🐛 Fix ID collisions, access-denied handling, and spell check

Fix featureDefinition and clusterNode cache key collisions by including
parent resource identifiers in IDs. Add Is400AccessDeniedError handling
to ListClusterNodes. Add Slurm to spell-check dictionary and document
modelPackages listing limitation.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: tas50

.github/actions/spelling/expect.txt

@@ -272,6 +272,7 @@ Sflags
 signin
 singlequeryargument
 sizeconstraintstatement
+Slurm
 smbv
 Snat
 SNYK

providers/aws/resources/aws.lr

@@ -1645,7 +1645,7 @@ aws.sagemaker {
   clusters() []aws.sagemaker.cluster
   // List of SageMaker feature groups
   featureGroups() []aws.sagemaker.featureGroup
-  // List of SageMaker model packages
+  // List of SageMaker model packages (excludes packages within model package groups)
   modelPackages() []aws.sagemaker.modelPackage
   // List of SageMaker model package groups
   modelPackageGroups() []aws.sagemaker.modelPackageGroup

providers/aws/resources/aws.lr.go

@@ -1,7 +1,7 @@
 {
   "provider": "aws",
-  "version": "13.10.0",
-  "generated_at": "2026-04-08T16:03:53-07:00",
+  "version": "13.12.0",
+  "generated_at": "2026-04-10T12:51:16-07:00",
   "permissions": [
     "access-analyzer:ListAnalyzers",
     "access-analyzer:ListFindingsV2",
@@ -397,23 +397,38 @@
     "s3:GetPublicAccessBlock",
     "s3:ListBucketMetricsConfigurations",
     "s3:ListBuckets",
+    "sagemaker:DescribeCluster",
     "sagemaker:DescribeDomain",
     "sagemaker:DescribeEndpointConfig",
+    "sagemaker:DescribeFeatureGroup",
     "sagemaker:DescribeInferenceComponent",
     "sagemaker:DescribeModel",
+    "sagemaker:DescribeModelCard",
+    "sagemaker:DescribeModelPackage",
+    "sagemaker:DescribeModelPackageGroup",
     "sagemaker:DescribeNotebookInstance",
     "sagemaker:DescribePipeline",
     "sagemaker:DescribeProcessingJob",
+    "sagemaker:DescribeSpace",
     "sagemaker:DescribeTrainingJob",
+    "sagemaker:DescribeUserProfile",
+    "sagemaker:ListClusterNodes",
+    "sagemaker:ListClusters",
     "sagemaker:ListDomains",
     "sagemaker:ListEndpoints",
+    "sagemaker:ListFeatureGroups",
     "sagemaker:ListInferenceComponents",
+    "sagemaker:ListModelCards",
+    "sagemaker:ListModelPackageGroups",
+    "sagemaker:ListModelPackages",
     "sagemaker:ListModels",
     "sagemaker:ListNotebookInstances",
     "sagemaker:ListPipelines",
     "sagemaker:ListProcessingJobs",
+    "sagemaker:ListSpaces",
     "sagemaker:ListTags",
     "sagemaker:ListTrainingJobs",
+    "sagemaker:ListUserProfiles",
     "scheduler:GetSchedule",
     "scheduler:ListScheduleGroups",
     "scheduler:ListSchedules",
@@ -1279,6 +1294,12 @@
       "action": "DescribeSnapshots",
       "source_file": "aws_ec2.go"
     },
+    {
+      "permission": "ec2:DescribeSubnets",
+      "service": "ec2",
+      "action": "DescribeSubnets",
+      "source_file": "aws_sagemaker.go"
+    },
     {
       "permission": "ec2:DescribeSubnets",
       "service": "ec2",
@@ -2947,6 +2968,12 @@
       "action": "ListBuckets",
       "source_file": "aws_s3.go"
     },
+    {
+      "permission": "sagemaker:DescribeCluster",
+      "service": "sagemaker",
+      "action": "DescribeCluster",
+      "source_file": "aws_sagemaker.go"
+    },
     {
       "permission": "sagemaker:DescribeDomain",
       "service": "sagemaker",
@@ -2959,6 +2986,12 @@
       "action": "DescribeEndpointConfig",
       "source_file": "aws_sagemaker.go"
     },
+    {
+      "permission": "sagemaker:DescribeFeatureGroup",
+      "service": "sagemaker",
+      "action": "DescribeFeatureGroup",
+      "source_file": "aws_sagemaker.go"
+    },
     {
       "permission": "sagemaker:DescribeInferenceComponent",
       "service": "sagemaker",
@@ -2971,6 +3004,24 @@
       "action": "DescribeModel",
       "source_file": "aws_sagemaker.go"
     },
+    {
+      "permission": "sagemaker:DescribeModelCard",
+      "service": "sagemaker",
+      "action": "DescribeModelCard",
+      "source_file": "aws_sagemaker.go"
+    },
+    {
+      "permission": "sagemaker:DescribeModelPackage",
+      "service": "sagemaker",
+      "action": "DescribeModelPackage",
+      "source_file": "aws_sagemaker.go"
+    },
+    {
+      "permission": "sagemaker:DescribeModelPackageGroup",
+      "service": "sagemaker",
+      "action": "DescribeModelPackageGroup",
+      "source_file": "aws_sagemaker.go"
+    },
     {
       "permission": "sagemaker:DescribeNotebookInstance",
       "service": "sagemaker",
@@ -2989,12 +3040,36 @@
       "action": "DescribeProcessingJob",
       "source_file": "aws_sagemaker.go"
     },
+    {
+      "permission": "sagemaker:DescribeSpace",
+      "service": "sagemaker",
+      "action": "DescribeSpace",
+      "source_file": "aws_sagemaker.go"
+    },
     {
       "permission": "sagemaker:DescribeTrainingJob",
       "service": "sagemaker",
       "action": "DescribeTrainingJob",
       "source_file": "aws_sagemaker.go"
     },
+    {
+      "permission": "sagemaker:DescribeUserProfile",
+      "service": "sagemaker",
+      "action": "DescribeUserProfile",
+      "source_file": "aws_sagemaker.go"
+    },
+    {
+      "permission": "sagemaker:ListClusterNodes",
+      "service": "sagemaker",
+      "action": "ListClusterNodes",
+      "source_file": "aws_sagemaker.go"
+    },
+    {
+      "permission": "sagemaker:ListClusters",
+      "service": "sagemaker",
+      "action": "ListClusters",
+      "source_file": "aws_sagemaker.go"
+    },
     {
       "permission": "sagemaker:ListDomains",
       "service": "sagemaker",
@@ -3007,12 +3082,36 @@
       "action": "ListEndpoints",
       "source_file": "aws_sagemaker.go"
     },
+    {
+      "permission": "sagemaker:ListFeatureGroups",
+      "service": "sagemaker",
+      "action": "ListFeatureGroups",
+      "source_file": "aws_sagemaker.go"
+    },
     {
       "permission": "sagemaker:ListInferenceComponents",
       "service": "sagemaker",
       "action": "ListInferenceComponents",
       "source_file": "aws_sagemaker.go"
     },
+    {
+      "permission": "sagemaker:ListModelCards",
+      "service": "sagemaker",
+      "action": "ListModelCards",
+      "source_file": "aws_sagemaker.go"
+    },
+    {
+      "permission": "sagemaker:ListModelPackageGroups",
+      "service": "sagemaker",
+      "action": "ListModelPackageGroups",
+      "source_file": "aws_sagemaker.go"
+    },
+    {
+      "permission": "sagemaker:ListModelPackages",
+      "service": "sagemaker",
+      "action": "ListModelPackages",
+      "source_file": "aws_sagemaker.go"
+    },
     {
       "permission": "sagemaker:ListModels",
       "service": "sagemaker",
@@ -3037,6 +3136,12 @@
       "action": "ListProcessingJobs",
       "source_file": "aws_sagemaker.go"
     },
+    {
+      "permission": "sagemaker:ListSpaces",
+      "service": "sagemaker",
+      "action": "ListSpaces",
+      "source_file": "aws_sagemaker.go"
+    },
     {
       "permission": "sagemaker:ListTags",
       "service": "sagemaker",
@@ -3049,6 +3154,12 @@
       "action": "ListTrainingJobs",
       "source_file": "aws_sagemaker.go"
     },
+    {
+      "permission": "sagemaker:ListUserProfiles",
+      "service": "sagemaker",
+      "action": "ListUserProfiles",
+      "source_file": "aws_sagemaker.go"
+    },
     {
       "permission": "scheduler:GetSchedule",
       "service": "scheduler",

