Skip to content

Commit 957385b

Browse files
PengyuanZhaoPengyuanZhao
authored
chore(lwpreflight): fix permissions (#1772)
1 parent df83eb1 commit 957385b

File tree

2 files changed

+6
-2
lines changed

2 files changed

+6
-2
lines changed

lwpreflight/aws/constants.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,7 @@ var RequiredPermissions = map[IntegrationType][]string{
3939
"ec2:DescribeVpcClassicLinkDnsSupport",
4040
"ec2:DescribeVpcs",
4141
"ec2:DetachInternetGateway",
42+
"ec2:DeleteNetworkAclEntry",
4243
"ec2:DisassociateRouteTable",
4344
"ec2:ModifyVpcAttribute",
4445
"ec2:RevokeSecurityGroupEgress",
@@ -50,6 +51,7 @@ var RequiredPermissions = map[IntegrationType][]string{
5051
"ecs:DescribeTaskDefinition",
5152
"ecs:PutClusterCapacityProviders",
5253
"ecs:RegisterTaskDefinition",
54+
"ecs:TagResource",
5355
"events:DeleteRule",
5456
"events:DescribeRule",
5557
"events:ListTagsForResource",
@@ -78,6 +80,7 @@ var RequiredPermissions = map[IntegrationType][]string{
7880
"iam:ListUserPolicies",
7981
"iam:PassRole",
8082
"iam:PutRolePolicy",
83+
"iam:TagPolicy",
8184
"iam:TagRole",
8285
"logs:CreateLogGroup",
8386
"logs:DeleteLogGroup",
@@ -535,6 +538,7 @@ var RequiredPermissionsForOrg = map[IntegrationType][]string{
535538
"secretsmanager:GetResourcePolicy",
536539
"secretsmanager:GetSecretValue",
537540
"secretsmanager:PutSecretValue",
541+
"secretsmanager:TagResource",
538542
"servicequotas:GetServiceQuota",
539543
},
540544
Config: {

lwpreflight/gcp/constants.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ var RequiredPermissions = map[IntegrationType][]string{
2828
"iam.serviceAccountKeys.get",
2929
"iam.serviceAccountKeys.list",
3030
"iam.serviceAccounts.create",
31+
"iam.serviceAccounts.actAs",
3132
"iam.serviceAccounts.delete",
3233
"iam.serviceAccounts.get",
3334
"iam.serviceAccounts.list",
@@ -126,10 +127,8 @@ var RequiredPermissions = map[IntegrationType][]string{
126127
"iam.serviceAccounts.disable",
127128
"iam.serviceAccounts.enable",
128129
"iam.serviceAccounts.get",
129-
"iam.serviceAccounts.get",
130130
"iam.serviceAccounts.getIamPolicy",
131131
"iam.serviceAccounts.list",
132-
"iam.serviceAccounts.list",
133132
"iam.serviceAccounts.setIamPolicy",
134133
"iam.serviceAccounts.undelete",
135134
"iam.serviceAccounts.update",
@@ -167,6 +166,7 @@ var RequiredPermissionsForOrg = map[IntegrationType][]string{
167166
"iam.serviceAccountKeys.delete",
168167
"iam.serviceAccountKeys.get",
169168
"iam.serviceAccountKeys.list",
169+
"iam.serviceAccounts.actAs",
170170
"iam.serviceAccounts.create",
171171
"iam.serviceAccounts.delete",
172172
"iam.serviceAccounts.get",

0 commit comments

Comments
 (0)