fix: add missing permissions for nlb

This adds a missing permission required when using nlbs.

Signed-off-by: Richard Case <[email protected]>

Author: richardcase

cmd/clusterawsadm/cloudformation/bootstrap/cloud_provider_integration_control_plane.go

@@ -67,6 +67,7 @@ func (t Template) cloudProviderControlPlaneAwsPolicy() *iamv1.PolicyDocument {
 					"elasticloadbalancing:AddTags",
 					"elasticloadbalancing:AttachLoadBalancerToSubnets",
 					"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
+					"elasticloadbalancing:SetSecurityGroups",
 					"elasticloadbalancing:CreateLoadBalancer",
 					"elasticloadbalancing:CreateLoadBalancerPolicy",
 					"elasticloadbalancing:CreateLoadBalancerListeners",

cmd/clusterawsadm/cloudformation/bootstrap/cluster_api_controller.go

@@ -159,6 +159,7 @@ func (t Template) ControllersPolicy() *iamv1.PolicyDocument {
 				"elasticloadbalancing:DescribeLoadBalancerAttributes",
 				"elasticloadbalancing:DescribeTargetGroups",
 				"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
+				"elasticloadbalancing:SetSecurityGroups",
 				"elasticloadbalancing:DescribeTags",
 				"elasticloadbalancing:ModifyLoadBalancerAttributes",
 				"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
@@ -413,15 +414,17 @@ func (t Template) ControllersPolicyEKS() *iamv1.PolicyDocument {
 				"arn:*:iam::*:role/*",
 			},
 			Effect: iamv1.EffectAllow,
-		}, {
+		},
+		{
 			Action: iamv1.Actions{
 				"iam:GetPolicy",
 			},
 			Resource: iamv1.Resources{
 				t.generateAWSManagedPolicyARN(eksClusterPolicyName),
 			},
 			Effect: iamv1.EffectAllow,
-		}, {
+		},
+		{
 			Action: iamv1.Actions{
 				"eks:DescribeCluster",
 				"eks:ListClusters",
@@ -447,7 +450,8 @@ func (t Template) ControllersPolicyEKS() *iamv1.PolicyDocument {
 				"arn:*:eks:*:*:nodegroup/*/*/*",
 			},
 			Effect: iamv1.EffectAllow,
-		}, {
+		},
+		{
 			Action: iamv1.Actions{
 				"ec2:AssociateVpcCidrBlock",
 				"ec2:DisassociateVpcCidrBlock",
@@ -466,7 +470,8 @@ func (t Template) ControllersPolicyEKS() *iamv1.PolicyDocument {
 				"*",
 			},
 			Effect: iamv1.EffectAllow,
-		}, {
+		},
+		{
 			Action: iamv1.Actions{
 				"iam:PassRole",
 			},

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/customsuffix.yaml

@@ -53,6 +53,7 @@ Resources:
           - elasticloadbalancing:AddTags
           - elasticloadbalancing:AttachLoadBalancerToSubnets
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:CreateLoadBalancer
           - elasticloadbalancing:CreateLoadBalancerPolicy
           - elasticloadbalancing:CreateLoadBalancerListeners
@@ -218,6 +219,7 @@ Resources:
           - elasticloadbalancing:DescribeLoadBalancerAttributes
           - elasticloadbalancing:DescribeTargetGroups
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:DescribeTags
           - elasticloadbalancing:ModifyLoadBalancerAttributes
           - elasticloadbalancing:RegisterInstancesWithLoadBalancer

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/default.yaml

@@ -53,6 +53,7 @@ Resources:
           - elasticloadbalancing:AddTags
           - elasticloadbalancing:AttachLoadBalancerToSubnets
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:CreateLoadBalancer
           - elasticloadbalancing:CreateLoadBalancerPolicy
           - elasticloadbalancing:CreateLoadBalancerListeners
@@ -218,6 +219,7 @@ Resources:
           - elasticloadbalancing:DescribeLoadBalancerAttributes
           - elasticloadbalancing:DescribeTargetGroups
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:DescribeTags
           - elasticloadbalancing:ModifyLoadBalancerAttributes
           - elasticloadbalancing:RegisterInstancesWithLoadBalancer

