NE-2723: Migrate to aws-sdk-go-v2

[rikatz]

The aws-sdk-go library, used on DNS controller is deprecated and does not receive updates anymore.

This change migrates to the new aws-sdk-go-v2, adding the new library and making the required changes to keep the code compatible

[openshift-ci-robot]

@rikatz: This pull request references NE-2723 which is a valid jira issue.

Details

In response to this:

The aws-sdk-go library, used on DNS controller is deprecated and does not receive updates anymore.

This change migrates to the new aws-sdk-go-v2, adding the new library and making the required changes to keep the code compatible

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: e3b137bb-b06a-4f8d-a3f4-8948639013b6

📥 Commits

Reviewing files that changed from the base of the PR and between 9470c72 and 0d72f79.

⛔ Files ignored due to path filters (292)

• go.sum is excluded by !**/*.sum
• vendor/github.com/aws/aws-sdk-go-v2/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/NOTICE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/accountid_endpoint_mode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/arn/arn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/checksum.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/credential_cache.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/defaults/auto.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/defaults/configuration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/defaults/defaults.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/defaults/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/defaultsmode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/from_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/logging.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/logging_generate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/osname.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/osname_go115.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/recursion_detection.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/request_id.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/request_id_retriever.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/ec2query/error_utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/array.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/encoder.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/map.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/object.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/value.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/restjson/decoder_util.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/xml/error_utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/ratelimit/none.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/ratelimit/token_bucket.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/ratelimit/token_rate_limit.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/request.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/adaptive.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/adaptive_ratelimit.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/adaptive_token_bucket.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/attempt_metrics.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/jitter_backoff.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/standard.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/throttle_error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/timeout_error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retryer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/runtime.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/cache.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/const.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/header_rules.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/headers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/hmac.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/host.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/scope.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/time.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/util.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/presign_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/stream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/v4.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/to_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/content_type.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/response_error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/response_error_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/timeout_read_closer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/auth_scheme_preference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/defaultsmode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/generate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/ini.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/parse.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/sections.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/strings.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/token.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/tokenize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/value.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/local.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/resolve_bearer_token.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds/provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/auth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/dpop.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/token.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_cached_token.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_credentials_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_token_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/static_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/assume_role_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/web_identity_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetDynamicData.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetIAMInfo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetInstanceIdentityDocument.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetMetadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetRegion.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetToken.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetUserData.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/auth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/internal/config/resolvers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/request_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/token_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/auth/auth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/auth/scheme.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/bearer_token_adapter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/bearer_token_signer_adapter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/credentials_adapter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/smithy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/v4signer_adapter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/context/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/arn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/generate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/host.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/rand/rand.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sdk/interfaces.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sdk/time.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sdkio/byte.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/shareddefaults/shared_config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/strings/strings.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/docs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/singleflight.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/timeconv/duration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/credentials.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto/compare.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto/ecc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/const.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/header_rules.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/headers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/hmac.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/host.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/time.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/util.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/presign_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/smithy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/v4a.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptAddressTransfer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptCapacityReservationBillingOwnership.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptReservedInstancesExchangeQuote.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptTransitGatewayClientVpnAttachment.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptTransitGatewayMulticastDomainAssociations.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptTransitGatewayPeeringAttachment.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptTransitGatewayVpcAttachment.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptVpcEndpointConnections.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptVpcPeeringConnection.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AdvertiseByoipCidr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateAddress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateHosts.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateIpamPoolCidr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_ApplySecurityGroupsToClientVpnTargetNetwork.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssignIpv6Addresses.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssignPrivateIpAddresses.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssignPrivateNatGatewayAddress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateAddress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateCapacityReservationBillingOwner.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateClientVpnTargetNetwork.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateDhcpOptions.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateEnclaveCertificateIamRole.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateIamInstanceProfile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateInstanceEventWindow.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateIpamByoasn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateIpamResourceDiscovery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateNatGatewayAddress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateRouteServer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateRouteTable.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateSecurityGroupVpc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateSubnetCidrBlock.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateTransitGatewayMulticastDomain.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateTransitGatewayPolicyTable.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateTransitGatewayRouteTable.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateTrunkInterface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateVpcCidrBlock.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AttachClassicLinkVpc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AttachInternetGateway.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AttachNetworkInterface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AttachVerifiedAccessTrustProvider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AttachVolume.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AttachVpnGateway.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AuthorizeClientVpnIngress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AuthorizeSecurityGroupEgress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AuthorizeSecurityGroupIngress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_BundleInstance.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelBundleTask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelCapacityReservation.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelCapacityReservationFleets.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelConversionTask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelDeclarativePoliciesReport.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelExportTask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelImageLaunchPermission.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelImportTask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelReservedInstancesListing.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelSpotFleetRequests.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelSpotInstanceRequests.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_ConfirmProductInstance.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CopyFpgaImage.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CopyImage.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CopySnapshot.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CopyVolumes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateCapacityManagerDataExport.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateCapacityReservation.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateCapacityReservationBySplitting.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateCapacityReservationFleet.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateCarrierGateway.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateClientVpnEndpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateClientVpnRoute.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateCoipCidr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateCoipPool.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateCustomerGateway.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateDefaultSubnet.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateDefaultVpc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateDelegateMacVolumeOwnershipTask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateDhcpOptions.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateEgressOnlyInternetGateway.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateFleet.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateFlowLogs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateFpgaImage.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateImage.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateImageUsageReport.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateInstanceConnectEndpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateInstanceEventWindow.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateInstanceExportTask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateInternetGateway.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateInterruptibleCapacityReservationAllocation.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateIpam.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateIpamExternalResourceVerificationToken.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateIpamPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateIpamPool.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (8)

• go.mod
• pkg/dns/aws/dns.go
• pkg/dns/aws/dns_test.go
• pkg/util/aws/shared_credentials_file.go
• pkg/util/aws/shared_credentials_file_test.go
• test/e2e/aws_util_test.go
• test/e2e/lb_eip_test.go
• test/e2e/operator_test.go

✅ Files skipped from review due to trivial changes (2)

• pkg/util/aws/shared_credentials_file_test.go
• pkg/util/aws/shared_credentials_file.go

🚧 Files skipped from review as they are similar to previous changes (5)

• go.mod
• pkg/dns/aws/dns_test.go
• test/e2e/operator_test.go
• test/e2e/aws_util_test.go
• pkg/dns/aws/dns.go

---

📝 Walkthrough

Walkthrough

The PR migrates the codebase from AWS SDK for Go v1 to AWS SDK for Go v2. It updates module dependencies, rewrites the AWS Route53 DNS provider to use v2 clients and APIs (including tagging-based hosted zone lookup and partition-aware endpoint resolution), updates tests and e2e utilities to v2 client/types, replaces deprecated ioutil usages with os/io equivalents, and adjusts shared-credentials handling to v2 config loading. New helpers for partition/region detection and endpoint resolution were added and provider instances now cache resolved service endpoints.

