Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(AWLS2-398): Add get project permission to org snapshot role #91

Merged
merged 1 commit into from
Nov 26, 2024
Merged

fix(AWLS2-398): Add get project permission to org snapshot role #91

merged 1 commit into from
Nov 26, 2024

Conversation

kirklandnuts
Copy link
Contributor

@kirklandnuts kirklandnuts commented Nov 13, 2024
edited by jira bot
Loading

Summary

Add permission required by org-level agentless scanning integration to call the GCP Get Project API.

#52 modified the Lacework Agentless Workload Scanning Role for monitored project (Create Snapshots), adding a required permission used to call Get Project GCP API. This resolved an issue in the case of project-level agentless scanning integrations, but the issue is still present in the case of org-level agentless scanning integrations.

The same permission should've also been added to the role used by org-level integrations in that PR, but it wasn't — this PR adds the required permission in that role to resolve the issue in the case of org-level integrations as well.

How did you test this change?

Prior to this change, we were seeing the get project call fail with a permission error — these logs show that this issue occurs for several customers.

I ran terraform apply with my changes to add the permission for my org-level integration deployed against tn-dev.qan.corp.lacework.net, and once the change took effect, logs showed that the calls to get project were succeeding rather than failing (ref).

Issue

AWLS2-398

@kirklandnuts kirklandnuts requested a review from a team as a code owner November 13, 2024 20:43
@kirklandnuts kirklandnuts requested review from marktabry, zekisherif and michaelhsiehlw and removed request for a team November 13, 2024 20:43
@kirklandnuts kirklandnuts requested a review from wilderj November 13, 2024 20:44
@zekisherif zekisherif requested review from PengyuanZhao and leijin-lw and removed request for michaelhsiehlw November 13, 2024 20:51
@kirklandnuts kirklandnuts force-pushed the fix/AWLS2-398/org-snapshot-role branch from 7a450c7 to 32f87bb Compare November 26, 2024 15:46
@kirklandnuts kirklandnuts merged commit 9ab4bb5 into main Nov 26, 2024
4 of 9 checks passed
@kirklandnuts kirklandnuts deleted the fix/AWLS2-398/org-snapshot-role branch November 26, 2024 15:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zekisherif zekisherif zekisherif approved these changes

@marktabry marktabry Awaiting requested review from marktabry marktabry is a code owner automatically assigned from lacework/eng-product-platform

@wilderj wilderj Awaiting requested review from wilderj

@PengyuanZhao PengyuanZhao Awaiting requested review from PengyuanZhao

@leijin-lw leijin-lw Awaiting requested review from leijin-lw

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kirklandnuts @zekisherif