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_all_secret_backends.yaml

@@ -53,6 +53,7 @@ Resources:
           - elasticloadbalancing:AddTags
           - elasticloadbalancing:AttachLoadBalancerToSubnets
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:CreateLoadBalancer
           - elasticloadbalancing:CreateLoadBalancerPolicy
           - elasticloadbalancing:CreateLoadBalancerListeners
@@ -224,6 +225,7 @@ Resources:
           - elasticloadbalancing:DescribeLoadBalancerAttributes
           - elasticloadbalancing:DescribeTargetGroups
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:DescribeTags
           - elasticloadbalancing:ModifyLoadBalancerAttributes
           - elasticloadbalancing:RegisterInstancesWithLoadBalancer

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_allow_assume_role.yaml

@@ -53,6 +53,7 @@ Resources:
           - elasticloadbalancing:AddTags
           - elasticloadbalancing:AttachLoadBalancerToSubnets
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:CreateLoadBalancer
           - elasticloadbalancing:CreateLoadBalancerPolicy
           - elasticloadbalancing:CreateLoadBalancerListeners
@@ -218,6 +219,7 @@ Resources:
           - elasticloadbalancing:DescribeLoadBalancerAttributes
           - elasticloadbalancing:DescribeTargetGroups
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:DescribeTags
           - elasticloadbalancing:ModifyLoadBalancerAttributes
           - elasticloadbalancing:RegisterInstancesWithLoadBalancer

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_bootstrap_user.yaml

@@ -57,6 +57,7 @@ Resources:
           - elasticloadbalancing:AddTags
           - elasticloadbalancing:AttachLoadBalancerToSubnets
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:CreateLoadBalancer
           - elasticloadbalancing:CreateLoadBalancerPolicy
           - elasticloadbalancing:CreateLoadBalancerListeners
@@ -224,6 +225,7 @@ Resources:
           - elasticloadbalancing:DescribeLoadBalancerAttributes
           - elasticloadbalancing:DescribeTargetGroups
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:DescribeTags
           - elasticloadbalancing:ModifyLoadBalancerAttributes
           - elasticloadbalancing:RegisterInstancesWithLoadBalancer

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_custom_bootstrap_user.yaml

@@ -57,6 +57,7 @@ Resources:
           - elasticloadbalancing:AddTags
           - elasticloadbalancing:AttachLoadBalancerToSubnets
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:CreateLoadBalancer
           - elasticloadbalancing:CreateLoadBalancerPolicy
           - elasticloadbalancing:CreateLoadBalancerListeners
@@ -224,6 +225,7 @@ Resources:
           - elasticloadbalancing:DescribeLoadBalancerAttributes
           - elasticloadbalancing:DescribeTargetGroups
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:DescribeTags
           - elasticloadbalancing:ModifyLoadBalancerAttributes
           - elasticloadbalancing:RegisterInstancesWithLoadBalancer

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_different_instance_profiles.yaml

@@ -53,6 +53,7 @@ Resources:
           - elasticloadbalancing:AddTags
           - elasticloadbalancing:AttachLoadBalancerToSubnets
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:CreateLoadBalancer
           - elasticloadbalancing:CreateLoadBalancerPolicy
           - elasticloadbalancing:CreateLoadBalancerListeners
@@ -218,6 +219,7 @@ Resources:
           - elasticloadbalancing:DescribeLoadBalancerAttributes
           - elasticloadbalancing:DescribeTargetGroups
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:DescribeTags
           - elasticloadbalancing:ModifyLoadBalancerAttributes
           - elasticloadbalancing:RegisterInstancesWithLoadBalancer

cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_console.yaml

@@ -53,6 +53,7 @@ Resources:
           - elasticloadbalancing:AddTags
           - elasticloadbalancing:AttachLoadBalancerToSubnets
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:CreateLoadBalancer
           - elasticloadbalancing:CreateLoadBalancerPolicy
           - elasticloadbalancing:CreateLoadBalancerListeners
@@ -218,6 +219,7 @@ Resources:
           - elasticloadbalancing:DescribeLoadBalancerAttributes
           - elasticloadbalancing:DescribeTargetGroups
           - elasticloadbalancing:ApplySecurityGroupsToLoadBalancer
+          - elasticloadbalancing:SetSecurityGroups
           - elasticloadbalancing:DescribeTags
           - elasticloadbalancing:ModifyLoadBalancerAttributes
           - elasticloadbalancing:RegisterInstancesWithLoadBalancer