search

external-secrets / external-secrets

External Secrets Operator reads information from a third-party service like AWS Secrets Manager and automatically injects the values as Kubernetes Secrets.
https://external-secrets.io/main
Apache License 2.0
4.5k stars 849 forks source link

AWS Parameter Store provider docs mention IAM policy actions that do not exist #2043

Closed isker closed 1 year ago

isker commented 1 year ago

https://external-secrets.io/v0.7.2/provider/aws-parameter-store/ gives this example policy document:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ssm:GetParameterWithContext",
        "ssm:ListTagsForResourceWithContext",
        "ssm:DescribeParametersWithContext",
      ],
      "Resource": "arn:aws:ssm:us-east-2:1234567889911:parameter/dev-*"
    }
  ]
}

ssm:GetParameterWithContext does not exist; likewise for the rest. I think these may have been copy/pasted from function names in the go SDK. Such functions are specific to go and aren't a part of the ssm API. The docs should mention actions that exist.

moolen commented 1 year ago

Hey, thanks for reporting! This has been fixed in #1949 and is already on main but hasn't been released yet.

isker commented 1 year ago

Whoops. I was going to verify a fix myself locally and then open a PR. Thanks!