Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: exclude grafana login and support #68

Merged
merged 1 commit into from
May 18, 2023

Conversation

nitrocode
Copy link
Contributor

@nitrocode nitrocode commented May 2, 2023

what

  • exclude grafana login and support

why

  • grafana requires some clickops actions
  • support is mostly clickops unless using aws support bot

All the write perms for support according to policy_sentry

✗ policy_sentry query action-table --service support --access-level write
[
    "support:AddAttachmentsToSet",
    "support:AddCommunicationToCase",
    "support:CreateCase",
    "support:InitiateCallForCase",
    "support:InitiateChatForCase",
    "support:PutCaseAttributes",
    "support:RateCaseCommunication",
    "support:RefreshTrustedAdvisorCheck",
    "support:ResolveCase"
]

@nitrocode nitrocode changed the title Exclude grafana login and create cases feat: exclude grafana login and create cases May 2, 2023
@nitrocode nitrocode changed the title feat: exclude grafana login and create cases feat: exclude grafana login and support May 2, 2023
@nitrocode nitrocode changed the title feat: exclude grafana login and support feat: exclude grafana login and support May 2, 2023
@nitrocode
Copy link
Contributor Author

cc: @baolsen @phzietsman please review when time permits. For now, I have added these perms locally to excluded_scoped_actions using the APPEND mode

@nitrocode
Copy link
Contributor Author

Also unsure if this is a feat or a fix. Please advise.

@baolsen
Copy link
Contributor

baolsen commented May 5, 2023

Thanks for the contribution (and the other issues logged)!

The new exclusions seem reasonable to me, I'll merge them in as a fix and release (dont worry about renaming things I can do it on merge)

Please first merge master onto this branch (or rebase);
I made a small change to allow the checks to work again :)

@baolsen baolsen self-requested a review May 5, 2023 07:13
@phzietsman phzietsman merged commit e639c03 into cloudandthings:main May 18, 2023
@phzietsman
Copy link
Contributor

@nitrocode thanks for the contribution!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants