File tree Expand file tree Collapse file tree 2 files changed +11
-2
lines changed
Expand file tree Collapse file tree 2 files changed +11
-2
lines changed Original file line number Diff line number Diff line change @@ -42,6 +42,9 @@ const (
4242
4343 // PermissionKMSEncryptionKeys is an additional set of permissions required when the installer uses user provided kms encryption keys.
4444 PermissionKMSEncryptionKeys PermissionGroup = "kms-encryption-keys"
45+
46+ // PermissionPublicIpv4Pool is an additional set of permissions required when the installer uses public IPv4 pools.
47+ PermissionPublicIpv4Pool PermissionGroup = "public-ipv4-pool"
4548)
4649
4750var permissions = map [PermissionGroup ][]string {
@@ -231,8 +234,6 @@ var permissions = map[PermissionGroup][]string{
231234 "ec2:DeleteVpc" ,
232235 "ec2:DeleteVpcEndpoints" ,
233236 "ec2:DetachInternetGateway" ,
234- // Needed by terraform when EIPs are created
235- "ec2:DisassociateAddress" ,
236237 "ec2:DisassociateRouteTable" ,
237238 "ec2:ReleaseAddress" ,
238239 "ec2:ReplaceRouteTableAssociation" ,
@@ -261,6 +262,10 @@ var permissions = map[PermissionGroup][]string{
261262 "kms:CreateGrant" ,
262263 "kms:ListGrants" ,
263264 },
265+ PermissionPublicIpv4Pool : {
266+ // Needed by terraform because of bootstrap EIP created
267+ "ec2:DisassociateAddress" ,
268+ },
264269}
265270
266271// ValidateCreds will try to create an AWS session, and also verify that the current credentials
Original file line number Diff line number Diff line change @@ -98,6 +98,10 @@ func (a *PlatformPermsCheck) Generate(dependencies asset.Parents) error {
9898 }
9999 }
100100
101+ if ic .Config .AWS .PublicIpv4Pool != "" {
102+ permissionGroups = append (permissionGroups , awsconfig .PermissionPublicIpv4Pool )
103+ }
104+
101105 ssn , err := ic .AWS .Session (ctx )
102106 if err != nil {
103107 return err
You can’t perform that action at this time.
![openshift-merge-bot[bot]](https://avatars.githubusercontent.com/in/412865?v=4&size=40){kind=avatar}
0 commit comments