*: Add "AWS permission" annotations

So we can answer "what permissions does the installer need" with: $ git grep 'AWS permission:' | sed 's/.*AWS permission: //' | sort | uniq ec2:DeleteDhcpOptions ec2:DescribeInstances ...
openshift · Jan 31, 2019 · 2658145 · 2658145
1 parent 18e5d9b
commit 2658145
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/pkg/destroy/aws/aws.go b/pkg/destroy/aws/aws.go
@@ -437,7 +437,7 @@ func deleteEC2(session *session.Session, arn arn.ARN, logger logrus.FieldLogger)
 }
 
 func deleteEC2DHCPOptions(client *ec2.EC2, id string, logger logrus.FieldLogger) error {
-	_, err := client.DeleteDhcpOptions(&ec2.DeleteDhcpOptionsInput{
+	_, err := client.DeleteDhcpOptions(&ec2.DeleteDhcpOptionsInput{ // AWS permission: ec2:DeleteDhcpOptions
 		DhcpOptionsId: &id,
 	})
 	if err != nil {
@@ -452,7 +452,7 @@ func deleteEC2DHCPOptions(client *ec2.EC2, id string, logger logrus.FieldLogger)
 }
 
 func deleteEC2ElasticIP(client *ec2.EC2, id string, logger logrus.FieldLogger) error {
-	_, err := client.ReleaseAddress(&ec2.ReleaseAddressInput{
+	_, err := client.ReleaseAddress(&ec2.ReleaseAddressInput{ // AWS permission: ec2:ReleaseAddress
 		AllocationId: aws.String(id),
 	})
 	if err != nil {
@@ -467,7 +467,7 @@ func deleteEC2ElasticIP(client *ec2.EC2, id string, logger logrus.FieldLogger) e
 }
 
 func deleteEC2Instance(ec2Client *ec2.EC2, iamClient *iam.IAM, id string, logger logrus.FieldLogger) error {
-	response, err := ec2Client.DescribeInstances(&ec2.DescribeInstancesInput{
+	response, err := ec2Client.DescribeInstances(&ec2.DescribeInstancesInput{ // AWS permission: ec2:DescribeInstances
 		InstanceIds: []*string{aws.String(id)},
 
 		// only fetch instances in 'running|pending' state since 'terminated' ones take a while to really get cleaned up
@@ -496,7 +496,7 @@ func deleteEC2Instance(ec2Client *ec2.EC2, iamClient *iam.IAM, id string, logger
 				}
 			}
 
-			_, err := ec2Client.TerminateInstances(&ec2.TerminateInstancesInput{
+			_, err := ec2Client.TerminateInstances(&ec2.TerminateInstancesInput{ // AWS permission: ec2:TerminateInstances
 				InstanceIds: []*string{instance.InstanceId},
 			})
 			if err != nil {
@@ -511,7 +511,7 @@ func deleteEC2Instance(ec2Client *ec2.EC2, iamClient *iam.IAM, id string, logger
 }
 
 func deleteEC2InternetGateway(client *ec2.EC2, id string, logger logrus.FieldLogger) error {
-	response, err := client.DescribeInternetGateways(&ec2.DescribeInternetGatewaysInput{
+	response, err := client.DescribeInternetGateways(&ec2.DescribeInternetGatewaysInput{ // AWS permission: ec2:DescribeInternetGateways
 		InternetGatewayIds: []*string{aws.String(id)},
 	})
 	if err != nil {
@@ -520,7 +520,7 @@ func deleteEC2InternetGateway(client *ec2.EC2, id string, logger logrus.FieldLog
 
 	for _, gateway := range response.InternetGateways {
 		for _, vpc := range gateway.Attachments {
-			_, err := client.DetachInternetGateway(&ec2.DetachInternetGatewayInput{
+			_, err := client.DetachInternetGateway(&ec2.DetachInternetGatewayInput{ // AWS permission: ec2:DetachInternetGateway
 				InternetGatewayId: gateway.InternetGatewayId,
 				VpcId:             vpc.VpcId,
 			})