🚥 Pre-merge checks | ✅ 11 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 55.17% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (11 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely summarizes the main objective of the PR: migrating from the deprecated aws-sdk-go v1 to aws-sdk-go-v2.
Description check	✅ Passed	The description clearly explains the motivation (deprecated library) and the scope of work (migration to v2 with required code compatibility changes), directly relating to the changeset.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR uses standard Go tests, not Ginkgo. Test names are stable and deterministic with no dynamic content, generated IDs, or random values.
Test Structure And Quality	✅ Passed	Custom check requires review of Ginkgo test code. Modified test files use Go testing framework only, not Ginkgo. Check is not applicable to this PR.
Microshift Test Compatibility	✅ Passed	This PR adds no new Ginkgo e2e tests. Changes include only unit tests and standard Go e2e tests (TestXxx pattern). The MicroShift compatibility check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added in this PR. Only unit tests to pkg/dns/aws/dns_test.go and modifications to existing test utilities. The SNO compatibility check does not apply.
Topology-Aware Scheduling Compatibility	✅ Passed	This PR only modifies Go source code and tests for AWS SDK v1→v2 migration. No Kubernetes manifests, operator deployments, or scheduling constraints are added or modified. The check does not apply.
Ote Binary Stdout Contract	✅ Passed	No new process-level stdout writes were introduced. All modified files either contain no stdout writes or only modify test function bodies. Pre-existing fmt.Printf in TestMain() was not changed.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No new Ginkgo e2e tests added. Only unit tests added with no IPv4 assumptions or external connectivity. Modified e2e tests are SDK migration only.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign rikatz for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

test/e2e/lb_eip_test.go (1)

443-505: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Return false when EIP release fails or unassociated EIPs still exist

Line 495 can return success even when releases failed (Line 489) or when unassociated EIPs were only attempted to be released. That can stop polling early and leak EIPs.

💡 Suggested fix

 func cleanupEIPAllocations(t *testing.T, svc *ec2.Client, clusterName string) bool {
@@
-	// Release each unassociated EIP
+	// Release each unassociated EIP
+	releaseFailed := false
 	for _, eip := range unassociatedEIPs {
 		_, err := svc.ReleaseAddress(context.TODO(), &ec2.ReleaseAddressInput{
 			AllocationId: eip.AllocationId,
 		})
 		if err != nil {
 			t.Errorf("Failed to release EIP %v with Allocation ID %v: %v", aws.ToString(eip.PublicIp), aws.ToString(eip.AllocationId), err)
+			releaseFailed = true
 		} else {
 			t.Logf("Released EIP %v with Allocation ID %v", aws.ToString(eip.PublicIp), aws.ToString(eip.AllocationId))
 		}
 	}
 
-	if len(associatedEIPs) == 0 {
+	// Keep polling until previously-unassociated EIPs are gone from a fresh DescribeAddresses call.
+	if releaseFailed || len(unassociatedEIPs) > 0 {
+		return false
+	}
+	if len(associatedEIPs) == 0 {
 		t.Log("No associated EIPs found with the specified tag key and value.")
 		return true
 	} else {

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/e2e/lb_eip_test.go` around lines 443 - 505, cleanupEIPAllocations
currently can return true even when releasing unassociated EIPs failed or when
unassociated EIPs were only attempted to be released; update the function to
track release failures and only return true when there were no release errors
and there are no remaining unassociated EIPs (and associatedEIPs is empty).
Concretely: inside cleanupEIPAllocations, add a boolean (e.g., releaseFailed)
set to true whenever svc.ReleaseAddress returns an error (instead of just
t.Errorf), and after the release loop treat any releaseFailed or any non-empty
unassociatedEIPs as a failure path (return false); only return true when
associatedEIPs is empty AND releaseFailed is false. Reference:
cleanupEIPAllocations, unassociatedEIPs, associatedEIPs, svc.ReleaseAddress.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@test/e2e/lb_eip_test.go`:
- Around line 443-505: cleanupEIPAllocations currently can return true even when
releasing unassociated EIPs failed or when unassociated EIPs were only attempted
to be released; update the function to track release failures and only return
true when there were no release errors and there are no remaining unassociated
EIPs (and associatedEIPs is empty). Concretely: inside cleanupEIPAllocations,
add a boolean (e.g., releaseFailed) set to true whenever svc.ReleaseAddress
returns an error (instead of just t.Errorf), and after the release loop treat
any releaseFailed or any non-empty unassociatedEIPs as a failure path (return
false); only return true when associatedEIPs is empty AND releaseFailed is
false. Reference: cleanupEIPAllocations, unassociatedEIPs, associatedEIPs,
svc.ReleaseAddress.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 2c5b648a-c0c5-417c-ba11-1ec530d375b3

📥 Commits

Reviewing files that changed from the base of the PR and between 10bbe5f and 9470c72.

⛔ Files ignored due to path filters (292)

• go.sum is excluded by !**/*.sum
• vendor/github.com/aws/aws-sdk-go-v2/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/NOTICE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/accountid_endpoint_mode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/arn/arn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/checksum.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/credential_cache.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/credentials.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/defaults/auto.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/defaults/configuration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/defaults/defaults.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/defaults/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/defaultsmode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/from_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/logging.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/logging_generate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/osname.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/osname_go115.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/recursion_detection.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/request_id.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/request_id_retriever.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/middleware/user_agent.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/ec2query/error_utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/array.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/encoder.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/map.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/object.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/query/value.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/restjson/decoder_util.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/protocol/xml/error_utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/ratelimit/none.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/ratelimit/token_bucket.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/ratelimit/token_rate_limit.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/request.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/adaptive.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/adaptive_ratelimit.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/adaptive_token_bucket.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/attempt_metrics.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/jitter_backoff.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/retryable_error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/standard.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/throttle_error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retry/timeout_error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/retryer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/runtime.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/cache.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/const.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/header_rules.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/headers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/hmac.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/host.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/scope.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/time.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/internal/v4/util.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/presign_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/stream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/signer/v4/v4.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/to_ptr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/content_type.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/response_error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/response_error_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/transport/http/timeout_read_closer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/aws/version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/auth_scheme_preference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/defaultsmode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/env_config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/generate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/ini.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/parse.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/sections.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/strings.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/token.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/tokenize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/internal/ini/value.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/load_options.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/local.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/resolve.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/resolve_bearer_token.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/resolve_credentials.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/config/shared_config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/ec2rolecreds/provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/auth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/internal/client/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/endpointcreds/provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/dpop.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/file.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/logincreds/token.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/processcreds/provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_cached_token.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_credentials_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/ssocreds/sso_token_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/static_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/assume_role_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/credentials/stscreds/web_identity_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetDynamicData.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetIAMInfo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetInstanceIdentityDocument.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetMetadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetRegion.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetToken.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/api_op_GetUserData.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/auth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/internal/config/resolvers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/request_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/feature/ec2/imds/token_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/auth/auth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/auth/scheme.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/bearer_token_adapter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/bearer_token_signer_adapter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/credentials_adapter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/smithy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/auth/smithy/v4signer_adapter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/configsources/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/context/context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/arn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/generate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/host.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/awsrulesfn/partitions.json is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/endpoints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/rand/rand.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sdk/interfaces.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sdk/time.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sdkio/byte.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/shareddefaults/shared_config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/strings/strings.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/docs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/sync/singleflight/singleflight.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/timeconv/duration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/credentials.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/go_module_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto/compare.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/crypto/ecc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/const.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/header_rules.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/headers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/hmac.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/host.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/time.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/internal/v4/util.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/presign_middleware.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/smithy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/internal/v4a/v4a.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptAddressTransfer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptCapacityReservationBillingOwnership.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptReservedInstancesExchangeQuote.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptTransitGatewayClientVpnAttachment.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptTransitGatewayMulticastDomainAssociations.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptTransitGatewayPeeringAttachment.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptTransitGatewayVpcAttachment.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptVpcEndpointConnections.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AcceptVpcPeeringConnection.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AdvertiseByoipCidr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateAddress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateHosts.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AllocateIpamPoolCidr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_ApplySecurityGroupsToClientVpnTargetNetwork.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssignIpv6Addresses.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssignPrivateIpAddresses.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssignPrivateNatGatewayAddress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateAddress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateCapacityReservationBillingOwner.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateClientVpnTargetNetwork.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateDhcpOptions.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateEnclaveCertificateIamRole.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateIamInstanceProfile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateInstanceEventWindow.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateIpamByoasn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateIpamResourceDiscovery.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateNatGatewayAddress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateRouteServer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateRouteTable.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateSecurityGroupVpc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateSubnetCidrBlock.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateTransitGatewayMulticastDomain.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateTransitGatewayPolicyTable.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateTransitGatewayRouteTable.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateTrunkInterface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AssociateVpcCidrBlock.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AttachClassicLinkVpc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AttachInternetGateway.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AttachNetworkInterface.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AttachVerifiedAccessTrustProvider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AttachVolume.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AttachVpnGateway.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AuthorizeClientVpnIngress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AuthorizeSecurityGroupEgress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_AuthorizeSecurityGroupIngress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_BundleInstance.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelBundleTask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelCapacityReservation.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelCapacityReservationFleets.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelConversionTask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelDeclarativePoliciesReport.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelExportTask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelImageLaunchPermission.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelImportTask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelReservedInstancesListing.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelSpotFleetRequests.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CancelSpotInstanceRequests.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_ConfirmProductInstance.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CopyFpgaImage.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CopyImage.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CopySnapshot.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CopyVolumes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateCapacityManagerDataExport.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateCapacityReservation.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateCapacityReservationBySplitting.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateCapacityReservationFleet.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateCarrierGateway.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateClientVpnEndpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateClientVpnRoute.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateCoipCidr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateCoipPool.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateCustomerGateway.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateDefaultSubnet.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateDefaultVpc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateDelegateMacVolumeOwnershipTask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateDhcpOptions.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateEgressOnlyInternetGateway.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateFleet.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateFlowLogs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateFpgaImage.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateImage.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateImageUsageReport.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateInstanceConnectEndpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateInstanceEventWindow.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateInstanceExportTask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateInternetGateway.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateInterruptibleCapacityReservationAllocation.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateIpam.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateIpamExternalResourceVerificationToken.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateIpamPolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/aws/aws-sdk-go-v2/service/ec2/api_op_CreateIpamPool.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (8)

• go.mod
• pkg/dns/aws/dns.go
• pkg/dns/aws/dns_test.go
• pkg/util/aws/shared_credentials_file.go
• pkg/util/aws/shared_credentials_file_test.go
• test/e2e/aws_util_test.go
• test/e2e/lb_eip_test.go
• test/e2e/operator_test.go

[rikatz]

@coderabbitai I want you to do a full review, line by line of the changes of this PR (ignore the vendor directory!) trying to find critical or major issues, possible breaking changes, misbehaviors and mistakes that can cause issues to users. Be critical on it, as this is a very sensible change

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

I'll read all the relevant changed files to perform the thorough review you requested.

---

🏁 Script executed:

#!/bin/bash
echo "=== pkg/dns/aws/dns.go ==="
cat pkg/dns/aws/dns.go

echo ""
echo "=== pkg/dns/aws/dns_test.go ==="
cat pkg/dns/aws/dns_test.go

echo ""
echo "=== pkg/util/aws/shared_credentials_file.go ==="
cat pkg/util/aws/shared_credentials_file.go

echo ""
echo "=== pkg/util/aws/shared_credentials_file_test.go ==="
cat pkg/util/aws/shared_credentials_file_test.go

echo ""
echo "=== test/e2e/aws_util_test.go ==="
cat test/e2e/aws_util_test.go

echo ""
echo "=== test/e2e/lb_eip_test.go ==="
cat test/e2e/lb_eip_test.go

echo ""
echo "=== test/e2e/operator_test.go (relevant sections) ==="
cat test/e2e/operator_test.go

echo ""
echo "=== go.mod (AWS-related lines) ==="
grep -n "aws\|smithy\|jmespath" go.mod

Length of output: 269260

---

@rikatz — here is my thorough, line-by-line critical review of every changed file (vendor directory excluded). I've organized findings by severity.

---

🔴 Critical / Breaking Issues

1. GovCloud detection change: C2S/SC2S now use Alias records instead of CNAME

File: pkg/dns/aws/dns.go, updateRecord function

if isGovCloudRegion(m.route53.Options().Region) {
    // CNAME path
} else {
    // Alias A/AAAA path
}

In v1, the helper clientEndpointIsGovCloud checked the endpoint URL. In v2, it checks the region prefix (us-gov-). This means C2S (us-iso-*) and SC2S (us-isob-*) regions now fall into the Alias record path instead of the CNAME path. If the v1 code also used CNAME records for C2S/SC2S, this is a silent behavior regression that could break DNS in those environments.

Please verify whether the v1 clientEndpointIsGovCloud returned true for C2S/SC2S endpoint URLs, and if so, add us-iso and us-isob prefix detection to isGovCloudRegion (or create a separate helper).

---

2. lookupZoneID: Returns on first match without validating uniqueness

File: pkg/dns/aws/dns.go, lookupZoneID function (lines ~300–320)

for _, zone := range resp.ResourceTagMappingList {
    zoneARN, err := arn.Parse(aws.ToString(zone.ResourceARN))
    if err != nil {
        return "", fmt.Errorf("failed to parse hostedzone ARN %q: %v", ...)
    }
    return zoneIDFromResource(zoneARN.Resource)  // ← returns on first entry, ignores the rest
}

If arn.Parse or zoneIDFromResource fails for the first entry but a valid zone exists later in the list, the function returns an error rather than trying subsequent entries. This is a latent reliability issue, especially when paging through zones.

---

3. SharedCredentialFile as both credentials and config file

File: pkg/dns/aws/dns.go, NewProvider (lines ~220–225)

awsconfig.WithSharedCredentialsFiles([]string{config.SharedCredentialFile}),
awsconfig.WithSharedConfigFiles([]string{config.SharedCredentialFile}),

Both the shared credentials and the shared config are set to the same file path. In AWS SDK v2, WithSharedConfigFiles causes the SDK to also parse that file for config-file-format entries (e.g., role_arn, source_profile). If config.SharedCredentialFile is an empty string (zero value), the SDK will attempt to load "" as a file path, which may silently fail or load nothing. Add a guard:

if config.SharedCredentialFile != "" {
    loadOpts = append(loadOpts,
        awsconfig.WithSharedCredentialsFiles([]string{config.SharedCredentialFile}),
        awsconfig.WithSharedConfigFiles([]string{config.SharedCredentialFile}),
    )
}

---

🟠 Major Issues

4. resolveEndpoint is logging-only but tests assert against it

File: pkg/dns/aws/dns.go, resolveEndpoint + pkg/dns/aws/dns_test.go, Test_NewProvider

The resolveEndpoint function is explicitly documented as for "logging and test assertions" only — the SDK does its own per-request endpoint resolution internally. Tests in Test_NewProvider validate provider.elbEndpoint, provider.route53Endpoint, etc., which are derived entirely from resolveEndpoint.

This creates a false confidence risk: the tests can pass while the actual SDK resolves to a different endpoint in production. This is especially concerning for custom/override endpoints since those are passed as BaseEndpoint to the SDK options (line ~390), so they will take effect. But the default endpoint construction in resolveEndpoint is best-effort and not authoritative.

