diff --git a/go.mod b/go.mod index 9f2959f59..1d6cb9f67 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.25.0 require ( github.com/aws/aws-sdk-go-v2 v1.41.1 github.com/aws/aws-sdk-go-v2/config v1.32.7 - github.com/aws/aws-sdk-go-v2/service/eks v1.78.0 + github.com/aws/aws-sdk-go-v2/service/eks v1.80.0 github.com/aws/aws-sdk-go-v2/service/iam v1.53.2 github.com/aws/smithy-go v1.24.0 github.com/cloudevents/sdk-go/v2 v2.16.2 diff --git a/go.sum b/go.sum index ee45044d3..ba1451a83 100644 --- a/go.sum +++ b/go.sum @@ -44,8 +44,8 @@ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17 h1:WWLqlh79iO48yLkj1v github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17/go.mod h1:EhG22vHRrvF8oXSTYStZhJc1aUgKtnJe+aOiFEV90cM= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 h1:WKuaxf++XKWlHWu9ECbMlha8WOEGm0OUEZqm4K/Gcfk= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4/go.mod h1:ZWy7j6v1vWGmPReu0iSGvRiise4YI5SkR3OHKTZ6Wuc= -github.com/aws/aws-sdk-go-v2/service/eks v1.78.0 h1:3sGbR7pC+zLcUO817wxuY4CmhxDn4sD5b2ZfGphRsLQ= -github.com/aws/aws-sdk-go-v2/service/eks v1.78.0/go.mod h1:Qg678m+87sCuJhcsZojenz8mblYG+Tq86V4m3hjVz0s= +github.com/aws/aws-sdk-go-v2/service/eks v1.80.0 h1:moQGV8cPbVTN7r2Xte1Mybku35QDePSJEd3onYVmBtY= +github.com/aws/aws-sdk-go-v2/service/eks v1.80.0/go.mod h1:Qg678m+87sCuJhcsZojenz8mblYG+Tq86V4m3hjVz0s= github.com/aws/aws-sdk-go-v2/service/iam v1.53.2 h1:62G6btFUwAa5uR5iPlnlNVAM0zJSLbWgDfKOfUC7oW4= github.com/aws/aws-sdk-go-v2/service/iam v1.53.2/go.mod h1:av9clChrbZbJ5E21msSsiT2oghl2BJHfQGhCkXmhyu8= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 h1:0ryTNEdJbzUCEWkVXEXoqlXV72J5keC1GvILMOuD00E= diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/eks/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/eks/CHANGELOG.md index 9a966b2b5..d25ee471f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/eks/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/eks/CHANGELOG.md @@ -1,3 +1,11 @@ +# v1.80.0 (2026-02-11) + +* **Feature**: This release adds support for Windows Server 2025 in Amazon EKS Managed Node Groups. + +# v1.79.0 (2026-02-10.2) + +* **Feature**: Introducing an optional policy field, an IAM policy applied to pod identity associations in addition to IAM role policies. When specified, pod permissions are the intersection of IAM role policies and the policy field, ensuring the principle of least privilege. + # v1.78.0 (2026-02-10) * **Feature**: Amazon EKS adds a new DescribeUpdate update type, VendedLogsUpdate, to support an integration between EKS Auto Mode and Amazon CloudWatch Vended Logs. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/eks/api_op_CreatePodIdentityAssociation.go b/vendor/github.com/aws/aws-sdk-go-v2/service/eks/api_op_CreatePodIdentityAssociation.go index 417bff0bc..e3cbb6b7a 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/eks/api_op_CreatePodIdentityAssociation.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/eks/api_op_CreatePodIdentityAssociation.go @@ -107,6 +107,23 @@ type CreatePodIdentityAssociationInput struct { // [List of session tags added by EKS Pod Identity]: https://docs.aws.amazon.com/eks/latest/userguide/pod-id-abac.html#pod-id-abac-tags DisableSessionTags *bool + // An optional IAM policy in JSON format (as an escaped string) that applies + // additional restrictions to this pod identity association beyond the IAM policies + // attached to the IAM role. This policy is applied as the intersection of the + // role's policies and this policy, allowing you to reduce the permissions that + // applications in the pods can use. Use this policy to enforce least privilege + // access while still leveraging a shared IAM role across multiple applications. + // + // Important considerations + // + // - Session tags: When using this policy, disableSessionTags must be set to true + // . + // + // - Target role permissions: If you specify both a TargetRoleArn and a policy, + // the policy restrictions apply only to the target role's permissions, not to the + // initial role used for assuming the target role. + Policy *string + // Metadata that assists with categorization and organization. Each tag consists // of a key and an optional value. You define both. Tags don't propagate to any // other cluster or Amazon Web Services resources. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/eks/api_op_UpdatePodIdentityAssociation.go b/vendor/github.com/aws/aws-sdk-go-v2/service/eks/api_op_UpdatePodIdentityAssociation.go index 5e07eac2d..59a3da187 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/eks/api_op_UpdatePodIdentityAssociation.