCdpZ25vcmluZyBERUxFVEUgZXZlbnQgY2F1c2VkIGJ5IGEgZmFpbGVkIENSRUFURSBldmVudCcpO1xuICAgICAgYXdhaXQgc3VibWl0UmVzcG9uc2UoJ1NVQ0NFU1MnLCBldmVudCk7XG4gICAgICByZXR1cm47XG4gICAgfVxuXG4gICAgdHJ5IHtcbiAgICAgIGF3YWl0IGJsb2NrKGV2ZW50KTtcbiAgICB9IGNhdGNoIChlKSB7XG4gICAgICAvLyB0ZWxsIHdhaXRlciBzdGF0ZSBtYWNoaW5lIHRvIHJldHJ5XG4gICAgICBpZiAoZSBpbnN0YW5jZW9mIFJldHJ5KSB7XG4gICAgICAgIGxvZygncmV0cnkgcmVxdWVzdGVkIGJ5IGhhbmRsZXInKTtcbiAgICAgICAgdGhyb3cgZTtcbiAgICAgIH1cblxuICAgICAgaWYgKCFldmVudC5QaHlzaWNhbFJlc291cmNlSWQpIHtcbiAgICAgICAgLy8gc3BlY2lhbCBjYXNlOiBpZiBDUkVBVEUgZmFpbHMsIHdoaWNoIHVzdWFsbHkgaW1wbGllcywgd2UgdXN1YWxseSBkb24ndFxuICAgICAgICAvLyBoYXZlIGEgcGh5c2ljYWwgcmVzb3VyY2UgaWQuIGluIHRoaXMgY2FzZSwgdGhlIHN1YnNlcXVlbnQgREVMRVRFXG4gICAgICAgIC8vIG9wZXJhdGlvbiBkb2VzIG5vdCBoYXZlIGFueSBtZWFuaW5nLCBhbmQgd2lsbCBsaWtlbHkgZmFpbCBhcyB3ZWxsLiB0b1xuICAgICAgICAvLyBhZGRyZXNzIHRoaXMsIHdlIHVzZSBhIG1hcmtlciBzbyB0aGUgcHJvdmlkZXIgZnJhbWV3b3JrIGNhbiBzaW1wbHlcbiAgICAgICAgLy8gaWdub3JlIHRoZSBzdWJzZXF1ZW50IERFTEVURS5cbiAgICAgICAgaWYgKGV2ZW50LlJlcXVlc3RUeXBlID09PSAnQ3JlYXRlJykge1xuICAgICAgICAgIGxvZygnQ1JFQVRFIGZhaWxlZCwgcmVzcG9uZGluZyB3aXRoIGEgbWFya2VyIHBoeXNpY2FsIHJlc291cmNlIGlkIHNvIHRoYXQgdGhlIHN1YnNlcXVlbnQgREVMRVRFIHdpbGwgYmUgaWdub3JlZCcpO1xuICAgICAgICAgIGV2ZW50LlBoeXNpY2FsUmVzb3VyY2VJZCA9IENSRUFURV9GQUlMRURfUEhZU0lDQUxfSURfTUFSS0VSO1xuICAgICAgICB9IGVsc2Uge1xuICAgICAgICAgIC8vIG90aGVyd2lzZSwgaWYgUGh5c2ljYWxSZXNvdXJjZUlkIGlzIG5vdCBzcGVjaWZpZWQsIHNvbWV0aGluZyBpc1xuICAgICAgICAgIC8vIHRlcnJpYmx5IHdyb25nIGJlY2F1c2UgYWxsIG90aGVyIGV2ZW50cyBzaG91bGQgaGF2ZSBhbiBJRC5cbiAgICAgICAgICBsb2coYEVSUk9SOiBNYWxmb3JtZWQgZXZlbnQuIFwiUGh5c2ljYWxSZXNvdXJjZUlkXCIgaXMgcmVxdWlyZWQ6ICR7SlNPTi5zdHJpbmdpZnkoeyAuLi5ldmVudCwgUmVzcG9uc2VVUkw6ICcuLi4nIH0pfWApO1xuICAgICAgICB9XG4gICAgICB9XG5cbiAgICAgIC8vIHRoaXMgaXMgYW4gYWN0dWFsIGVycm9yLCBmYWlsIHRoZSBhY3Rpdml0eSBhbHRvZ2V0aGVyIGFuZCBleGlzdC5cbiAgICAgIGF3YWl0IHN1Ym1pdFJlc3BvbnNlKCdGQUlMRUQnLCBldmVudCwge1xuICAgICAgICByZWFzb246IGluY2x1ZGVTdGFja1RyYWNlcyA/IGUuc3RhY2sgOiBlLm1lc3NhZ2UsXG4gICAgICB9KTtcbiAgICB9XG4gIH07XG59XG5cbmV4cG9ydCBjbGFzcyBSZXRyeSBleHRlbmRzIEVycm9yIHsgfVxuIl19 \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671/util.js b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671/util.js deleted file mode 100644 index ee4c6e9c9ddeb..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671/util.js +++ /dev/null @@ -1,17 +0,0 @@ -"use strict"; -/* eslint-disable no-console */ -Object.defineProperty(exports, "__esModule", { value: true }); -exports.log = exports.getEnv = void 0; -function getEnv(name) { - const value = process.env[name]; - if (!value) { - throw new Error(`The environment variable "${name}" is not defined`); - } - return value; -} -exports.getEnv = getEnv; -function log(title, ...args) { - console.log('[provider-framework]', title, ...args.map(x => typeof (x) === 'object' ? JSON.stringify(x, undefined, 2) : x)); -} -exports.log = log; -//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXRpbC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbInV0aWwudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLCtCQUErQjs7O0FBRS9CLFNBQWdCLE1BQU0sQ0FBQyxJQUFZO0lBQ2pDLE1BQU0sS0FBSyxHQUFHLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDaEMsSUFBSSxDQUFDLEtBQUssRUFBRTtRQUNWLE1BQU0sSUFBSSxLQUFLLENBQUMsNkJBQTZCLElBQUksa0JBQWtCLENBQUMsQ0FBQztLQUN0RTtJQUNELE9BQU8sS0FBSyxDQUFDO0FBQ2YsQ0FBQztBQU5ELHdCQU1DO0FBRUQsU0FBZ0IsR0FBRyxDQUFDLEtBQVUsRUFBRSxHQUFHLElBQVc7SUFDNUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxzQkFBc0IsRUFBRSxLQUFLLEVBQUUsR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsT0FBTSxDQUFDLENBQUMsQ0FBQyxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO0FBQzdILENBQUM7QUFGRCxrQkFFQyIsInNvdXJjZXNDb250ZW50IjpbIi8qIGVzbGludC1kaXNhYmxlIG5vLWNvbnNvbGUgKi9cblxuZXhwb3J0IGZ1bmN0aW9uIGdldEVudihuYW1lOiBzdHJpbmcpOiBzdHJpbmcge1xuICBjb25zdCB2YWx1ZSA9IHByb2Nlc3MuZW52W25hbWVdO1xuICBpZiAoIXZhbHVlKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKGBUaGUgZW52aXJvbm1lbnQgdmFyaWFibGUgXCIke25hbWV9XCIgaXMgbm90IGRlZmluZWRgKTtcbiAgfVxuICByZXR1cm4gdmFsdWU7XG59XG5cbmV4cG9ydCBmdW5jdGlvbiBsb2codGl0bGU6IGFueSwgLi4uYXJnczogYW55W10pIHtcbiAgY29uc29sZS5sb2coJ1twcm92aWRlci1mcmFtZXdvcmtdJywgdGl0bGUsIC4uLmFyZ3MubWFwKHggPT4gdHlwZW9mKHgpID09PSAnb2JqZWN0JyA/IEpTT04uc3RyaW5naWZ5KHgsIHVuZGVmaW5lZCwgMikgOiB4KSk7XG59XG4iXX0= \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.41c8a7cd37aeed043235c5685fbbd3711edb412ae285f9993951fd1bde8734a5/index.py b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.41c8a7cd37aeed043235c5685fbbd3711edb412ae285f9993951fd1bde8734a5/index.py new file mode 100644 index 0000000000000..ee574409fb1de --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.41c8a7cd37aeed043235c5685fbbd3711edb412ae285f9993951fd1bde8734a5/index.py @@ -0,0 +1,30 @@ +import json +import logging +import boto3 + +logger = logging.getLogger() +logger.setLevel(logging.INFO) + +def handler(event, context): + print(json.dumps(event)) + + request_type = event['RequestType'] + props = event['ResourceProperties'] + + s3_bucket_name = 'amazingly-made-sdk-call-created-eks-bucket' + + if request_type in ['Create', 'Update']: + logger.info(f'making sdk call to create bucket with name {s3_bucket_name}') + + s3 = boto3.client('s3') + try: + s3.head_bucket(Bucket=s3_bucket_name) + except Exception as error: + raise RuntimeError(f'failed to head bucket with error: {str(error)}') + try: + s3.delete_bucket(Bucket=s3_bucket_name) + except Exception as error: + # If the bucket does not exist, then this error will be thrown + raise RuntimeError(f'failed to delete bucket: {str(error)}') + + return {'Data': {'Value': f'confirmed that bucket with name {s3_bucket_name} exists...bucket has been deleted' }} diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/cfn-response.js b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/cfn-response.js new file mode 100644 index 0000000000000..1966567b21646 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/cfn-response.js @@ -0,0 +1,87 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.Retry = exports.safeHandler = exports.includeStackTraces = exports.submitResponse = exports.MISSING_PHYSICAL_ID_MARKER = exports.CREATE_FAILED_PHYSICAL_ID_MARKER = void 0; +/* eslint-disable max-len */ +/* eslint-disable no-console */ +const url = require("url"); +const outbound_1 = require("./outbound"); +const util_1 = require("./util"); +exports.CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; +exports.MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; +async function submitResponse(status, event, options = {}) { + const json = { + Status: status, + Reason: options.reason || status, + StackId: event.StackId, + RequestId: event.RequestId, + PhysicalResourceId: event.PhysicalResourceId || exports.MISSING_PHYSICAL_ID_MARKER, + LogicalResourceId: event.LogicalResourceId, + NoEcho: options.noEcho, + Data: event.Data, + }; + util_1.log('submit response to cloudformation', json); + const responseBody = JSON.stringify(json); + const parsedUrl = url.parse(event.ResponseURL); + const retryOptions = { + attempts: 5, + sleep: 1000, + }; + await util_1.withRetries(retryOptions, outbound_1.httpRequest)({ + hostname: parsedUrl.hostname, + path: parsedUrl.path, + method: 'PUT', + headers: { + 'content-type': '', + 'content-length': responseBody.length, + }, + }, responseBody); +} +exports.submitResponse = submitResponse; +exports.includeStackTraces = true; // for unit tests +function safeHandler(block) { + return async (event) => { + // ignore DELETE event when the physical resource ID is the marker that + // indicates that this DELETE is a subsequent DELETE to a failed CREATE + // operation. + if (event.RequestType === 'Delete' && event.PhysicalResourceId === exports.CREATE_FAILED_PHYSICAL_ID_MARKER) { + util_1.log('ignoring DELETE event caused by a failed CREATE event'); + await submitResponse('SUCCESS', event); + return; + } + try { + await block(event); + } + catch (e) { + // tell waiter state machine to retry + if (e instanceof Retry) { + util_1.log('retry requested by handler'); + throw e; + } + if (!event.PhysicalResourceId) { + // special case: if CREATE fails, which usually implies, we usually don't + // have a physical resource id. in this case, the subsequent DELETE + // operation does not have any meaning, and will likely fail as well. to + // address this, we use a marker so the provider framework can simply + // ignore the subsequent DELETE. + if (event.RequestType === 'Create') { + util_1.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); + event.PhysicalResourceId = exports.CREATE_FAILED_PHYSICAL_ID_MARKER; + } + else { + // otherwise, if PhysicalResourceId is not specified, something is + // terribly wrong because all other events should have an ID. + util_1.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify({ ...event, ResponseURL: '...' })}`); + } + } + // this is an actual error, fail the activity altogether and exist. + await submitResponse('FAILED', event, { + reason: exports.includeStackTraces ? e.stack : e.message, + }); + } + }; +} +exports.safeHandler = safeHandler; +class Retry extends Error { +} +exports.Retry = Retry; +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2ZuLXJlc3BvbnNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiY2ZuLXJlc3BvbnNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDRCQUE0QjtBQUM1QiwrQkFBK0I7QUFDL0IsMkJBQTJCO0FBQzNCLHlDQUF5QztBQUN6QyxpQ0FBMEM7QUFFN0IsUUFBQSxnQ0FBZ0MsR0FBRyx3REFBd0QsQ0FBQztBQUM1RixRQUFBLDBCQUEwQixHQUFHLDhEQUE4RCxDQUFDO0FBZ0JsRyxLQUFLLFVBQVUsY0FBYyxDQUFDLE1BQTRCLEVBQUUsS0FBaUMsRUFBRSxVQUF5QyxFQUFHO0lBQ2hKLE1BQU0sSUFBSSxHQUFtRDtRQUMzRCxNQUFNLEVBQUUsTUFBTTtRQUNkLE1BQU0sRUFBRSxPQUFPLENBQUMsTUFBTSxJQUFJLE1BQU07UUFDaEMsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPO1FBQ3RCLFNBQVMsRUFBRSxLQUFLLENBQUMsU0FBUztRQUMxQixrQkFBa0IsRUFBRSxLQUFLLENBQUMsa0JBQWtCLElBQUksa0NBQTBCO1FBQzFFLGlCQUFpQixFQUFFLEtBQUssQ0FBQyxpQkFBaUI7UUFDMUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxNQUFNO1FBQ3RCLElBQUksRUFBRSxLQUFLLENBQUMsSUFBSTtLQUNqQixDQUFDO0lBRUYsVUFBRyxDQUFDLG1DQUFtQyxFQUFFLElBQUksQ0FBQyxDQUFDO0lBRS9DLE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUM7SUFFMUMsTUFBTSxTQUFTLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLENBQUM7SUFFL0MsTUFBTSxZQUFZLEdBQUc7UUFDbkIsUUFBUSxFQUFFLENBQUM7UUFDWCxLQUFLLEVBQUUsSUFBSTtLQUNaLENBQUM7SUFDRixNQUFNLGtCQUFXLENBQUMsWUFBWSxFQUFFLHNCQUFXLENBQUMsQ0FBQztRQUMzQyxRQUFRLEVBQUUsU0FBUyxDQUFDLFFBQVE7UUFDNUIsSUFBSSxFQUFFLFNBQVMsQ0FBQyxJQUFJO1FBQ3BCLE1BQU0sRUFBRSxLQUFLO1FBQ2IsT0FBTyxFQUFFO1lBQ1AsY0FBYyxFQUFFLEVBQUU7WUFDbEIsZ0JBQWdCLEVBQUUsWUFBWSxDQUFDLE1BQU07U0FDdEM7S0FDRixFQUFFLFlBQVksQ0FBQyxDQUFDO0FBQ25CLENBQUM7QUEvQkQsd0NBK0JDO0FBRVUsUUFBQSxrQkFBa0IsR0FBRyxJQUFJLENBQUMsQ0FBQyxpQkFBaUI7QUFFdkQsU0FBZ0IsV0FBVyxDQUFDLEtBQW9DO0lBQzlELE9BQU8sS0FBSyxFQUFFLEtBQVUsRUFBRSxFQUFFO1FBRTFCLHVFQUF1RTtRQUN2RSx1RUFBdUU7UUFDdkUsYUFBYTtRQUNiLElBQUksS0FBSyxDQUFDLFdBQVcsS0FBSyxRQUFRLElBQUksS0FBSyxDQUFDLGtCQUFrQixLQUFLLHdDQUFnQyxFQUFFO1lBQ25HLFVBQUcsQ0FBQyx1REFBdUQsQ0FBQyxDQUFDO1lBQzdELE1BQU0sY0FBYyxDQUFDLFNBQVMsRUFBRSxLQUFLLENBQUMsQ0FBQztZQUN2QyxPQUFPO1NBQ1I7UUFFRCxJQUFJO1lBQ0YsTUFBTSxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUM7U0FDcEI7UUFBQyxPQUFPLENBQUMsRUFBRTtZQUNWLHFDQUFxQztZQUNyQyxJQUFJLENBQUMsWUFBWSxLQUFLLEVBQUU7Z0JBQ3RCLFVBQUcsQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO2dCQUNsQyxNQUFNLENBQUMsQ0FBQzthQUNUO1lBRUQsSUFBSSxDQUFDLEtBQUssQ0FBQyxrQkFBa0IsRUFBRTtnQkFDN0IseUVBQXlFO2dCQUN6RSxtRUFBbUU7Z0JBQ25FLHdFQUF3RTtnQkFDeEUscUVBQXFFO2dCQUNyRSxnQ0FBZ0M7Z0JBQ2hDLElBQUksS0FBSyxDQUFDLFdBQVcsS0FBSyxRQUFRLEVBQUU7b0JBQ2xDLFVBQUcsQ0FBQyw0R0FBNEcsQ0FBQyxDQUFDO29CQUNsSCxLQUFLLENBQUMsa0JBQWtCLEdBQUcsd0NBQWdDLENBQUM7aUJBQzdEO3FCQUFNO29CQUNMLGtFQUFrRTtvQkFDbEUsNkRBQTZEO29CQUM3RCxVQUFHLENBQUMsNkRBQTZELElBQUksQ0FBQyxTQUFTLENBQUMsRUFBRSxHQUFHLEtBQUssRUFBRSxXQUFXLEVBQUUsS0FBSyxFQUFFLENBQUMsRUFBRSxDQUFDLENBQUM7aUJBQ3RIO2FBQ0Y7WUFFRCxtRUFBbUU7WUFDbkUsTUFBTSxjQUFjLENBQUMsUUFBUSxFQUFFLEtBQUssRUFBRTtnQkFDcEMsTUFBTSxFQUFFLDBCQUFrQixDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsT0FBTzthQUNqRCxDQUFDLENBQUM7U0FDSjtJQUNILENBQUMsQ0FBQztBQUNKLENBQUM7QUEzQ0Qsa0NBMkNDO0FBRUQsTUFBYSxLQUFNLFNBQVEsS0FBSztDQUFJO0FBQXBDLHNCQUFvQyIsInNvdXJjZXNDb250ZW50IjpbIi8qIGVzbGludC1kaXNhYmxlIG1heC1sZW4gKi9cbi8qIGVzbGludC1kaXNhYmxlIG5vLWNvbnNvbGUgKi9cbmltcG9ydCAqIGFzIHVybCBmcm9tICd1cmwnO1xuaW1wb3J0IHsgaHR0cFJlcXVlc3QgfSBmcm9tICcuL291dGJvdW5kJztcbmltcG9ydCB7IGxvZywgd2l0aFJldHJpZXMgfSBmcm9tICcuL3V0aWwnO1xuXG5leHBvcnQgY29uc3QgQ1JFQVRFX0ZBSUxFRF9QSFlTSUNBTF9JRF9NQVJLRVIgPSAnQVdTQ0RLOjpDdXN0b21SZXNvdXJjZVByb3ZpZGVyRnJhbWV3b3JrOjpDUkVBVEVfRkFJTEVEJztcbmV4cG9ydCBjb25zdCBNSVNTSU5HX1BIWVNJQ0FMX0lEX01BUktFUiA9ICdBV1NDREs6OkN1c3RvbVJlc291cmNlUHJvdmlkZXJGcmFtZXdvcms6Ok1JU1NJTkdfUEhZU0lDQUxfSUQnO1xuXG5leHBvcnQgaW50ZXJmYWNlIENsb3VkRm9ybWF0aW9uUmVzcG9uc2VPcHRpb25zIHtcbiAgcmVhZG9ubHkgcmVhc29uPzogc3RyaW5nO1xuICByZWFkb25seSBub0VjaG8/OiBib29sZWFuO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIENsb3VkRm9ybWF0aW9uRXZlbnRDb250ZXh0IHtcbiAgU3RhY2tJZDogc3RyaW5nO1xuICBSZXF1ZXN0SWQ6IHN0cmluZztcbiAgUGh5c2ljYWxSZXNvdXJjZUlkPzogc3RyaW5nO1xuICBMb2dpY2FsUmVzb3VyY2VJZDogc3RyaW5nO1xuICBSZXNwb25zZVVSTDogc3RyaW5nO1xuICBEYXRhPzogYW55XG59XG5cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiBzdWJtaXRSZXNwb25zZShzdGF0dXM6ICdTVUNDRVNTJyB8ICdGQUlMRUQnLCBldmVudDogQ2xvdWRGb3JtYXRpb25FdmVudENvbnRleHQsIG9wdGlvbnM6IENsb3VkRm9ybWF0aW9uUmVzcG9uc2VPcHRpb25zID0geyB9KSB7XG4gIGNvbnN0IGpzb246IEFXU0xhbWJkYS5DbG91ZEZvcm1hdGlvbkN1c3RvbVJlc291cmNlUmVzcG9uc2UgPSB7XG4gICAgU3RhdHVzOiBzdGF0dXMsXG4gICAgUmVhc29uOiBvcHRpb25zLnJlYXNvbiB8fCBzdGF0dXMsXG4gICAgU3RhY2tJZDogZXZlbnQuU3RhY2tJZCxcbiAgICBSZXF1ZXN0SWQ6IGV2ZW50LlJlcXVlc3RJZCxcbiAgICBQaHlzaWNhbFJlc291cmNlSWQ6IGV2ZW50LlBoeXNpY2FsUmVzb3VyY2VJZCB8fCBNSVNTSU5HX1BIWVNJQ0FMX0lEX01BUktFUixcbiAgICBMb2dpY2FsUmVzb3VyY2VJZDogZXZlbnQuTG9naWNhbFJlc291cmNlSWQsXG4gICAgTm9FY2hvOiBvcHRpb25zLm5vRWNobyxcbiAgICBEYXRhOiBldmVudC5EYXRhLFxuICB9O1xuXG4gIGxvZygnc3VibWl0IHJlc3BvbnNlIHRvIGNsb3VkZm9ybWF0aW9uJywganNvbik7XG5cbiAgY29uc3QgcmVzcG9uc2VCb2R5ID0gSlNPTi5zdHJpbmdpZnkoanNvbik7XG5cbiAgY29uc3QgcGFyc2VkVXJsID0gdXJsLnBhcnNlKGV2ZW50LlJlc3BvbnNlVVJMKTtcblxuICBjb25zdCByZXRyeU9wdGlvbnMgPSB7XG4gICAgYXR0ZW1wdHM6IDUsXG4gICAgc2xlZXA6IDEwMDAsXG4gIH07XG4gIGF3YWl0IHdpdGhSZXRyaWVzKHJldHJ5T3B0aW9ucywgaHR0cFJlcXVlc3QpKHtcbiAgICBob3N0bmFtZTogcGFyc2VkVXJsLmhvc3RuYW1lLFxuICAgIHBhdGg6IHBhcnNlZFVybC5wYXRoLFxuICAgIG1ldGhvZDogJ1BVVCcsXG4gICAgaGVhZGVyczoge1xuICAgICAgJ2NvbnRlbnQtdHlwZSc6ICcnLFxuICAgICAgJ2NvbnRlbnQtbGVuZ3RoJzogcmVzcG9uc2VCb2R5Lmxlbmd0aCxcbiAgICB9LFxuICB9LCByZXNwb25zZUJvZHkpO1xufVxuXG5leHBvcnQgbGV0IGluY2x1ZGVTdGFja1RyYWNlcyA9IHRydWU7IC8vIGZvciB1bml0IHRlc3RzXG5cbmV4cG9ydCBmdW5jdGlvbiBzYWZlSGFuZGxlcihibG9jazogKGV2ZW50OiBhbnkpID0+IFByb21pc2U8dm9pZD4pIHtcbiAgcmV0dXJuIGFzeW5jIChldmVudDogYW55KSA9PiB7XG5cbiAgICAvLyBpZ25vcmUgREVMRVRFIGV2ZW50IHdoZW4gdGhlIHBoeXNpY2FsIHJlc291cmNlIElEIGlzIHRoZSBtYXJrZXIgdGhhdFxuICAgIC8vIGluZGljYXRlcyB0aGF0IHRoaXMgREVMRVRFIGlzIGEgc3Vic2VxdWVudCBERUxFVEUgdG8gYSBmYWlsZWQgQ1JFQVRFXG4gICAgLy8gb3BlcmF0aW9uLlxuICAgIGlmIChldmVudC5SZXF1ZXN0VHlwZSA9PT0gJ0RlbGV0ZScgJiYgZXZlbnQuUGh5c2ljYWxSZXNvdXJjZUlkID09PSBDUkVBVEVfRkFJTEVEX1BIWVNJQ0FMX0lEX01BUktFUikge1xuICAgICAgbG9nKCdpZ25vcmluZyBERUxFVEUgZXZlbnQgY2F1c2VkIGJ5IGEgZmFpbGVkIENSRUFURSBldmVudCcpO1xuICAgICAgYXdhaXQgc3VibWl0UmVzcG9uc2UoJ1NVQ0NFU1MnLCBldmVudCk7XG4gICAgICByZXR1cm47XG4gICAgfVxuXG4gICAgdHJ5IHtcbiAgICAgIGF3YWl0IGJsb2NrKGV2ZW50KTtcbiAgICB9IGNhdGNoIChlKSB7XG4gICAgICAvLyB0ZWxsIHdhaXRlciBzdGF0ZSBtYWNoaW5lIHRvIHJldHJ5XG4gICAgICBpZiAoZSBpbnN0YW5jZW9mIFJldHJ5KSB7XG4gICAgICAgIGxvZygncmV0cnkgcmVxdWVzdGVkIGJ5IGhhbmRsZXInKTtcbiAgICAgICAgdGhyb3cgZTtcbiAgICAgIH1cblxuICAgICAgaWYgKCFldmVudC5QaHlzaWNhbFJlc291cmNlSWQpIHtcbiAgICAgICAgLy8gc3BlY2lhbCBjYXNlOiBpZiBDUkVBVEUgZmFpbHMsIHdoaWNoIHVzdWFsbHkgaW1wbGllcywgd2UgdXN1YWxseSBkb24ndFxuICAgICAgICAvLyBoYXZlIGEgcGh5c2ljYWwgcmVzb3VyY2UgaWQuIGluIHRoaXMgY2FzZSwgdGhlIHN1YnNlcXVlbnQgREVMRVRFXG4gICAgICAgIC8vIG9wZXJhdGlvbiBkb2VzIG5vdCBoYXZlIGFueSBtZWFuaW5nLCBhbmQgd2lsbCBsaWtlbHkgZmFpbCBhcyB3ZWxsLiB0b1xuICAgICAgICAvLyBhZGRyZXNzIHRoaXMsIHdlIHVzZSBhIG1hcmtlciBzbyB0aGUgcHJvdmlkZXIgZnJhbWV3b3JrIGNhbiBzaW1wbHlcbiAgICAgICAgLy8gaWdub3JlIHRoZSBzdWJzZXF1ZW50IERFTEVURS5cbiAgICAgICAgaWYgKGV2ZW50LlJlcXVlc3RUeXBlID09PSAnQ3JlYXRlJykge1xuICAgICAgICAgIGxvZygnQ1JFQVRFIGZhaWxlZCwgcmVzcG9uZGluZyB3aXRoIGEgbWFya2VyIHBoeXNpY2FsIHJlc291cmNlIGlkIHNvIHRoYXQgdGhlIHN1YnNlcXVlbnQgREVMRVRFIHdpbGwgYmUgaWdub3JlZCcpO1xuICAgICAgICAgIGV2ZW50LlBoeXNpY2FsUmVzb3VyY2VJZCA9IENSRUFURV9GQUlMRURfUEhZU0lDQUxfSURfTUFSS0VSO1xuICAgICAgICB9IGVsc2Uge1xuICAgICAgICAgIC8vIG90aGVyd2lzZSwgaWYgUGh5c2ljYWxSZXNvdXJjZUlkIGlzIG5vdCBzcGVjaWZpZWQsIHNvbWV0aGluZyBpc1xuICAgICAgICAgIC8vIHRlcnJpYmx5IHdyb25nIGJlY2F1c2UgYWxsIG90aGVyIGV2ZW50cyBzaG91bGQgaGF2ZSBhbiBJRC5cbiAgICAgICAgICBsb2coYEVSUk9SOiBNYWxmb3JtZWQgZXZlbnQuIFwiUGh5c2ljYWxSZXNvdXJjZUlkXCIgaXMgcmVxdWlyZWQ6ICR7SlNPTi5zdHJpbmdpZnkoeyAuLi5ldmVudCwgUmVzcG9uc2VVUkw6ICcuLi4nIH0pfWApO1xuICAgICAgICB9XG4gICAgICB9XG5cbiAgICAgIC8vIHRoaXMgaXMgYW4gYWN0dWFsIGVycm9yLCBmYWlsIHRoZSBhY3Rpdml0eSBhbHRvZ2V0aGVyIGFuZCBleGlzdC5cbiAgICAgIGF3YWl0IHN1Ym1pdFJlc3BvbnNlKCdGQUlMRUQnLCBldmVudCwge1xuICAgICAgICByZWFzb246IGluY2x1ZGVTdGFja1RyYWNlcyA/IGUuc3RhY2sgOiBlLm1lc3NhZ2UsXG4gICAgICB9KTtcbiAgICB9XG4gIH07XG59XG5cbmV4cG9ydCBjbGFzcyBSZXRyeSBleHRlbmRzIEVycm9yIHsgfVxuIl19 \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671/consts.js b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/consts.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671/consts.js rename to packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/consts.js diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671/framework.js b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/framework.