Consider adding a comment in the test making this limitation explicit, or testing with actual (mocked) SDK calls for at least one case.

---

5. GovCloud tagging endpoint override is fragile string matching

File: pkg/dns/aws/dns.go, NewProvider, custom endpoint processing

case TaggingService:
    ...
    if strings.Contains(ep.URL, "us-gov-east-1") {
        url = govCloudTaggingEndpoint  // → "https://tagging.us-gov-west-1.amazonaws.com"
    }
    tagEndpoint = url

If a user provides a custom tagging endpoint URL that happens to contain the string "us-gov-east-1" for any other reason (e.g., a proxy URL, a comment in a config), the URL is silently replaced with the hard-coded GovCloud west endpoint. This is brittle. A stronger check would be to test tagRegion == "us-gov-east-1" instead of URL substring matching.

---

6. break inside switch default case for EUSC — potentially confusing

File: pkg/dns/aws/dns.go, NewProvider, partition switch

default:
    if strings.HasPrefix(region, eusCloudRegionPrefix) {
        tagRegion = euscDeEast1RegionID
        r53Region = euscDeEast1RegionID
        break  // ← breaks the switch, not an inner loop
    }
    // AWS Standard Partition
    tagRegion = "us-east-1"
    r53Region = "us-east-1"

While this is functionally correct in Go (the break exits the switch), it is unusual and hard to read. A more idiomatic approach would be an else block:

default:
    if strings.HasPrefix(region, eusCloudRegionPrefix) {
        tagRegion = euscDeEast1RegionID
        r53Region = euscDeEast1RegionID
    } else {
        tagRegion = "us-east-1"
        r53Region = "us-east-1"
    }

---

7. Test_partitionIDForRegion: eusc-de-east-1 maps to "aws" — no test for EUSC-specific behavior in NewProvider with default endpoints

File: pkg/dns/aws/dns_test.go

The test for Test_NewProvider only covers EUSC (eusc-de-east-1) with custom service endpoints. There is no test case for EUSC with default endpoints to verify that resolveEndpoint correctly computes route53.amazonaws.eu, tagging.eusc-de-east-1.amazonaws.eu, etc. This leaves a gap for regression if the default EUSC endpoint logic is broken.

---

8. Dual-stack not handled for GovCloud CNAME records

File: pkg/dns/aws/dns.go, updateRecord

if isGovCloudRegion(m.route53.Options().Region) {
    // Only creates a single CNAME record — no dual-stack handling
    record := r53types.ResourceRecord{Value: aws.String(target)}
    ...
} else {
    // Has dual-stack logic adding AAAA records
    if awsutil.IsDualStack(m.config.IPFamily) {
        changes = append(changes, ...)
    }
}

If a GovCloud cluster is configured with dual-stack IP family, no AAAA record is created. Whether this matches the GovCloud Route53 capabilities should be explicitly documented (or the CNAME block should add dual-stack handling if supported).

---

🟡 Minor Issues

9. rand.Seed is deprecated (Go ≥ 1.20)

File: test/e2e/lb_eip_test.go

rand.Seed(time.Now().UnixNano())

rand.Seed is deprecated since Go 1.20; the global source is now automatically seeded. This line is a no-op but should be removed.

---

10. io/ioutil import not cleaned up in operator_test.go

File: test/e2e/operator_test.go

"io/ioutil"

io/ioutil was deprecated in Go 1.16. While shared_credentials_file_test.go was updated to use os.ReadFile, operator_test.go still imports io/ioutil. This is a pre-existing issue that this PR could address since it's already touching the file.

---

11. context.TODO() used pervasively instead of propagated contexts

File: pkg/dns/aws/dns.go — all SDK calls

All SDK calls use context.TODO(). In v2, contexts support cancellation and timeout propagation. Consider accepting or propagating a context through the Provider methods (at minimum, Ensure, Delete, Replace) to allow proper timeout handling in production.

---

12. No validation that resolveEndpoint returns a non-empty string for all supported partitions

File: pkg/dns/aws/dns.go, resolveEndpoint

For the "Resource Groups Tagging API" service, the function doesn't handle aws-iso / aws-iso-b partitions (where tagging is disabled). It falls through and returns "". This is fine since those regions set enableTagging = false, but if that logic ever diverges, a silent empty endpoint string would be logged with no indication of the issue.

---

13. cfgRoute53 := cfg shallow copy — credential sharing risk

File: pkg/dns/aws/dns.go, NewProvider (~line 267)

cfgRoute53 := cfg
if config.RoleARN != "" {
    stsClient := sts.NewFromConfig(cfg)
    cfgRoute53.Credentials = aws.NewCredentialsCache(
        stscreds.NewAssumeRoleProvider(stsClient, config.RoleARN),
    )
}

cfg is an aws.Config struct value (not a pointer). The struct copy is shallow — fields that are interface types (like HTTPClient, Logger, ConfigSources) are shared between cfg and cfgRoute53. This is intentional and safe here since only Credentials is changed, but it's worth a comment explaining the intent (RoleARN only applies to Route53, not ELB/tagging).

---

Summary Table

#	Severity	File	Issue
1	🔴 Critical	dns.go	C2S/SC2S may now use Alias instead of CNAME (behavior change from v1)
2	🔴 Critical	dns.go	lookupZoneID returns error on first ARN parse failure without trying rest
3	🔴 Critical	dns.go	Empty SharedCredentialFile passed to SDK options without guard
4	🟠 Major	dns.go + test	resolveEndpoint is logging-only; tests don't verify actual SDK endpoints
5	🟠 Major	dns.go	GovCloud tagging URL override uses brittle substring matching
6	🟠 Major	dns.go	break in switch default for EUSC is non-idiomatic and confusing
7	🟠 Major	dns_test.go	Missing Test_NewProvider case for EUSC with default endpoints
8	🟠 Major	dns.go	No dual-stack (AAAA) support in GovCloud CNAME path
9	🟡 Minor	lb_eip_test.go	Deprecated rand.Seed
10	🟡 Minor	operator_test.go	Deprecated io/ioutil not cleaned up
11	🟡 Minor	dns.go	Pervasive context.TODO() prevents timeout/cancellation propagation
12	🟡 Minor	dns.go	resolveEndpoint silently returns "" for tagging in iso partitions
13	🟡 Minor	dns.go	Shallow copy of cfg into cfgRoute53 — intent should be commented

The most important item to verify before merging is Issue #1 (the GovCloud detection change affecting C2S/SC2S). The rest are important quality/robustness issues but lower risk for standard AWS deployments.

[rikatz]

@coderabbitai about your finding 1, The v1 Route53 endpoint for us-iso-east-1 would have been https://route53.c2s.ic.gov — which does NOT contain "us-gov". So clientEndpointIsGovCloud returned false for C2S/SC2S
in v1 too. Finding #1 is invalid. Can you comment on that?