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/eks/api_op_UpdatePodIdentityAssociation.go @@ -82,6 +82,23 @@ type UpdatePodIdentityAssociationInput struct { // [List of session tags added by EKS Pod Identity]: https://docs.aws.amazon.com/eks/latest/userguide/pod-id-abac.html#pod-id-abac-tags DisableSessionTags *bool + // An optional IAM policy in JSON format (as an escaped string) that applies + // additional restrictions to this pod identity association beyond the IAM policies + // attached to the IAM role. This policy is applied as the intersection of the + // role's policies and this policy, allowing you to reduce the permissions that + // applications in the pods can use. Use this policy to enforce least privilege + // access while still leveraging a shared IAM role across multiple applications. + // + // Important considerations + // + // - Session tags: When using this policy, disableSessionTags must be set to true + // . + // + // - Target role permissions: If you specify both a TargetRoleArn and a policy, + // the policy restrictions apply only to the target role's permissions, not to the + // initial role used for assuming the target role. + Policy *string + // The new IAM role to change in the association. RoleArn *string diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/eks/deserializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/eks/deserializers.go index 57ec7feab..6648656dd 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/eks/deserializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/eks/deserializers.go @@ -17352,6 +17352,15 @@ func awsRestjson1_deserializeDocumentPodIdentityAssociation(v **types.PodIdentit sv.OwnerArn = ptr.String(jtv) } + case "policy": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected String to be of type string, got %T instead", value) + } + sv.Policy = ptr.String(jtv) + } + case "roleArn": if value != nil { jtv, ok := value.(string) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/eks/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/eks/go_module_metadata.go index 475bfcb60..7df9552e6 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/eks/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/eks/go_module_metadata.go @@ -3,4 +3,4 @@ package eks // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.78.0" +const goModuleVersion = "1.80.0" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/eks/serializers.go b/vendor/github.com/aws/aws-sdk-go-v2/service/eks/serializers.go index 82d902a8f..69b6b5c21 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/eks/serializers.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/eks/serializers.go @@ -1462,6 +1462,11 @@ func awsRestjson1_serializeOpDocumentCreatePodIdentityAssociationInput(v *Create ok.String(*v.Namespace) } + if v.Policy != nil { + ok := object.Key("policy") + ok.String(*v.Policy) + } + if v.RoleArn != nil { ok := object.Key("roleArn") ok.String(*v.RoleArn) @@ -6189,6 +6194,11 @@ func awsRestjson1_serializeOpDocumentUpdatePodIdentityAssociationInput(v *Update ok.Boolean(*v.DisableSessionTags) } + if v.Policy != nil { + ok := object.Key("policy") + ok.String(*v.Policy) + } + if v.RoleArn != nil { ok := object.Key("roleArn") ok.String(*v.RoleArn) diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/eks/types/enums.go b/vendor/github.com/aws/aws-sdk-go-v2/service/eks/types/enums.go index 5a21e21f7..ae771b161 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/eks/types/enums.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/eks/types/enums.go @@ -107,6 +107,8 @@ const ( AMITypesWindowsFull2019X8664 AMITypes = "WINDOWS_FULL_2019_x86_64" AMITypesWindowsCore2022X8664 AMITypes = "WINDOWS_CORE_2022_x86_64" AMITypesWindowsFull2022X8664 AMITypes = "WINDOWS_FULL_2022_x86_64" + AMITypesWindowsCore2025X8664 AMITypes = "WINDOWS_CORE_2025_x86_64" + AMITypesWindowsFull2025X8664 AMITypes = "WINDOWS_FULL_2025_x86_64" AMITypesAl2023X8664Standard AMITypes = "AL2023_x86_64_STANDARD" AMITypesAl2023Arm64Standard AMITypes = "AL2023_ARM_64_STANDARD" AMITypesAl2023X8664Neuron AMITypes = "AL2023_x86_64_NEURON" @@ -136,6 +138,8 @@ func (AMITypes) Values() []AMITypes { "WINDOWS_FULL_2019_x86_64", "WINDOWS_CORE_2022_x86_64", "WINDOWS_FULL_2022_x86_64", + "WINDOWS_CORE_2025_x86_64", + "WINDOWS_FULL_2025_x86_64", "AL2023_x86_64_STANDARD", "AL2023_ARM_64_STANDARD", "AL2023_x86_64_NEURON", diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/eks/types/types.go b/vendor/github.com/aws/aws-sdk-go-v2/service/eks/types/types.go index 0bf296c6a..31c926e54 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/eks/types/types.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/eks/types/types.go @@ -2222,6 +2222,14 @@ type PodIdentityAssociation struct { // If defined, the EKS Pod Identity association is owned by an Amazon EKS add-on. OwnerArn *string + // An optional IAM policy in JSON format (as an escaped string) that applies + // additional restrictions to this pod identity association beyond the IAM policies + // attached to the IAM role. This policy is applied as the intersection of the + // role's policies and this policy, allowing you to reduce the permissions that + // applications in the pods can use. Use this policy to enforce least privilege + // access while still leveraging a shared IAM role across multiple applications. + Policy *string + // The Amazon Resource Name (ARN) of the IAM role to associate with the service // account. The EKS Pod Identity agent manages credentials to assume this role for // applications in the containers in the Pods that use this service account. diff --git a/vendor/modules.txt b/vendor/modules.txt index dd4a2f436..f7a0a351a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -119,7 +119,7 @@ github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 # github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 ## explicit; go 1.23 github.com/aws/aws-sdk-go-v2/internal/ini -# github.com/aws/aws-sdk-go-v2/service/eks v1.78.0 +# github.com/aws/aws-sdk-go-v2/service/eks v1.80.0 ## explicit; go 1.23 github.com/aws/aws-sdk-go-v2/service/eks github.com/aws/aws-sdk-go-v2/service/eks/internal/endpoints