From 4455ab824329a7f2d6b9f1b6fde1da5fac7ee001 Mon Sep 17 00:00:00 2001 From: Andreas Sommer Date: Thu, 21 Nov 2024 17:13:02 +0100 Subject: [PATCH] Add IAM permissions for lifecycle hooks --- .../cloudformation/bootstrap/cluster_api_controller.go | 3 +++ .../cloudformation/bootstrap/fixtures/customsuffix.yaml | 3 +++ .../cloudformation/bootstrap/fixtures/default.yaml | 3 +++ .../bootstrap/fixtures/with_all_secret_backends.yaml | 3 +++ .../bootstrap/fixtures/with_allow_assume_role.yaml | 3 +++ .../cloudformation/bootstrap/fixtures/with_bootstrap_user.yaml | 3 +++ .../bootstrap/fixtures/with_custom_bootstrap_user.yaml | 3 +++ .../bootstrap/fixtures/with_different_instance_profiles.yaml | 3 +++ .../cloudformation/bootstrap/fixtures/with_eks_console.yaml | 3 +++ .../bootstrap/fixtures/with_eks_default_roles.yaml | 3 +++ .../cloudformation/bootstrap/fixtures/with_eks_disable.yaml | 3 +++ .../cloudformation/bootstrap/fixtures/with_eks_kms_prefix.yaml | 3 +++ .../bootstrap/fixtures/with_extra_statements.yaml | 3 +++ .../cloudformation/bootstrap/fixtures/with_s3_bucket.yaml | 3 +++ .../bootstrap/fixtures/with_ssm_secret_backend.yaml | 3 +++ 15 files changed, 45 insertions(+) diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/cluster_api_controller.go b/cmd/clusterawsadm/cloudformation/bootstrap/cluster_api_controller.go index 049de10431..52ab2b5112 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/cluster_api_controller.go +++ b/cmd/clusterawsadm/cloudformation/bootstrap/cluster_api_controller.go @@ -177,6 +177,9 @@ func (t Template) ControllersPolicy() *iamv1.PolicyDocument { "elasticloadbalancing:DeleteListener", "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeInstanceRefreshes", + "autoscaling:DeleteLifecycleHook", + "autoscaling:DescribeLifecycleHooks", + "autoscaling:PutLifecycleHook", "ec2:CreateLaunchTemplate", "ec2:CreateLaunchTemplateVersion", "ec2:DescribeLaunchTemplates", diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/customsuffix.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/customsuffix.yaml index 7909fe12d5..6b4f907f72 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/customsuffix.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/customsuffix.yaml @@ -237,6 +237,9 @@ Resources: - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes + - autoscaling:DeleteLifecycleHook + - autoscaling:DescribeLifecycleHooks + - autoscaling:PutLifecycleHook - ec2:CreateLaunchTemplate - ec2:CreateLaunchTemplateVersion - ec2:DescribeLaunchTemplates diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/default.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/default.yaml index a9290741ba..a3c9102ab2 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/default.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/default.yaml @@ -237,6 +237,9 @@ Resources: - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes + - autoscaling:DeleteLifecycleHook + - autoscaling:DescribeLifecycleHooks + - autoscaling:PutLifecycleHook - ec2:CreateLaunchTemplate - ec2:CreateLaunchTemplateVersion - ec2:DescribeLaunchTemplates diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_all_secret_backends.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_all_secret_backends.yaml index fa7b5a4d95..3b0ced5ac5 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_all_secret_backends.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_all_secret_backends.yaml @@ -243,6 +243,9 @@ Resources: - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes + - autoscaling:DeleteLifecycleHook + - autoscaling:DescribeLifecycleHooks + - autoscaling:PutLifecycleHook - ec2:CreateLaunchTemplate - ec2:CreateLaunchTemplateVersion - ec2:DescribeLaunchTemplates diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_allow_assume_role.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_allow_assume_role.yaml index 2390d86097..5cebf6e7ab 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_allow_assume_role.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_allow_assume_role.yaml @@ -237,6 +237,9 @@ Resources: - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes + - autoscaling:DeleteLifecycleHook + - autoscaling:DescribeLifecycleHooks + - autoscaling:PutLifecycleHook - ec2:CreateLaunchTemplate - ec2:CreateLaunchTemplateVersion - ec2:DescribeLaunchTemplates diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_bootstrap_user.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_bootstrap_user.yaml index 930b879c2e..c71cb9d6ad 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_bootstrap_user.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_bootstrap_user.yaml @@ -243,6 +243,9 @@ Resources: - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes + - autoscaling:DeleteLifecycleHook + - autoscaling:DescribeLifecycleHooks + - autoscaling:PutLifecycleHook - ec2:CreateLaunchTemplate - ec2:CreateLaunchTemplateVersion - ec2:DescribeLaunchTemplates diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_custom_bootstrap_user.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_custom_bootstrap_user.yaml index 50b9bb3182..aa3db2c042 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_custom_bootstrap_user.