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Search for the v1 helper implementation in git history
git log --all --oneline | head -5

# Try to find clientEndpointIsGovCloud in current or previous commits
git log --all --full-history -- pkg/dns/aws/dns.go | head -10

# Check git history for the function
git show HEAD~1:pkg/dns/aws/dns.go 2>/dev/null | grep -A 5 "clientEndpointIsGovCloud" || echo "not in HEAD~1"

# Try to get the function from older commits
git log --all --oneline -- pkg/dns/aws/dns.go | head -5

Length of output: 988

---

🏁 Script executed:

#!/bin/bash
# Get the clientEndpointIsGovCloud function from the commit just before the migration
git show d16dd454:pkg/dns/aws/dns.go 2>/dev/null | grep -A 10 "clientEndpointIsGovCloud"

Length of output: 741

---

🏁 Script executed:

#!/bin/bash
# Find the value of govCloudRoute53Region in the pre-migration commit
git show d16dd454:pkg/dns/aws/dns.go 2>/dev/null | grep -n "govCloud"

Length of output: 392

---

@rikatz — you are absolutely right, and the code confirms it. In the pre-migration code:

govCloudRoute53Region = "us-gov"  // line 46

func clientEndpointIsGovCloud(clientInfo *metadata.ClientInfo) bool {
    return strings.Contains(clientInfo.Endpoint, govCloudRoute53Region)
}

The v1 function checked whether the Route53 endpoint URL contained "us-gov". The C2S endpoint (https://route53.c2s.ic.gov) does not contain that string, so clientEndpointIsGovCloud returned false for C2S/SC2S in v1 as well — meaning those regions were already using the Alias path, not the CNAME path.

The v2 isGovCloudRegion using strings.HasPrefix(region, "us-gov-") is therefore behaviorally equivalent to v1 for C2S/SC2S. Finding #1 is invalid — I apologize for the false alarm.

---

✏️ Learnings added

Learnt from: rikatz
URL: https://github.com/openshift/cluster-ingress-operator/pull/1445

Timestamp: 2026-05-13T22:37:38.380Z
Learning: In the cluster-ingress-operator (pkg/dns/aws/dns.go), C2S (us-iso-*) and SC2S (us-isob-*) regions were NOT treated as GovCloud in the v1 implementation. The v1 helper `clientEndpointIsGovCloud` checked for "us-gov" in the endpoint URL, and the C2S Route53 endpoint (https://route53.c2s.ic.gov) does not contain "us-gov". The v2 `isGovCloudRegion` using `strings.HasPrefix(region, "us-gov-")` preserves this same behavior. Both v1 and v2 use Alias records (not CNAME) for C2S/SC2S regions.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

[rikatz]

@coderabbitai some more assessment from your comments:

#: 2
  Finding: lookupZoneID returns on first match
  Verdict: Invalid
  Reason: Identical to v1 — by design, returns first matching zone.
  ────────────────────────────────────────
  #: 3
  Finding: Empty SharedCredentialFile guard
  Verdict: Invalid
  Reason: v1 also passed it without a guard. Pre-existing behavior.
  ────────────────────────────────────────
  #: 4
  Finding: Tests don't verify actual SDK endpoints
  Verdict: Invalid
  Reason: Inherent v2 limitation — no client.Endpoint field exists. Already documented.
  ────────────────────────────────────────
  #: 5
  Finding: GovCloud tagging URL substring matching
  Verdict: Invalid
  Reason: Same logic as v1, line 247.
  ────────────────────────────────────────
  #: 6
  Finding: break in switch default is confusing
  Verdict: Invalid
  Reason: Same pattern as v1, line 217.
#: 8
  Finding: No dual-stack in GovCloud CNAME
  Verdict: Invalid
  Reason: Same as v1.
#: 12
  Finding: resolveEndpoint returns "" for iso tagging
  Verdict: Invalid
  Reason: By design — enableTagging=false for those partitions.

comment on all of them and if so, do another review line by line checking if all of your concerns are addressed

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
PRE_MIGRATION_COMMIT="d16dd454"

echo "=== Finding `#2`: lookupZoneID returns first match (v1 behavior) ==="
git show ${PRE_MIGRATION_COMMIT}:pkg/dns/aws/dns.go 2>/dev/null | grep -n -A 30 "func.*lookupZoneID"

echo ""
echo "=== Finding `#3`: Empty SharedCredentialFile guard (v1 behavior) ==="
git show ${PRE_MIGRATION_COMMIT}:pkg/dns/aws/dns.go 2>/dev/null | grep -n -B2 -A5 "SharedCredential"

echo ""
echo "=== Finding `#5`: GovCloud tagging URL substring match (v1 line ~247) ==="
git show ${PRE_MIGRATION_COMMIT}:pkg/dns/aws/dns.go 2>/dev/null | sed -n '235,265p'

echo ""
echo "=== Finding `#6`: break in switch default (v1 line ~217) ==="
git show ${PRE_MIGRATION_COMMIT}:pkg/dns/aws/dns.go 2>/dev/null | sed -n '205,235p'

echo ""
echo "=== Finding `#8`: Dual-stack in GovCloud CNAME path (v1 behavior) ==="
git show ${PRE_MIGRATION_COMMIT}:pkg/dns/aws/dns.go 2>/dev/null | grep -n -A 50 "func.*updateRecord"

echo ""
echo "=== Finding `#12`: resolveEndpoint iso tagging (v1 behavior) ==="
git show ${PRE_MIGRATION_COMMIT}:pkg/dns/aws/dns.go 2>/dev/null | grep -n -B2 -A5 "enableTagging"

echo ""
echo "=== Current dns.go: full file for fresh review ==="
cat pkg/dns/aws/dns.go

echo ""
echo "=== Current dns_test.go ==="
cat pkg/dns/aws/dns_test.go

echo ""
echo "=== test/e2e/lb_eip_test.go ==="
cat test/e2e/lb_eip_test.go

echo ""
echo "=== test/e2e/operator_test.go relevant imports ==="
head -60 test/e2e/operator_test.go

echo ""
echo "=== io/ioutil usages in operator_test.go ==="
grep -n "ioutil" test/e2e/operator_test.go | head -20

echo ""
echo "=== rand.Seed in test files ==="
grep -rn "rand\.Seed" test/

Length of output: 71906

---

@rikatz — all seven verdicts are confirmed by the v1 source. Here's my acknowledgment with evidence for each, followed by a fresh re-review.

---

Acknowledged Invalid Findings (with v1 evidence)

#2 — lookupZoneID returns on first match: Confirmed. The v1 callback (lines 371–382) does exactly the same: on the first matching entry it sets id and returns false to stop pagination. Identical by design. ✅

#3 — Empty SharedCredentialFile guard: Confirmed. v1 line 139: SharedConfigFiles: []string{config.SharedCredentialFile} — no guard, same as v2. Pre-existing behavior. ✅

#4 — Tests don't verify actual SDK endpoints: Confirmed. In v2 there is no client.Endpoint field to inspect. The resolveEndpoint helper + stored fields is the correct testing approach given the v2 architecture. ✅

#5 — GovCloud tagging URL substring match: Confirmed. v1 lines 247–250 contain the identical strings.Contains(ep.URL, "us-gov-east-1") logic and the same govCloudTaggingEndpoint fallback. ✅

#6 — break in switch default for EUSC: Confirmed. v1 lines 214–226 have the exact same pattern — break inside the default block to skip the standard us-east-1 assignment. ✅

#8 — No dual-stack in GovCloud CNAME path: Confirmed. v1 updateRecord lines 630–644 show the GovCloud branch creates a single CNAME only, with no dual-stack handling. Identical behavior preserved. ✅

#12 — resolveEndpoint returns "" for iso tagging: Confirmed. enableTagging = false for aws-iso/aws-iso-b partitions prevents the tags client from being created at all, so the empty string is intentional and unreachable in practice. ✅

#13 (self-correction) — cfgRoute53 shallow copy intent undocumented: Also invalid. The v2 code already has the comment: // When RoleARN is provided, make a copy of the Route 53 config and configure it to use RoleARN. // RoleARN is intended to only provide access to another account's Route 53 service, not for ELBs. The intent is documented. ✅

---

Fresh Line-by-Line Re-Review

With all 8 invalidated findings set aside, here is a clean pass on what genuinely remains.