providers/aws/resources/aws.permissions.json

@@ -2044,6 +2044,10 @@ func (a *mqlAwsSagemakerCluster) nodes() ([]any, error) {
 	for paginator.HasMorePages() {
 		page, err := paginator.NextPage(ctx)
 		if err != nil {
+			if Is400AccessDeniedError(err) {
+				log.Warn().Str("cluster", clusterName).Msg("error accessing AWS SageMaker cluster nodes")
+				return res, nil
+			}
 			return nil, err
 		}
 		for _, node := range page.ClusterNodeSummaries {
@@ -2067,6 +2071,8 @@ func (a *mqlAwsSagemakerCluster) nodes() ([]any, error) {
 			if err != nil {
 				return nil, err
 			}
+			nodeRes := mqlNode.(*mqlAwsSagemakerClusterNode)
+			nodeRes.cacheClusterName = clusterName
 			res = append(res, mqlNode)
 		}
 	}
@@ -2103,8 +2109,12 @@ func (a *mqlAwsSagemakerClusterInstanceGroup) lifecycleConfig() (map[string]any,
 	return convert.JsonToDict(a.cacheLifecycleConfig)
 }
 
+type mqlAwsSagemakerClusterNodeInternal struct {
+	cacheClusterName string
+}
+
 func (a *mqlAwsSagemakerClusterNode) id() (string, error) {
-	return a.Region.Data + "/" + a.InstanceGroupName.Data + "/" + a.InstanceId.Data, nil
+	return a.Region.Data + "/" + a.cacheClusterName + "/" + a.InstanceGroupName.Data + "/" + a.InstanceId.Data, nil
 }
 
 // ---- Feature Groups ----
@@ -2273,13 +2283,19 @@ func (a *mqlAwsSagemakerFeatureGroup) featureDefinitions() ([]any, error) {
 		if err != nil {
 			return nil, err
 		}
+		fdRes := mqlFD.(*mqlAwsSagemakerFeatureDefinition)
+		fdRes.cacheFeatureGroupArn = a.Arn.Data
 		res = append(res, mqlFD)
 	}
 	return res, nil
 }
 
+type mqlAwsSagemakerFeatureDefinitionInternal struct {
+	cacheFeatureGroupArn string
+}
+
 func (a *mqlAwsSagemakerFeatureDefinition) id() (string, error) {
-	return a.FeatureName.Data + "/" + a.FeatureType.Data, nil
+	return a.cacheFeatureGroupArn + "/" + a.FeatureName.Data + "/" + a.FeatureType.Data, nil
 }
 
 func (a *mqlAwsSagemakerFeatureGroup) eventTimeFeatureName() (string, error) {