chore: add missing permissions for Agentless org (#1782)

* chore: add missing permissions for Agentless org

* chore: add validation for config org units

Author: PengyuanZhao

lwgenerate/aws/aws.go

@@ -355,6 +355,12 @@ func (args *GenerateAwsTfConfigurationArgs) Validate() error {
 			}
 		}
 
+		if args.Config {
+			if len(args.ConfigOrgUnits) == 0 {
+				return errors.New("must specify organization units for Config organization integration")
+			}
+		}
+
 		if args.ControlTower && args.Cloudtrail {
 			if args.ControlTowerAuditAccount == nil {
 				return errors.New("must specify audit account for CloudTrail Control Tower integration")

lwpreflight/gcp/constants.go

@@ -156,6 +156,7 @@ var RequiredPermissionsForOrg = map[IntegrationType][]string{
 		"cloudscheduler.jobs.list",
 		"cloudscheduler.locations.list",
 		"compute.projects.get",
+		"orgpolicy.policy.get",
 		"iam.roles.create",
 		"iam.roles.delete",
 		"iam.roles.get",
@@ -171,8 +172,19 @@ var RequiredPermissionsForOrg = map[IntegrationType][]string{
 		"iam.serviceAccounts.delete",
 		"iam.serviceAccounts.get",
 		"iam.serviceAccounts.list",
+		"orgpolicy.constraints.list",
+		"orgpolicy.policies.list",
+		"orgpolicy.policy.get",
+		"resourcemanager.folders.get",
+		"resourcemanager.folders.getIamPolicy",
+		"resourcemanager.folders.list",
+		"resourcemanager.folders.setIamPolicy",
+		"resourcemanager.organizations.get",
+		"resourcemanager.organizations.getIamPolicy",
+		"resourcemanager.organizations.setIamPolicy",
 		"resourcemanager.projects.get",
 		"resourcemanager.projects.getIamPolicy",
+		"resourcemanager.projects.list",
 		"resourcemanager.projects.setIamPolicy",
 		"run.jobs.create",
 		"run.jobs.delete",