Skip to content

fix: add kms:Encrypt permission, as needed since f25a86b5 #1008

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 13, 2023
Merged

fix: add kms:Encrypt permission, as needed since f25a86b5 #1008

merged 1 commit into from
Oct 13, 2023

Conversation

jonmcewen
Copy link
Contributor

@jonmcewen jonmcewen commented Oct 12, 2023
edited
Loading

Description

Since the addition of KeyId to the SSM parameter used to store the registration token, the replacement of the parameter following a failed token verification fails. This is due to a missing Encrypt permission on the customer managed KMS key.

The initial put-parameter presumably passes due to a shortcut on the encryption when the value is null, but the subsequent overwrite attempt fails.

Migrations required

NO

Verification

Manual addition of the kms:Encrypt permission has been proved to resolve the runner start-up failure

@github-actions
Copy link
Contributor

Hey @jonmcewen! 👋

Thank you for your contribution to the project. Please refer to the contribution rules for a quick overview of the process.

Make sure that this PR clearly explains:

  • the problem being solved
  • the best way a reviewer and you can test your changes

With submitting this PR you confirm that you hold the rights of the code added and agree that it will published under this LICENSE.

The following ChatOps commands are supported:

  • /help: notifies a maintainer to help you out

Simply add a comment with the command in the first line. If you need to pass more information, separate it with a blank line from the command.

This message was generated automatically. You are welcome to improve it.

@jonmcewen jonmcewen changed the title add kms:Encrypt permission, as needed since f25a86b5 fix: add kms:Encrypt permission, as needed since f25a86b5 Oct 12, 2023
@kayman-mk kayman-mk merged commit 2bea7bd into cattle-ops:main Oct 13, 2023
@kayman-mk
Copy link
Collaborator

Thanks for your contribution, @jonmcewen

@cattle-ops-releaser-2 cattle-ops-releaser-2 bot mentioned this pull request Oct 13, 2023
Merged
kayman-mk pushed a commit that referenced this pull request Oct 16, 2023
@cattle-ops-releaser-2 @github-actions
chore(main): release 7.1.1 (#1009)
04c8153 
🤖 I have created a release *beep* *boop*
---


##
[7.1.1](7.1.0...7.1.1)
(2023-10-13)


### Bug Fixes

* add kms:Encrypt permission, as needed since f25a86b
([#1008](#1008))
([2bea7bd](2bea7bd))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Signed-off-by: Niek Palm <[email protected]>
Co-authored-by: cattle-ops-releaser-2[bot] <134548870+cattle-ops-releaser-2[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@npalm npalm Awaiting requested review from npalm npalm is a code owner

@kayman-mk kayman-mk Awaiting requested review from kayman-mk kayman-mk is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jonmcewen @kayman-mk