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671/framework.js rename to packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/framework.js diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671/outbound.js b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/outbound.js similarity index 100% rename from packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671/outbound.js rename to packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/outbound.js diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/util.js b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/util.js new file mode 100644 index 0000000000000..f09276d40ac91 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037/util.js @@ -0,0 +1,39 @@ +"use strict"; +/* eslint-disable no-console */ +Object.defineProperty(exports, "__esModule", { value: true }); +exports.withRetries = exports.log = exports.getEnv = void 0; +function getEnv(name) { + const value = process.env[name]; + if (!value) { + throw new Error(`The environment variable "${name}" is not defined`); + } + return value; +} +exports.getEnv = getEnv; +function log(title, ...args) { + console.log('[provider-framework]', title, ...args.map(x => typeof (x) === 'object' ? JSON.stringify(x, undefined, 2) : x)); +} +exports.log = log; +function withRetries(options, fn) { + return async (...xs) => { + let attempts = options.attempts; + let ms = options.sleep; + while (true) { + try { + return await fn(...xs); + } + catch (e) { + if (attempts-- <= 0) { + throw e; + } + await sleep(Math.floor(Math.random() * ms)); + ms *= 2; + } + } + }; +} +exports.withRetries = withRetries; +async function sleep(ms) { + return new Promise((ok) => setTimeout(ok, ms)); +} +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXRpbC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbInV0aWwudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLCtCQUErQjs7O0FBRS9CLFNBQWdCLE1BQU0sQ0FBQyxJQUFZO0lBQ2pDLE1BQU0sS0FBSyxHQUFHLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDaEMsSUFBSSxDQUFDLEtBQUssRUFBRTtRQUNWLE1BQU0sSUFBSSxLQUFLLENBQUMsNkJBQTZCLElBQUksa0JBQWtCLENBQUMsQ0FBQztLQUN0RTtJQUNELE9BQU8sS0FBSyxDQUFDO0FBQ2YsQ0FBQztBQU5ELHdCQU1DO0FBRUQsU0FBZ0IsR0FBRyxDQUFDLEtBQVUsRUFBRSxHQUFHLElBQVc7SUFDNUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxzQkFBc0IsRUFBRSxLQUFLLEVBQUUsR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsT0FBTSxDQUFDLENBQUMsQ0FBQyxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO0FBQzdILENBQUM7QUFGRCxrQkFFQztBQVNELFNBQWdCLFdBQVcsQ0FBMEIsT0FBcUIsRUFBRSxFQUE0QjtJQUN0RyxPQUFPLEtBQUssRUFBRSxHQUFHLEVBQUssRUFBRSxFQUFFO1FBQ3hCLElBQUksUUFBUSxHQUFHLE9BQU8sQ0FBQyxRQUFRLENBQUM7UUFDaEMsSUFBSSxFQUFFLEdBQUcsT0FBTyxDQUFDLEtBQUssQ0FBQztRQUN2QixPQUFPLElBQUksRUFBRTtZQUNYLElBQUk7Z0JBQ0YsT0FBTyxNQUFNLEVBQUUsQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDO2FBQ3hCO1lBQUMsT0FBTyxDQUFDLEVBQUU7Z0JBQ1YsSUFBSSxRQUFRLEVBQUUsSUFBSSxDQUFDLEVBQUU7b0JBQ25CLE1BQU0sQ0FBQyxDQUFDO2lCQUNUO2dCQUNELE1BQU0sS0FBSyxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRSxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUM7Z0JBQzVDLEVBQUUsSUFBSSxDQUFDLENBQUM7YUFDVDtTQUNGO0lBQ0gsQ0FBQyxDQUFDO0FBQ0osQ0FBQztBQWhCRCxrQ0FnQkM7QUFFRCxLQUFLLFVBQVUsS0FBSyxDQUFDLEVBQVU7SUFDN0IsT0FBTyxJQUFJLE9BQU8sQ0FBQyxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQUMsVUFBVSxDQUFDLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDO0FBQ2pELENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKiBlc2xpbnQtZGlzYWJsZSBuby1jb25zb2xlICovXG5cbmV4cG9ydCBmdW5jdGlvbiBnZXRFbnYobmFtZTogc3RyaW5nKTogc3RyaW5nIHtcbiAgY29uc3QgdmFsdWUgPSBwcm9jZXNzLmVudltuYW1lXTtcbiAgaWYgKCF2YWx1ZSkge1xuICAgIHRocm93IG5ldyBFcnJvcihgVGhlIGVudmlyb25tZW50IHZhcmlhYmxlIFwiJHtuYW1lfVwiIGlzIG5vdCBkZWZpbmVkYCk7XG4gIH1cbiAgcmV0dXJuIHZhbHVlO1xufVxuXG5leHBvcnQgZnVuY3Rpb24gbG9nKHRpdGxlOiBhbnksIC4uLmFyZ3M6IGFueVtdKSB7XG4gIGNvbnNvbGUubG9nKCdbcHJvdmlkZXItZnJhbWV3b3JrXScsIHRpdGxlLCAuLi5hcmdzLm1hcCh4ID0+IHR5cGVvZih4KSA9PT0gJ29iamVjdCcgPyBKU09OLnN0cmluZ2lmeSh4LCB1bmRlZmluZWQsIDIpIDogeCkpO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIFJldHJ5T3B0aW9ucyB7XG4gIC8qKiBIb3cgbWFueSByZXRyaWVzICh3aWxsIGF0IGxlYXN0IHRyeSBvbmNlKSAqL1xuICByZWFkb25seSBhdHRlbXB0czogbnVtYmVyO1xuICAvKiogU2xlZXAgYmFzZSwgaW4gbXMgKi9cbiAgcmVhZG9ubHkgc2xlZXA6IG51bWJlcjtcbn1cblxuZXhwb3J0IGZ1bmN0aW9uIHdpdGhSZXRyaWVzPEEgZXh0ZW5kcyBBcnJheTxhbnk+LCBCPihvcHRpb25zOiBSZXRyeU9wdGlvbnMsIGZuOiAoLi4ueHM6IEEpID0+IFByb21pc2U8Qj4pOiAoLi4ueHM6IEEpID0+IFByb21pc2U8Qj4ge1xuICByZXR1cm4gYXN5bmMgKC4uLnhzOiBBKSA9PiB7XG4gICAgbGV0IGF0dGVtcHRzID0gb3B0aW9ucy5hdHRlbXB0cztcbiAgICBsZXQgbXMgPSBvcHRpb25zLnNsZWVwO1xuICAgIHdoaWxlICh0cnVlKSB7XG4gICAgICB0cnkge1xuICAgICAgICByZXR1cm4gYXdhaXQgZm4oLi4ueHMpO1xuICAgICAgfSBjYXRjaCAoZSkge1xuICAgICAgICBpZiAoYXR0ZW1wdHMtLSA8PSAwKSB7XG4gICAgICAgICAgdGhyb3cgZTtcbiAgICAgICAgfVxuICAgICAgICBhd2FpdCBzbGVlcChNYXRoLmZsb29yKE1hdGgucmFuZG9tKCkgKiBtcykpO1xuICAgICAgICBtcyAqPSAyO1xuICAgICAgfVxuICAgIH1cbiAgfTtcbn1cblxuYXN5bmMgZnVuY3Rpb24gc2xlZXAobXM6IG51bWJlcik6IFByb21pc2U8dm9pZD4ge1xuICByZXR1cm4gbmV3IFByb21pc2UoKG9rKSA9PiBzZXRUaW1lb3V0KG9rLCBtcykpO1xufSJdfQ== \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.9448319c1840dec2adb7d4943d3dbd6c6944b64b7af0c1f4ca63fde4d959131c/.dockerignore b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.9448319c1840dec2adb7d4943d3dbd6c6944b64b7af0c1f4ca63fde4d959131c/.dockerignore deleted file mode 100644 index b512c09d47662..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.9448319c1840dec2adb7d4943d3dbd6c6944b64b7af0c1f4ca63fde4d959131c/.dockerignore +++ /dev/null @@ -1 +0,0 @@ -node_modules \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.9448319c1840dec2adb7d4943d3dbd6c6944b64b7af0c1f4ca63fde4d959131c/sdk-call.js b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.9448319c1840dec2adb7d4943d3dbd6c6944b64b7af0c1f4ca63fde4d959131c/sdk-call.js deleted file mode 100644 index 7e850d7369fcd..0000000000000 --- a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.9448319c1840dec2adb7d4943d3dbd6c6944b64b7af0c1f4ca63fde4d959131c/sdk-call.js +++ /dev/null @@ -1,11 +0,0 @@ -const sdk = require('aws-sdk'); -sdk.config.update({region: 'us-east-2'}); - -var s3 = new sdk.S3(); -s3.createBucket({ Bucket: 'amazingly-made-sdk-call-created-eks-bucket'}, function(err) { - if (!err) { - console.log('Bucket was created'); - } else { - throw new Error('failed to create s3 bucket with error: ' + err); - } -}); diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b/.dockerignore b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b/.dockerignore new file mode 100644 index 0000000000000..3c3629e647f5d --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b/.dockerignore @@ -0,0 +1 @@ +node_modules diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b/Dockerfile b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b/Dockerfile new file mode 100644 index 0000000000000..e40cbe1e47989 --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b/Dockerfile @@ -0,0 +1,16 @@ +FROM node:16-alpine3.13 + +# Create app directory +RUN mkdir -p /usr/src/app +WORKDIR /usr/src/app + +# Install app dependencies +COPY package.json /usr/src/app/ +RUN yarn install + +# Bundle app source +COPY . /usr/src/app + +USER node + +CMD [ "node", "sdk-call.js" ] diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b/package.json b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b/package.json new file mode 100644 index 0000000000000..3617bf680380f --- /dev/null +++ b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/asset.ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b/package.json @@ -0,0 +1,6 @@ +{ + "name": "eks-service-account-sdk-call-integ-test", + "dependencies": { + "aws-sdk": "^2.1226.0" + } +} diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/aws-eks-oidc-provider-test.assets.json b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/aws-eks-oidc-provider-test.assets.json index 61962f7a43ae7..0f8a1239c7700 100644 --- a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/aws-eks-oidc-provider-test.assets.json +++ b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/aws-eks-oidc-provider-test.assets.json @@ -27,15 +27,15 @@ } } }, - "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671": { + "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037": { "source": { - "path": "asset.3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671", + "path": "asset.7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip", + "objectKey": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } @@ -105,20 +105,20 @@ } } }, - "dcbc2e9181e895e14522d2a67351d9654790e35567e370f54120423dd4604b40": { + "41c8a7cd37aeed043235c5685fbbd3711edb412ae285f9993951fd1bde8734a5": { "source": { - "path": "asset.dcbc2e9181e895e14522d2a67351d9654790e35567e370f54120423dd4604b40", + "path": "asset.41c8a7cd37aeed043235c5685fbbd3711edb412ae285f9993951fd1bde8734a5", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "dcbc2e9181e895e14522d2a67351d9654790e35567e370f54120423dd4604b40.zip", + "objectKey": "41c8a7cd37aeed043235c5685fbbd3711edb412ae285f9993951fd1bde8734a5.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } }, - "33cd9a04368659c7a40edb81cfe708e35df58fd7fb5cab6e47e4e307101e711a": { + "e59f13ce93f53a92012f4cb1909dd1c644a3eaabecb3f91452ebb77d698e7b36": { "source": { "path": "awseksoidcprovidertestawscdkawseksClusterResourceProviderDB30B151.nested.template.json", "packaging": "file" @@ -126,12 +126,12 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "33cd9a04368659c7a40edb81cfe708e35df58fd7fb5cab6e47e4e307101e711a.json", + "objectKey": "e59f13ce93f53a92012f4cb1909dd1c644a3eaabecb3f91452ebb77d698e7b36.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } }, - "e9a2cf3ba7ffdf0c8dd17e4e44a6408679c276f2e16bf11edacf45fd366acaa5": { + "059554c62e9a55071f25739c539509931f3e6ca68eaba0d8dabc5a14b8891229": { "source": { "path": "awseksoidcprovidertestawscdkawseksKubectlProviderD23CBFFD.nested.template.json", "packaging": "file" @@ -139,12 +139,12 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "e9a2cf3ba7ffdf0c8dd17e4e44a6408679c276f2e16bf11edacf45fd366acaa5.json", + "objectKey": "059554c62e9a55071f25739c539509931f3e6ca68eaba0d8dabc5a14b8891229.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } }, - "bf7fd4cba2720553c79486825ce60a773065fe42b92da377936b517c09592ea6": { + "5dd54e38fb3e5b666650f1d779742e66c02098650957306f6ccf1a4100f81d95": { "source": { "path": "aws-eks-oidc-provider-test.template.json", "packaging": "file" @@ -152,21 +152,21 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "bf7fd4cba2720553c79486825ce60a773065fe42b92da377936b517c09592ea6.json", + "objectKey": "5dd54e38fb3e5b666650f1d779742e66c02098650957306f6ccf1a4100f81d95.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } } }, "dockerImages": { - "9448319c1840dec2adb7d4943d3dbd6c6944b64b7af0c1f4ca63fde4d959131c": { + "ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b": { "source": { - "directory": "asset.9448319c1840dec2adb7d4943d3dbd6c6944b64b7af0c1f4ca63fde4d959131c" + "directory": "asset.ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b" }, "destinations": { "current_account-current_region": { "repositoryName": "cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}", - "imageTag": "9448319c1840dec2adb7d4943d3dbd6c6944b64b7af0c1f4ca63fde4d959131c", + "imageTag": "ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-image-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/aws-eks-oidc-provider-test.template.json b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/aws-eks-oidc-provider-test.template.json index ad3ea3c3db7cd..889064f72cc2d 100644 --- a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/aws-eks-oidc-provider-test.template.json +++ b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/aws-eks-oidc-provider-test.template.json @@ -1040,7 +1040,7 @@ [ "[{\"apiVersion\":\"v1\",\"kind\":\"Pod\",\"metadata\":{\"labels\":{\"aws.cdk.eks/prune-c8c88f6b67ceb9f4140b1b57471ed94d088c917849\":\"\",\"cdk8s.io/metadata.addr\":\"sdk-call-image-Pod-c86043a4\"},\"name\":\"sdk-call-image-pod-c806267e\"},\"spec\":{\"automountServiceAccountToken\":true,\"containers\":[{\"image\":\"", { - "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:9448319c1840dec2adb7d4943d3dbd6c6944b64b7af0c1f4ca63fde4d959131c" + "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:ad93f5960a1af5328edfd550fa7ceca2cd209f39de91feadf0e38236b56a960b" }, "\",\"imagePullPolicy\":\"Always\",\"name\":\"main\",\"ports\":[{\"containerPort\":8080}],\"securityContext\":{\"privileged\":false,\"readOnlyRootFilesystem\":false,\"runAsNonRoot\":false}}],\"dnsPolicy\":\"ClusterFirst\",\"restartPolicy\":\"Never\",\"securityContext\":{\"fsGroupChangePolicy\":\"Always\",\"runAsNonRoot\":false},\"serviceAccountName\":\"awseksoidcprovidertestclustermyserviceaccount24420634\",\"setHostnameAsFQDN\":false}}]" ] @@ -1086,7 +1086,7 @@ { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "/33cd9a04368659c7a40edb81cfe708e35df58fd7fb5cab6e47e4e307101e711a.json" + "/e59f13ce93f53a92012f4cb1909dd1c644a3eaabecb3f91452ebb77d698e7b36.json" ] ] }, @@ -1121,7 +1121,7 @@ { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "/e9a2cf3ba7ffdf0c8dd17e4e44a6408679c276f2e16bf11edacf45fd366acaa5.json" + "/059554c62e9a55071f25739c539509931f3e6ca68eaba0d8dabc5a14b8891229.json" ] ] }, @@ -1430,7 +1430,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "dcbc2e9181e895e14522d2a67351d9654790e35567e370f54120423dd4604b40.zip" + "S3Key": "41c8a7cd37aeed043235c5685fbbd3711edb412ae285f9993951fd1bde8734a5.zip" }, "Role": { "Fn::GetAtt": [ @@ -1601,7 +1601,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip" + "S3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" }, "Role": { "Fn::GetAtt": [ diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/awseksoidcprovidertestawscdkawseksClusterResourceProviderDB30B151.nested.template.json b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/awseksoidcprovidertestawscdkawseksClusterResourceProviderDB30B151.nested.template.json index e90e14de44e04..bf5e47dddb930 100644 --- a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/awseksoidcprovidertestawscdkawseksClusterResourceProviderDB30B151.nested.template.json +++ b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/awseksoidcprovidertestawscdkawseksClusterResourceProviderDB30B151.nested.template.json @@ -297,7 +297,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip" + "S3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" }, "Role": { "Fn::GetAtt": [ @@ -434,7 +434,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip" + "S3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" }, "Role": { "Fn::GetAtt": [ @@ -568,7 +568,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip" + "S3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" }, "Role": { "Fn::GetAtt": [ diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/awseksoidcprovidertestawscdkawseksKubectlProviderD23CBFFD.nested.template.json b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/awseksoidcprovidertestawscdkawseksKubectlProviderD23CBFFD.nested.template.json index f74f7145f2dea..c3409067a02f8 100644 --- a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/awseksoidcprovidertestawscdkawseksKubectlProviderD23CBFFD.nested.template.json +++ b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/awseksoidcprovidertestawscdkawseksKubectlProviderD23CBFFD.nested.template.json @@ -250,7 +250,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip" + "S3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" }, "Role": { "Fn::GetAtt": [ diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/manifest.json b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/manifest.json index 49783b5c92b6d..8165b67361b9d 100644 --- a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/manifest.json +++ b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/manifest.json @@ -23,7 +23,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/bf7fd4cba2720553c79486825ce60a773065fe42b92da377936b517c09592ea6.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/5dd54e38fb3e5b666650f1d779742e66c02098650957306f6ccf1a4100f81d95.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -590,15 +590,6 @@ "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } - ], - "S3BucketPingergrantpingerlambdabucketpermission086BFCB5": [ - { - "type": "aws:cdk:logicalId", - "data": "S3BucketPingergrantpingerlambdabucketpermission086BFCB5", - "trace": [ - "!!DESTRUCTIVE_CHANGES: WILL_DESTROY" - ] - } ] }, "displayName": "aws-eks-oidc-provider-test" diff --git a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/tree.json b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/tree.json index 7e4cde443a493..c3d02c6142092 100644 --- a/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/tree.json +++ b/packages/@aws-cdk/aws-eks/test/eks-service-account-sdk-call.integ.snapshot/tree.json @@ -9,7 +9,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.129" + "version": "10.1.133" } }, "aws-eks-oidc-provider-test": { @@ -24,8 +24,8 @@ "id": "Staging", "path": "aws-eks-oidc-provider-test/sdk-call-making-docker-image/Staging", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" } }, "Repository": { @@ -121,8 +121,8 @@ "id": "Acl", "path": "aws-eks-oidc-provider-test/Vpc/PublicSubnet1/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -304,8 +304,8 @@ "id": "Acl", "path": "aws-eks-oidc-provider-test/Vpc/PublicSubnet2/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -431,8 +431,8 @@ "id": "Acl", "path": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet1/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -558,8 +558,8 @@ "id": "Acl", "path": "aws-eks-oidc-provider-test/Vpc/PrivateSubnet2/Acl", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" } }, "RouteTable": { @@ -909,36 +909,36 @@ "id": "Default", "path": "aws-eks-oidc-provider-test/Cluster/Resource/Resource/Default", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CustomResource", + "version": "0.0.0" } } }, "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.129" + "version": "10.1.133" } }, "KubectlReadyBarrier": { "id": "KubectlReadyBarrier", "path": "aws-eks-oidc-provider-test/Cluster/KubectlReadyBarrier", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" } }, "ClusterSecurityGroup": { "id": "ClusterSecurityGroup", "path": "aws-eks-oidc-provider-test/Cluster/ClusterSecurityGroup", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.Resource", + "version": "0.0.0" } }, "MastersRole": { @@ -1007,14 +1007,14 @@ "id": "Default", "path": "aws-eks-oidc-provider-test/Cluster/AwsAuth/manifest/Resource/Default", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CustomResource", + "version": "0.0.0" } } }, @@ -1166,16 +1166,16 @@ "id": "ConfigCommand", "path": "aws-eks-oidc-provider-test/Cluster/ConfigCommand", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnOutput", + "version": "0.0.0" } }, "GetTokenCommand": { "id": "GetTokenCommand", "path": "aws-eks-oidc-provider-test/Cluster/GetTokenCommand", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnOutput", + "version": "0.0.0" } }, "my-service-account": { @@ -1194,20 +1194,20 @@ "id": "Default", "path": "aws-eks-oidc-provider-test/Cluster/my-service-account/ConditionJson/Resource/Default", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CustomResource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnJson", + "version": "0.0.0" } }, "Role": { @@ -1306,14 +1306,14 @@ "id": "Default", "path": "aws-eks-oidc-provider-test/Cluster/my-service-account/manifest-my-service-accountServiceAccountResource/Resource/Default", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CustomResource", + "version": "0.0.0" } } }, @@ -1340,14 +1340,14 @@ "id": "Default", "path": "aws-eks-oidc-provider-test/Cluster/OpenIdConnectProvider/Resource/Default", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CustomResource", + "version": "0.0.0" } } }, @@ -1368,14 +1368,14 @@ "id": "Default", "path": "aws-eks-oidc-provider-test/Cluster/sdk-call/Resource/Default", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CustomResource", + "version": "0.0.0" } } }, @@ -1406,8 +1406,8 @@ "id": "Stage", "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/NodeProxyAgentLayer/Code/Stage", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" } }, "AssetBucket": { @@ -1552,8 +1552,8 @@ "id": "Stage", "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/OnEventHandler/Code/Stage", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" } }, "AssetBucket": { @@ -1717,8 +1717,8 @@ "id": "Stage", "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/IsCompleteHandler/Code/Stage", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" } }, "AssetBucket": { @@ -1932,8 +1932,8 @@ "id": "Stage", "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onEvent/Code/Stage", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" } }, "AssetBucket": { @@ -1960,7 +1960,7 @@ "s3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "s3Key": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip" + "s3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" }, "role": { "Fn::GetAtt": [ @@ -2145,8 +2145,8 @@ "id": "Stage", "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-isComplete/Code/Stage", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" } }, "AssetBucket": { @@ -2173,7 +2173,7 @@ "s3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "s3Key": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip" + "s3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" }, "role": { "Fn::GetAtt": [ @@ -2355,8 +2355,8 @@ "id": "Stage", "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/framework-onTimeout/Code/Stage", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" } }, "AssetBucket": { @@ -2383,7 +2383,7 @@ "s3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "s3Key": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip" + "s3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" }, "role": { "Fn::GetAtt": [ @@ -2555,14 +2555,14 @@ "id": "Resource", "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Provider/waiter-state-machine/Resource", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" } } }, "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.129" + "version": "10.1.133" } } }, @@ -2575,30 +2575,30 @@ "id": "Service-principalMap", "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/Service-principalMap", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnMapping", + "version": "0.0.0" } }, "awseksoidcprovidertestawscdkawseksClusterResourceProviderframeworkonEvent4FFC9C25Arn": { "id": "awseksoidcprovidertestawscdkawseksClusterResourceProviderframeworkonEvent4FFC9C25Arn", "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/awseksoidcprovidertestawscdkawseksClusterResourceProviderframeworkonEvent4FFC9C25Arn", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnOutput", + "version": "0.0.0" } }, "reference-to-awseksoidcprovidertestClusterCreationRole9C31DBFDArn": { "id": "reference-to-awseksoidcprovidertestClusterCreationRole9C31DBFDArn", "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.ClusterResourceProvider/reference-to-awseksoidcprovidertestClusterCreationRole9C31DBFDArn", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnParameter", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.NestedStack", + "version": "0.0.0" } }, "@aws-cdk--aws-eks.ClusterResourceProvider.NestedStack": { @@ -2627,7 +2627,7 @@ { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "/33cd9a04368659c7a40edb81cfe708e35df58fd7fb5cab6e47e4e307101e711a.json" + "/e59f13ce93f53a92012f4cb1909dd1c644a3eaabecb3f91452ebb77d698e7b36.json" ] ] }, @@ -2642,14 +2642,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnStack", + "version": "0.0.0" } } }, "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.129" + "version": "10.1.133" } }, "@aws-cdk--aws-eks.KubectlProvider": { @@ -2789,8 +2789,8 @@ "id": "Stage", "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Handler/Code/Stage", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" } }, "AssetBucket": { @@ -2878,8 +2878,8 @@ "id": "Stage", "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/AwsCliLayer/Code/Stage", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" } }, "AssetBucket": { @@ -2934,8 +2934,8 @@ "id": "Stage", "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/KubectlLayer/Code/Stage", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" } }, "AssetBucket": { @@ -3115,8 +3115,8 @@ "id": "Stage", "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/Provider/framework-onEvent/Code/Stage", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" } }, "AssetBucket": { @@ -3143,7 +3143,7 @@ "s3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "s3Key": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip" + "s3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" }, "role": { "Fn::GetAtt": [ @@ -3203,48 +3203,48 @@ "id": "awseksoidcprovidertestawscdkawseksKubectlProviderframeworkonEventAF429689Arn", "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/awseksoidcprovidertestawscdkawseksKubectlProviderframeworkonEventAF429689Arn", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnOutput", + "version": "0.0.0" } }, "reference-to-awseksoidcprovidertestCluster40390314Arn": { "id": "reference-to-awseksoidcprovidertestCluster40390314Arn", "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/reference-to-awseksoidcprovidertestCluster40390314Arn", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnParameter", + "version": "0.0.0" } }, "reference-to-awseksoidcprovidertestClusterCreationRole9C31DBFDArn": { "id": "reference-to-awseksoidcprovidertestClusterCreationRole9C31DBFDArn", "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/reference-to-awseksoidcprovidertestClusterCreationRole9C31DBFDArn", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnParameter", + "version": "0.0.0" } }, "reference-to-awseksoidcprovidertestVpcPrivateSubnet1Subnet60CC97A0Ref": { "id": "reference-to-awseksoidcprovidertestVpcPrivateSubnet1Subnet60CC97A0Ref", "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/reference-to-awseksoidcprovidertestVpcPrivateSubnet1Subnet60CC97A0Ref", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnParameter", + "version": "0.0.0" } }, "reference-to-awseksoidcprovidertestVpcPrivateSubnet2Subnet7E577D94Ref": { "id": "reference-to-awseksoidcprovidertestVpcPrivateSubnet2Subnet7E577D94Ref", "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/reference-to-awseksoidcprovidertestVpcPrivateSubnet2Subnet7E577D94Ref", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnParameter", + "version": "0.0.0" } }, "reference-to-awseksoidcprovidertestCluster40390314ClusterSecurityGroupId": { "id": "reference-to-awseksoidcprovidertestCluster40390314ClusterSecurityGroupId", "path": "aws-eks-oidc-provider-test/@aws-cdk--aws-eks.KubectlProvider/reference-to-awseksoidcprovidertestCluster40390314ClusterSecurityGroupId", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnParameter", + "version": "0.0.0" } } }, @@ -3279,7 +3279,7 @@ { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "/e9a2cf3ba7ffdf0c8dd17e4e44a6408679c276f2e16bf11edacf45fd366acaa5.json" + "/059554c62e9a55071f25739c539509931f3e6ca68eaba0d8dabc5a14b8891229.json" ] ] }, @@ -3312,14 +3312,14 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnStack", + "version": "0.0.0" } } }, "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.129" + "version": "10.1.133" } }, "Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider": { @@ -3330,30 +3330,30 @@ "id": "Staging", "path": "aws-eks-oidc-provider-test/Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Staging", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" } }, "Role": { "id": "Role", "path": "aws-eks-oidc-provider-test/Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Role", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" } }, "Handler": { "id": "Handler", "path": "aws-eks-oidc-provider-test/Custom::AWSCDKOpenIdConnectProviderCustomResourceProvider/Handler", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CustomResourceProvider", + "version": "0.0.0" } }, "AWSCDKCfnUtilsProviderCustomResourceProvider": { @@ -3364,30 +3364,30 @@ "id": "Staging", "path": "aws-eks-oidc-provider-test/AWSCDKCfnUtilsProviderCustomResourceProvider/Staging", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" } }, "Role": { "id": "Role", "path": "aws-eks-oidc-provider-test/AWSCDKCfnUtilsProviderCustomResourceProvider/Role", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" } }, "Handler": { "id": "Handler", "path": "aws-eks-oidc-provider-test/AWSCDKCfnUtilsProviderCustomResourceProvider/Handler", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CustomResourceProvider", + "version": "0.0.0" } }, "S3BucketPinger": { @@ -3509,8 +3509,8 @@ "id": "Stage", "path": "aws-eks-oidc-provider-test/S3BucketPinger/Function/Code/Stage", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" } }, "AssetBucket": { @@ -3571,7 +3571,7 @@ "s3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "s3Key": "dcbc2e9181e895e14522d2a67351d9654790e35567e370f54120423dd4604b40.zip" + "s3Key": "41c8a7cd37aeed043235c5685fbbd3711edb412ae285f9993951fd1bde8734a5.zip" }, "role": { "Fn::GetAtt": [ @@ -3738,8 +3738,8 @@ "id": "Stage", "path": "aws-eks-oidc-provider-test/S3BucketPinger/Provider/framework-onEvent/Code/Stage", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.AssetStaging", + "version": "0.0.0" } }, "AssetBucket": { @@ -3766,7 +3766,7 @@ "s3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "s3Key": "3b263c2ad043fd069ef446753788c36e595c82b51a70478e58258c8ef7471671.zip" + "s3Key": "7215c88dd3e638d28329d4538b36cdbfb54233a4d972181795814f8b904d1037.zip" }, "role": { "Fn::GetAtt": [ @@ -3815,34 +3815,34 @@ "id": "Default", "path": "aws-eks-oidc-provider-test/S3BucketPinger/Resource/Default", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnResource", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CustomResource", + "version": "0.0.0" } } }, "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.129" + "version": "10.1.133" } }, "PingerResponse": { "id": "PingerResponse", "path": "aws-eks-oidc-provider-test/PingerResponse", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.CfnOutput", + "version": "0.0.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" } }, "aws-cdk-eks-service-account-sdk-call": { @@ -3858,15 +3858,15 @@ "path": "aws-cdk-eks-service-account-sdk-call/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.129" + "version": "10.1.133" } }, "DeployAssert": { "id": "DeployAssert", "path": "aws-cdk-eks-service-account-sdk-call/DefaultTest/DeployAssert", "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.Stack", + "version": "0.0.0" } } }, @@ -3883,8 +3883,8 @@ } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.129" + "fqn": "@aws-cdk/core.App", + "version": "0.0.0" } } } \ No newline at end of file