Skip to content

fix(LINK-4116): do not require org level permissions for project level integrations. #96

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 2, 2025
Merged

fix(LINK-4116): do not require org level permissions for project level integrations. #96

merged 2 commits into from
Sep 2, 2025

Conversation

@wilderj
Copy link
Contributor

@wilderj wilderj commented Sep 2, 2025

Summary

We have a reported customer issue where deploying a project-level GCP integration requires org-level permissions.

This happens due to a change from about a year back (#74) that requires us to have resourcemanager.organizations.get permissions for both project and organization level integrations. Our docs make no mention of this in the "required permissions" list.

The reasoning behind this was that ideally we will report the org ID for all integrations so that UI views are more complete. However, this is a relatively minor piece of information and for many customers requiring org level permissions for a project level integration is a non-starter. It defeats the purposes in many cases.

As a consequence, I think it's best if we revert that change. Yes, we will not be able to get the org ID. But at least customers who need a project level integration due to a lack of org/root level permissions will be able to deploy without issue.

I also toyed with the idea of providing an override option instead of just eliminating the org permissions outright, but I felt that it makes for an unnecessarily convoluted deployment experience. Simpler to just remove it.

How did you test this change?

I deployed a project level integration without specifying an organization ID. My role did not have org level permissions and the deployment still worked fine.

Issue

https://lacework.atlassian.net/browse/LINK-4116

@wilderj wilderj requested a review from kirklandnuts September 2, 2025 17:05
@wilderj wilderj requested a review from a team as a code owner September 2, 2025 17:05
@wilderj wilderj requested review from charanbir, lkitty-fortinet and okuofortinet and removed request for a team September 2, 2025 17:05
kirklandnuts
kirklandnuts approved these changes Sep 2, 2025
View reviewed changes
Copy link
Contributor

@kirklandnuts kirklandnuts left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@wilderj thanks for the detailed description!

@wilderj wilderj merged commit 041b661 into main Sep 2, 2025
11 checks passed
@wilderj wilderj deleted the LINK-4116-gcp-org-perms branch September 2, 2025 17:21
@lacework-releng lacework-releng mentioned this pull request Sep 2, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kirklandnuts kirklandnuts kirklandnuts approved these changes

@charanbir charanbir Awaiting requested review from charanbir charanbir is a code owner automatically assigned from lacework/eng-product-platform

@lkitty-fortinet lkitty-fortinet Awaiting requested review from lkitty-fortinet lkitty-fortinet is a code owner automatically assigned from lacework/eng-product-platform

@okuofortinet okuofortinet Awaiting requested review from okuofortinet okuofortinet is a code owner automatically assigned from lacework/eng-product-platform

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@wilderj @kirklandnuts