Merge pull request #77 from memes/fix/75_updated_role_20240328

fix: Add permissions to role(s)
memes · Mar 28, 2024 · a6924fb · a6924fb
2 parents c2066fa + dac8de7
commit a6924fb
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 2 deletions.
diff --git a/main.tf b/main.tf
@@ -99,6 +99,8 @@ locals {
     "compute.instances.updateAccessConfig",
     "compute.instances.updateNetworkInterface",
     "compute.instances.use",
+    "compute.interconnectAttachments.get",
+    "compute.machineTypes.get",
     "compute.machineTypes.list",
     "compute.networkEndpointGroups.attachNetworkEndpoints",
     "compute.networks.access",
@@ -110,12 +112,15 @@ locals {
     "compute.networks.updatePolicy",
     "compute.networks.use",
     "compute.networks.useExternalIp",
+    "compute.projects.get",
     "compute.regionBackendServices.create",
     "compute.regionBackendServices.delete",
     "compute.regionBackendServices.get",
     "compute.regionBackendServices.list",
     "compute.regionBackendServices.use",
     "compute.regionOperations.get",
+    "compute.regions.get",
+    "compute.routers.get",
     "compute.routes.create",
     "compute.routes.delete",
     "compute.routes.get",

diff --git a/test/profiles/f5-xc-role/controls/role.rb b/test/profiles/f5-xc-role/controls/role.rb
@@ -75,6 +75,8 @@
   'compute.instances.updateAccessConfig',
   'compute.instances.updateNetworkInterface',
   'compute.instances.use',
+  'compute.interconnectAttachments.get',
+  'compute.machineTypes.get',
   'compute.machineTypes.list',
   'compute.networkEndpointGroups.attachNetworkEndpoints',
   'compute.networks.access',
@@ -86,12 +88,15 @@
   'compute.networks.updatePolicy',
   'compute.networks.use',
   'compute.networks.useExternalIp',
+  'compute.projects.get',
   'compute.regionBackendServices.create',
   'compute.regionBackendServices.delete',
   'compute.regionBackendServices.get',
   'compute.regionBackendServices.list',
   'compute.regionBackendServices.use',
   'compute.regionOperations.get',
+  'compute.regions.get',
+  'compute.routers.get',
   'compute.routes.create',
   'compute.routes.delete',
   'compute.routes.get',
@@ -109,7 +114,7 @@
   'iam.serviceAccounts.get',
   'iam.serviceAccounts.list',
   'resourcemanager.projects.get'
-].freeze
+].sort!.freeze
 
 EXPECTED_ORG_PERMISSIONS = [
   'compute.addresses.create',
@@ -186,6 +191,8 @@
   'compute.instances.updateAccessConfig',
   'compute.instances.updateNetworkInterface',
   'compute.instances.use',
+  'compute.interconnectAttachments.get',
+  'compute.machineTypes.get',
   'compute.machineTypes.list',
   'compute.networkEndpointGroups.attachNetworkEndpoints',
   'compute.networks.access',
@@ -197,12 +204,15 @@
   'compute.networks.updatePolicy',
   'compute.networks.use',
   'compute.networks.useExternalIp',
+  'compute.projects.get',
   'compute.regionBackendServices.create',
   'compute.regionBackendServices.delete',
   'compute.regionBackendServices.get',
   'compute.regionBackendServices.list',
   'compute.regionBackendServices.use',
   'compute.regionOperations.get',
+  'compute.regions.get',
+  'compute.routers.get',
   'compute.routes.create',
   'compute.routes.delete',
   'compute.routes.get',
@@ -221,7 +231,7 @@
   'iam.serviceAccounts.list',
   'resourcemanager.projects.get',
   'resourcemanager.projects.list'
-].freeze
+].sort!.freeze
 
 control 'project_role' do
   title 'Verify F5 Distributed Cloud custom role with project scope'