---

🟠 Remaining Major Issue

#7 — No Test_NewProvider case for EUSC with default endpoints (still valid)

The test file covers EUSC only with custom service endpoints:

{
    name: "custom service endpoints, EUSC Brandenburg",
    config: Config{
        Region: "eusc-de-east-1",
        ServiceEndpoints: []ServiceEndpoint{...},
    },
    ...
}

There is no test case for Region: "eusc-de-east-1" with no ServiceEndpoints. This means the default-endpoint branch of resolveEndpoint for EUSC (e.g., https://route53.amazonaws.eu, https://tagging.eusc-de-east-1.amazonaws.eu) is untested. A missing or wrong format string in that branch would not be caught. Suggest adding:

{
    name: "default service endpoints, EUSC Brandenburg",
    config: Config{
        Region: "eusc-de-east-1",
    },
    expectedTaggingServiceEndpoint:       "https://tagging.eusc-de-east-1.amazonaws.eu",
    expectedElbServiceEndpointEndpoint:   "https://elasticloadbalancing.eusc-de-east-1.amazonaws.eu",
    expectedElbv2ServiceEndpointEndpoint: "https://elasticloadbalancing.eusc-de-east-1.amazonaws.eu",
    expectedRoute53ServiceEndpoint:       "https://route53.amazonaws.eu",
},

---

🟡 Remaining Minor Issues

#9 — No-op rand.Seed in lb_eip_test.go line 399

rand.Seed(time.Now().UnixNano())

This uses k8s.io/apimachinery/pkg/util/rand.Seed, which is a wrapper around math/rand.Seed. On Go ≥ 1.20, the global source is auto-seeded, making this a no-op. Harmless but can be removed.

#10 — Deprecated io/ioutil in operator_test.go (pre-existing, not introduced by this PR)

Lines 992, 2473, 2615, 2887, 3260, and 3333 still use ioutil.Discard / ioutil.ReadAll. This is pre-existing and this PR already touches the file for other reasons. Not a blocker, but worth a follow-up cleanup since io.Discard and io.ReadAll are the idiomatic replacements since Go 1.16.

#11 — Pervasive context.TODO() (pre-existing behavior parity)

All AWS API calls in dns.go and validateServiceEndpoints use context.TODO(). This matches v1 behavior and is not a regression. Noted for future improvement — propagating a context through Ensure/Delete/Replace would allow proper timeout/cancellation — but this is out of scope for a migration PR.

---

Summary of Remaining Items

#	Severity	Status	Description
7	🟠 Major	Still valid	Missing Test_NewProvider case for EUSC with default endpoints
9	🟡 Minor	Still valid	No-op rand.Seed (k8s wrapper) in lb_eip_test.go
10	🟡 Minor	Still valid (pre-existing)	Deprecated io/ioutil in operator_test.go
11	🟡 Minor	Still valid (pre-existing)	context.TODO() throughout; no context propagation

No new critical or breaking issues found in the fresh pass. The migration is behaviorally faithful to v1. The only concrete code suggestion I'd flag before merging is #7 (EUSC default-endpoint test case).

---

✏️ Learnings added

Learnt from: rikatz
URL: https://github.com/openshift/cluster-ingress-operator/pull/1445

Timestamp: 2026-05-13T22:41:29.025Z
Learning: In cluster-ingress-operator (pkg/dns/aws/dns.go), findings `#2`–#6, `#8`, `#12` from the aws-sdk-go v1→v2 migration review (PR `#1445`) are invalid: all represent intentional behavior parity with v1. Specifically: lookupZoneID returning on first match, no empty SharedCredentialFile guard, GovCloud tagging endpoint URL substring matching, break in switch default for EUSC, and no dual-stack in GovCloud CNAME path — all are direct ports of v1 behavior.

---

Learnt from: rikatz
URL: https://github.com/openshift/cluster-ingress-operator/pull/1445

Timestamp: 2026-05-13T22:41:29.025Z
Learning: In cluster-ingress-operator (pkg/dns/aws/dns.go), the v2 migration (PR `#1445`) already documents the cfgRoute53 shallow copy intent with a comment: "When RoleARN is provided, make a copy of the Route 53 config and configure it to use RoleARN. RoleARN is intended to only provide access to another account's Route 53 service, not for ELBs."

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

[rikatz]

@coderabbitai do the same review I have asked you again, line by line, critical and major findings, adversarial (give me reasons not to merge, if you have some).

Also verify why ci/prow/e2e-aws-operator execution failed before, and if it is related with this PR

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

I'll do the fresh adversarial re-review and simultaneously investigate the CI failure.

---

🏁 Script executed:

#!/bin/bash
echo "=== Full dns.go ==="
cat pkg/dns/aws/dns.go

echo ""
echo "=== Full dns_test.go ==="
cat pkg/dns/aws/dns_test.go

echo ""
echo "=== test/e2e/aws_util_test.go ==="
cat test/e2e/aws_util_test.go

echo ""
echo "=== test/e2e/lb_eip_test.go ==="
cat test/e2e/lb_eip_test.go

echo ""
echo "=== test/e2e/operator_test.go - EC2/EIP related sections ==="
grep -n "ec2\|EIP\|eip\|assertEIPAllocation\|createEC2\|getPublicSubnet\|getVPCId\|createAWSEIP" test/e2e/operator_test.go | head -60

echo ""
echo "=== go.mod AWS entries ==="
grep -n "aws\|smithy\|jmespath" go.mod

echo ""
echo "=== Check PR CI status ==="
gh pr checks 1445 --repo openshift/cluster-ingress-operator 2>/dev/null | head -60

echo ""
echo "=== Check PR reviews and comments for CI failure ==="
gh pr view 1445 --repo openshift/cluster-ingress-operator --json statusCheckRollup 2>/dev/null | head -200

echo ""
echo "=== List check runs ==="
gh api repos/openshift/cluster-ingress-operator/commits/$(gh pr view 1445 --repo openshift/cluster-ingress-operator --json headRefOid --jq '.headRefOid')/check-runs 2>/dev/null | python3 -c "
import json, sys
data = json.load(sys.stdin)
for run in data.get('check_runs', []):
    print(f\"Name: {run['name']}\")
    print(f\"Status: {run['status']}\")
    print(f\"Conclusion: {run.get('conclusion', 'N/A')}\")
    print(f\"URL: {run.get('html_url', 'N/A')}\")
    print('---')
" 2>/dev/null | head -200

Length of output: 81698

---

All CI checks are currently PENDING (re-triggered just now at ~12:01 UTC). Let me check what the previous failure was, and simultaneously verify the service/signin dependency.

Let me check the prow job history for the previous failed run.