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_custom_bootstrap_user.yaml @@ -243,6 +243,9 @@ Resources: - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes + - autoscaling:DeleteLifecycleHook + - autoscaling:DescribeLifecycleHooks + - autoscaling:PutLifecycleHook - ec2:CreateLaunchTemplate - ec2:CreateLaunchTemplateVersion - ec2:DescribeLaunchTemplates diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_different_instance_profiles.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_different_instance_profiles.yaml index 478967b404..9aea893cc7 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_different_instance_profiles.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_different_instance_profiles.yaml @@ -237,6 +237,9 @@ Resources: - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes + - autoscaling:DeleteLifecycleHook + - autoscaling:DescribeLifecycleHooks + - autoscaling:PutLifecycleHook - ec2:CreateLaunchTemplate - ec2:CreateLaunchTemplateVersion - ec2:DescribeLaunchTemplates diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_console.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_console.yaml index ae2e279062..dea39d02d9 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_console.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_console.yaml @@ -237,6 +237,9 @@ Resources: - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes + - autoscaling:DeleteLifecycleHook + - autoscaling:DescribeLifecycleHooks + - autoscaling:PutLifecycleHook - ec2:CreateLaunchTemplate - ec2:CreateLaunchTemplateVersion - ec2:DescribeLaunchTemplates diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_default_roles.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_default_roles.yaml index 3ca015276a..789f347fcc 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_default_roles.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_default_roles.yaml @@ -237,6 +237,9 @@ Resources: - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes + - autoscaling:DeleteLifecycleHook + - autoscaling:DescribeLifecycleHooks + - autoscaling:PutLifecycleHook - ec2:CreateLaunchTemplate - ec2:CreateLaunchTemplateVersion - ec2:DescribeLaunchTemplates diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_disable.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_disable.yaml index 57c08e20cc..c092783d60 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_disable.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_disable.yaml @@ -237,6 +237,9 @@ Resources: - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes + - autoscaling:DeleteLifecycleHook + - autoscaling:DescribeLifecycleHooks + - autoscaling:PutLifecycleHook - ec2:CreateLaunchTemplate - ec2:CreateLaunchTemplateVersion - ec2:DescribeLaunchTemplates diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_kms_prefix.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_kms_prefix.yaml index 0bacb55e5c..f34f670fbf 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_kms_prefix.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_eks_kms_prefix.yaml @@ -237,6 +237,9 @@ Resources: - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes + - autoscaling:DeleteLifecycleHook + - autoscaling:DescribeLifecycleHooks + - autoscaling:PutLifecycleHook - ec2:CreateLaunchTemplate - ec2:CreateLaunchTemplateVersion - ec2:DescribeLaunchTemplates diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_extra_statements.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_extra_statements.yaml index b864e1c1b3..ad61a26906 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_extra_statements.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_extra_statements.yaml @@ -243,6 +243,9 @@ Resources: - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes + - autoscaling:DeleteLifecycleHook + - autoscaling:DescribeLifecycleHooks + - autoscaling:PutLifecycleHook - ec2:CreateLaunchTemplate - ec2:CreateLaunchTemplateVersion - ec2:DescribeLaunchTemplates diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_s3_bucket.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_s3_bucket.yaml index b376d7cab8..9e84b2f223 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_s3_bucket.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_s3_bucket.yaml @@ -237,6 +237,9 @@ Resources: - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes + - autoscaling:DeleteLifecycleHook + - autoscaling:DescribeLifecycleHooks + - autoscaling:PutLifecycleHook - ec2:CreateLaunchTemplate - ec2:CreateLaunchTemplateVersion - ec2:DescribeLaunchTemplates diff --git a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_ssm_secret_backend.yaml b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_ssm_secret_backend.yaml index edc07671d6..a11d38e58f 100644 --- a/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_ssm_secret_backend.yaml +++ b/cmd/clusterawsadm/cloudformation/bootstrap/fixtures/with_ssm_secret_backend.yaml @@ -237,6 +237,9 @@ Resources: - elasticloadbalancing:DeleteListener - autoscaling:DescribeAutoScalingGroups - autoscaling:DescribeInstanceRefreshes + - autoscaling:DeleteLifecycleHook + - autoscaling:DescribeLifecycleHooks + - autoscaling:PutLifecycleHook - ec2:CreateLaunchTemplate - ec2:CreateLaunchTemplateVersion - ec2:DescribeLaunchTemplates