From 2658145805d412a8630592c3a5a838e48d67503d Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Thu, 31 Jan 2019 11:28:32 -0800 Subject: [PATCH] *: Add "AWS permission" annotations So we can answer "what permissions does the installer need" with: $ git grep 'AWS permission:' | sed 's/.*AWS permission: //' | sort | uniq ec2:DeleteDhcpOptions ec2:DescribeInstances ... --- pkg/destroy/aws/aws.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkg/destroy/aws/aws.go b/pkg/destroy/aws/aws.go index 58bfb728e30..1c98e71d1ec 100644 --- a/pkg/destroy/aws/aws.go +++ b/pkg/destroy/aws/aws.go @@ -437,7 +437,7 @@ func deleteEC2(session *session.Session, arn arn.ARN, logger logrus.FieldLogger) } func deleteEC2DHCPOptions(client *ec2.EC2, id string, logger logrus.FieldLogger) error { - _, err := client.DeleteDhcpOptions(&ec2.DeleteDhcpOptionsInput{ + _, err := client.DeleteDhcpOptions(&ec2.DeleteDhcpOptionsInput{ // AWS permission: ec2:DeleteDhcpOptions DhcpOptionsId: &id, }) if err != nil { @@ -452,7 +452,7 @@ func deleteEC2DHCPOptions(client *ec2.EC2, id string, logger logrus.FieldLogger) } func deleteEC2ElasticIP(client *ec2.EC2, id string, logger logrus.FieldLogger) error { - _, err := client.ReleaseAddress(&ec2.ReleaseAddressInput{ + _, err := client.ReleaseAddress(&ec2.ReleaseAddressInput{ // AWS permission: ec2:ReleaseAddress AllocationId: aws.String(id), }) if err != nil { @@ -467,7 +467,7 @@ func deleteEC2ElasticIP(client *ec2.EC2, id string, logger logrus.FieldLogger) e } func deleteEC2Instance(ec2Client *ec2.EC2, iamClient *iam.IAM, id string, logger logrus.FieldLogger) error { - response, err := ec2Client.DescribeInstances(&ec2.DescribeInstancesInput{ + response, err := ec2Client.DescribeInstances(&ec2.DescribeInstancesInput{ // AWS permission: ec2:DescribeInstances InstanceIds: []*string{aws.String(id)}, // only fetch instances in 'running|pending' state since 'terminated' ones take a while to really get cleaned up @@ -496,7 +496,7 @@ func deleteEC2Instance(ec2Client *ec2.EC2, iamClient *iam.IAM, id string, logger } } - _, err := ec2Client.TerminateInstances(&ec2.TerminateInstancesInput{ + _, err := ec2Client.TerminateInstances(&ec2.TerminateInstancesInput{ // AWS permission: ec2:TerminateInstances InstanceIds: []*string{instance.InstanceId}, }) if err != nil { @@ -511,7 +511,7 @@ func deleteEC2Instance(ec2Client *ec2.EC2, iamClient *iam.IAM, id string, logger } func deleteEC2InternetGateway(client *ec2.EC2, id string, logger logrus.FieldLogger) error { - response, err := client.DescribeInternetGateways(&ec2.DescribeInternetGatewaysInput{ + response, err := client.DescribeInternetGateways(&ec2.DescribeInternetGatewaysInput{ // AWS permission: ec2:DescribeInternetGateways InternetGatewayIds: []*string{aws.String(id)}, }) if err != nil { @@ -520,7 +520,7 @@ func deleteEC2InternetGateway(client *ec2.EC2, id string, logger logrus.FieldLog for _, gateway := range response.InternetGateways { for _, vpc := range gateway.Attachments { - _, err := client.DetachInternetGateway(&ec2.DetachInternetGatewayInput{ + _, err := client.DetachInternetGateway(&ec2.DetachInternetGatewayInput{ // AWS permission: ec2:DetachInternetGateway InternetGatewayId: gateway.InternetGatewayId, VpcId: vpc.VpcId, })