---

🏁 Script executed:

#!/bin/bash
# Check prow job history for previous runs on this PR
# The current run URL is: https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/openshift_cluster-ingress-operator/1445/pull-ci-openshift-cluster-ingress-operator-master-e2e-aws-operator/2054894919390072832

# List all PR comments on PR 1445 to find any previous CI failure mentions
gh pr view 1445 --repo openshift/cluster-ingress-operator --comments --json comments 2>/dev/null | python3 -c "
import json, sys
data = json.load(sys.stdin)
for comment in data.get('comments', []):
    if 'prow' in comment.get('body','').lower() or 'e2e' in comment.get('body','').lower() or 'fail' in comment.get('body','').lower() or 'ci' in comment.get('body','').lower():
        print('Author:', comment['author']['login'])
        print('Body:', comment['body'][:600])
        print('---')
" 2>/dev/null

echo "=== Check issue events for status contexts ==="
# Check previous commit statuses on the PR
PREV_COMMIT=$(gh api repos/openshift/cluster-ingress-operator/commits/$(gh pr view 1445 --repo openshift/cluster-ingress-operator --json headRefOid --jq '.headRefOid')/statuses 2>/dev/null | python3 -c "
import json, sys
data = json.load(sys.stdin)
for status in data[:30]:
    if 'e2e' in status.get('context','').lower():
        print(f\"Context: {status['context']}\")
        print(f\"State: {status['state']}\")
        print(f\"Description: {status.get('description','')}\")
        print(f\"URL: {status.get('target_url','')}\")
        print('---')
" 2>/dev/null)
echo "$PREV_COMMIT"

echo "=== Try prow job history API for previous runs ==="
# Try to find the job history for this specific PR
curl -s "https://prow.ci.openshift.org/job-history/gs/test-platform-results/pr-logs/pull/openshift_cluster-ingress-operator/1445/pull-ci-openshift-cluster-ingress-operator-master-e2e-aws-operator" 2>/dev/null | grep -o '"buildID":"[0-9]*"' | head -5 || echo "Cannot access prow history directly"

# Check the full status list sorted by date
gh api repos/openshift/cluster-ingress-operator/commits/$(gh pr view 1445 --repo openshift/cluster-ingress-operator --json headRefOid --jq '.headRefOid')/statuses 2>/dev/null | python3 -c "
import json, sys
data = json.load(sys.stdin)
# Find failure states
for status in data:
    if status.get('state') in ('failure', 'error'):
        print(f\"Context: {status['context']}\")
        print(f\"State: {status['state']}\")
        print(f\"Description: {status.get('description','')}\")
        print(f\"URL: {status.get('target_url','')}\")
        print(f\"Updated: {status.get('updated_at','')}\")
        print('---')
" 2>/dev/null | head -100

Length of output: 8730

---

Found the previous failed run. Let me fetch its logs to diagnose the failure.

Let me fetch the specific prow job logs directly.

---

🏁 Script executed:

#!/bin/bash
# Fetch the failed prow job artifacts to understand what failed
FAILED_JOB_URL="https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/openshift_cluster-ingress-operator/1445/pull-ci-openshift-cluster-ingress-operator-master-e2e-aws-operator/2054683983760855040"

# Try to get the junit results
JOB_BASE="gs://test-platform-results/pr-logs/pull/openshift_cluster-ingress-operator/1445/pull-ci-openshift-cluster-ingress-operator-master-e2e-aws-operator/2054683983760855040"

# Try fetching via the spyglass/artifacts API
curl -s "https://prow.ci.openshift.org/log?job=pull-ci-openshift-cluster-ingress-operator-master-e2e-aws-operator&id=2054683983760855040" 2>/dev/null | tail -100 || echo "Cannot access log directly"

# Try the artifacts endpoint  
curl -s "https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/test-platform-results/pr-logs/pull/openshift_cluster-ingress-operator/1445/pull-ci-openshift-cluster-ingress-operator-master-e2e-aws-operator/2054683983760855040/" 2>/dev/null | grep -o 'href="[^"]*"' | head -30 || echo "Cannot list artifacts"

# Try finished.json to get overall status/failure info
curl -s "https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/test-platform-results/pr-logs/pull/openshift_cluster-ingress-operator/1445/pull-ci-openshift-cluster-ingress-operator-master-e2e-aws-operator/2054683983760855040/finished.json" 2>/dev/null || echo "Cannot access finished.json"

echo "=== Try prowjob info ==="
curl -s "https://prow.ci.openshift.org/prowjob?prowjob=2054683983760855040" 2>/dev/null | python3 -c "
import json, sys
try:
    data = json.load(sys.stdin)
    print(json.dumps(data.get('status', {}), indent=2))
except:
    content = sys.stdin.read()
    print(content[:2000])
" 2>/dev/null || true

Length of output: 2737

---

Good - confirmed FAILURE on the previous commit. Now let me get the build log and test results.

---

🏁 Script executed:

#!/bin/bash
BASE="https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/test-platform-results/pr-logs/pull/openshift_cluster-ingress-operator/1445/pull-ci-openshift-cluster-ingress-operator-master-e2e-aws-operator/2054683983760855040"

echo "=== build-log.txt (last 200 lines) ==="
curl -s "$BASE/build-log.txt" 2>/dev/null | tail -200

echo ""
echo "=== List artifacts directory ==="
curl -s "$BASE/artifacts/" 2>/dev/null | grep -o 'href="[^"]*"' | head -30

echo ""
echo "=== prowjob_junit.xml ==="
curl -s "$BASE/prowjob_junit.xml" 2>/dev/null | head -100

Length of output: 22299

---

Found the failing test: TestManagedDNSToUnmanagedDNSIngressController. This directly touches the DNS delete path. Let me get the failure details.

---

🏁 Script executed:

#!/bin/bash
BASE="https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/test-platform-results/pr-logs/pull/openshift_cluster-ingress-operator/1445/pull-ci-openshift-cluster-ingress-operator-master-e2e-aws-operator/2054683983760855040"

echo "=== junit_operator.xml (failures only) ==="
curl -s "$BASE/artifacts/junit_operator.xml" 2>/dev/null | python3 -c "
import sys, xml.etree.ElementTree as ET
content = sys.stdin.read()
try:
    root = ET.fromstring(content)
    for tc in root.iter('testcase'):
        failures = tc.findall('failure')
        errors = tc.findall('error')
        if failures or errors:
            print('TEST:', tc.get('name'))
            print('CLASSNAME:', tc.get('classname', ''))
            print('TIME:', tc.get('time'))
            for f in failures:
                print('FAILURE:', f.get('message', ''))
                print('BODY:', (f.text or '')[:2000])
            for e in errors:
                print('ERROR:', e.get('message', ''))
                print('BODY:', (e.text or '')[:2000])
            print('---')
except Exception as ex:
    print('Parse error:', ex)
    print(content[:3000])
" 2>/dev/null

echo ""
echo "=== Look for test-specific e2e log ==="
curl -s "$BASE/artifacts/e2e-aws-operator/" 2>/dev/null | grep -o 'href="[^"]*"' | head -30

echo ""
echo "=== Check e2e-aws-operator-test directory ==="
curl -s "$BASE/artifacts/e2e-aws-operator/e2e-aws-operator-test/" 2>/dev/null | grep -o 'href="[^"]*"' | head -30

Length of output: 12999

---

Let me get the detailed test artifacts for the specific failure.

---

🏁 Script executed:

#!/bin/bash
BASE="https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/test-platform-results/pr-logs/pull/openshift_cluster-ingress-operator/1445/pull-ci-openshift-cluster-ingress-operator-master-e2e-aws-operator/2054683983760855040"

echo "=== List e2e-aws-operator/test directory ==="
curl -s "$BASE/artifacts/e2e-aws-operator/test/" 2>/dev/null | grep -o 'href="[^"]*"' | head -30

echo ""
echo "=== Try to get the e2e junit results from artifacts ==="
# Try the test directory for junit files
curl -s "$BASE/artifacts/e2e-aws-operator/" 2>/dev/null | grep -o 'href="[^"]*junit[^"]*"' | head -10

# Also try the direct test log
echo ""
echo "=== Check build-resources ==="
curl -s "$BASE/artifacts/build-resources/" 2>/dev/null | grep -o 'href="[^"]*"' | head -20

# Try to get the operator log from the cluster
echo ""
echo "=== Check gather-extra directory ==="
curl -s "$BASE/artifacts/e2e-aws-operator/gather-extra/" 2>/dev/null | grep -o 'href="[^"]*"' | head -20

# Look at the full build log specifically around the failing test
echo ""
echo "=== build-log.txt - TestManagedDNSToUnmanaged section ==="
curl -s "$BASE/build-log.txt" 2>/dev/null | grep -A 50 -B 5 "TestManagedDNSToUnmanagedDNSIngressController"

Length of output: 33121

---

@rikatz — here is the comprehensive fresh adversarial re-review, followed by the CI failure diagnosis.

---

Fresh Adversarial Re-Review

✅ Correction from previous round: Finding #7 is also invalid

I previously said there was no Test_NewProvider test case for EUSC with default endpoints. I was wrong — "default service endpoints, EUSC Brandenburg" IS present in the test table, covering all four expected default endpoints. Finding #7 is invalid.

---

🔴 Reason Not to Merge #1 — CI failure is DNS-specific and likely PR-related

This is the most important finding. The previous CI run (job 2054683983760855040) failed on a single test:

--- FAIL: TestAll/parallel/TestManagedDNSToUnmanagedDNSIngressController (138.28s)

The specific error from the build log:

unmanaged_dns_test.go:187: DNSRecord zone expected to have status=Unknown but got status=True

Test flow breakdown:

1. Create IngressController with ManagedLoadBalancerDNS → ✅ DNS record created, connectivity verified
2. Switch IC to dnsManagementPolicy=Unmanaged
3. Wait for stable IngressController conditions → ✅ waited
4. Check DNSRecord zone condition for the internal zone (tag-based lookup) → FAILED: still True, expected Unknown

Why this is suspicious:

• TestUnmanagedDNSToManagedDNSIngressController (the reverse direction: unmanaged→managed, DNS CREATE path) passed at 138.44s
• Only the DELETE/disownment path (managed→unmanaged) failed
• This PR rewrites the entire DNS provider including the Delete → change → updateRecord call chain

Possible root causes:

1. The v2 SDK's Delete call silently fails or returns a non-fatal error while the DNS record still exists in Route53, causing the reconciler to still set status=True on the next reconcile cycle before it can set it to Unknown
2. A timing issue: the reconciler sets the condition to Unknown asynchronously, but the delete in v2 takes longer than in v1 (e.g., due to SDK retry/backoff differences), leaving a window where the old True status is still observed

This test failed on the previous commit (6d8c121f) — the retest on the current head (10bbe5fa) is still running. The result of that retest should be treated as a gate for merging. If it fails again, the delete path needs to be investigated.

---

🟠 Reason Not to Merge #2 — updateRecord delete error detection uses string matching instead of error code

if action == string(deleteAction) {
    var apiErr smithy.APIError
    if errors.As(err, &apiErr) {
        if strings.Contains(apiErr.ErrorMessage(), "not found") {
            log.Info("record not found", ...)
            return nil  // ← silently swallows the error
        }
    }
}

AWS SDK v2's smithy.APIError exposes both ErrorCode() and ErrorMessage(). For a non-existent record during deletion, Route53 returns:

• Code: InvalidChangeBatch
• Message: "Tried to delete resource record set [...] but it was not found"

The check relies on the message substring "not found" rather than the error code. This is fragile: if any other Route53 error happens to contain "not found" in its message, deletion errors would be silently swallowed and the record would appear deleted when it wasn't. Importantly, the condition update in the reconciler depends on Delete() returning nil to consider the record successfully deleted. A stronger implementation:

var apiErr smithy.APIError
if errors.As(err, &apiErr) &&
    apiErr.ErrorCode() == "InvalidChangeBatch" &&
    strings.Contains(apiErr.ErrorMessage(), "not found") {
    // ...
}

This is pre-existing v1 behavior but v2's type system makes the safer check trivial. Given that the CI failure is on the delete path, this is worth tightening now.

---

🟡 Minor Issues (not blockers, but adversarial completeness)

3. lookupZoneIDWithoutResourceTagging — ListTagsForResources with empty slice

If the first page of ListHostedZones returns 0 zones, resourceIds is []string{} and ListTagsForResources is called with an empty ResourceIds. The Route53 API may return an error for an empty list. This is v1 parity and only affects accounts with 0 hosted zones, but it is a potential panic-free crash path in unusual environments (e.g., CI clusters with no zones).

4. service/signin v1.0.11 in go.mod is unusual

github.com/aws/aws-sdk-go-v2/service/signin v1.0.11 // indirect

This is the AWS IAM Identity Center Sign-in API — not typically needed for DNS/ELB operations. It is likely a transitive dependency from service/sso or service/ssooidc (used for SSO credential chaining). It is worth verifying that this was pulled in intentionally and not as a stale/erroneous transitive dep.

5. govCloudRoute53Region constant dual use is easy to misread

The constant govCloudRoute53Region = "us-gov" is used both as:

• A URL fragment: fmt.Sprintf("https://route53.%s.amazonaws.com", govCloudRoute53Region) → "https://route53.us-gov.amazonaws.com" ✓
• A doc constant (with comments referencing the endpoint)

But in NewProvider, the GovCloud Route53 region is set to "us-gov-west-1", not the constant. A future developer editing the resolveEndpoint function might assume govCloudRoute53Region is a full region ID and use it as o.Region — which would be wrong. A comment or rename (govCloudRoute53EndpointFragment) would disambiguate.

---

CI Failure Verdict

Failed test	TestManagedDNSToUnmanagedDNSIngressController
Error	DNSRecord zone expected to have status=Unknown but got status=True
Path exercised	DNS Delete path (managed→unmanaged transition)
PR-related?	Suspicious — this test exclusively exercises the DNS delete path which this PR rewrites, and the inverse test (unmanaged→managed, DNS create) passed.
Verdict	Do not merge until the re-triggered CI run passes. If it fails again, instrument the Delete/updateRecord code path with more diagnostic logging and verify the error detection logic (Finding #2 above).

---

✏️ Learnings added

Learnt from: rikatz
URL: https://github.com/openshift/cluster-ingress-operator/pull/1445

Timestamp: 2026-05-14T12:10:08.890Z
Learning: In the cluster-ingress-operator (pkg/dns/aws/dns.go) v2 migration PR `#1445`, the `TestManagedDNSToUnmanagedDNSIngressController` e2e test failed on a previous commit (6d8c121f) with error "DNSRecord zone expected to have status=Unknown but got status=True" - meaning after switching to UnmanagedLoadBalancerDNS, the internal zone's DNSRecord condition was still True instead of Unknown. This test exercises the DNS DELETE/disownment path which was rewritten in the v2 migration.

---

Learnt from: rikatz
URL: https://github.com/openshift/cluster-ingress-operator/pull/1445

Timestamp: 2026-05-14T12:10:08.890Z
Learning: In cluster-ingress-operator pkg/dns/aws/dns.go (PR `#1445`), Test_NewProvider does include a "default service endpoints, EUSC Brandenburg" test case with no ServiceEndpoints configured - verifying default endpoint resolution for eusc-de-east-1. Finding that this test was missing was incorrect.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

[rikatz]

The test that I care right now is e2e-aws-operator, which is flaky by different reasons apparently, so let me try again

/test e2e-aws-operator

[openshift-ci]

@rikatz: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-ovn	0d72f79	link	true	/test e2e-aws-ovn
ci/prow/e2e-gcp-operator	0d72f79	link	true	/test e2e-gcp-operator
ci/prow/e2e-aws-ovn-serial-1of2	0d72f79	link	true	/test e2e-aws-ovn-serial-1of2
ci/prow/e2e-aws-ovn-serial-2of2	0d72f79	link	true	/test e2e-aws-ovn-serial-2of2

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.