From b6838847bf8c67751c77fb8938d9039d3bcb201b Mon Sep 17 00:00:00 2001
From: Arminio Andrei <arminio.andrei@tradeshift.com>
Date: Wed, 22 May 2024 10:50:43 +0300
Subject: [PATCH] fix: grant push/pull to eks-deployer batch role in prod

In order to be able to tag images with eks-deployer batch job
we need to add its roles to ecr iam policy.
---
 dist/index.js                     | 2 +-
 src/resources/ecr-iam-policy.json | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/dist/index.js b/dist/index.js
index 108be3b3..0eb31a60 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -94429,7 +94429,7 @@ module.exports = parseParams
 /***/ ((module) => {
 
 "use strict";
-module.exports = JSON.parse('{"Version":"2012-10-17","Statement":[{"Sid":"OrganizationReadOnlyAccess","Effect":"Allow","Principal":"*","Action":["ecr:BatchCheckLayerAvailability","ecr:BatchGetImage","ecr:DescribeImageScanFindings","ecr:DescribeImages","ecr:DescribeRepositories","ecr:GetAuthorizationToken","ecr:GetDownloadUrlForLayer","ecr:GetRepositoryPolicy","ecr:ListImages"],"Condition":{"StringLike":{"aws:PrincipalOrgID":"o-u7wq0k1pyq"}}},{"Sid":"AllowCrossAccountPushPull","Effect":"Allow","Principal":{"AWS":["arn:aws:iam::694518486591:role/ts_all_base_administrator_role","arn:aws:iam::694518486591:role/ts_all_base_eks-deployer_role","arn:aws:iam::933138817065:role/ts_all_card_eks-deployer_role","arn:aws:iam::615254691163:role/ts_all_test_ci-it-slave_role","arn:aws:iam::615254691163:role/ts_all_test_ci-components-slave_role","arn:aws:iam::408856936053:role/ts_all_prod_eks-deployer_role"]},"Action":["ecr:BatchCheckLayerAvailability","ecr:BatchGetImage","ecr:CompleteLayerUpload","ecr:DescribeImageScanFindings","ecr:DescribeImages","ecr:DescribeRepositories","ecr:GetAuthorizationToken","ecr:GetDownloadUrlForLayer","ecr:GetRepositoryPolicy","ecr:InitiateLayerUpload","ecr:ListImages","ecr:PutImage","ecr:UploadLayerPart"]}]}');
+module.exports = JSON.parse('{"Version":"2012-10-17","Statement":[{"Sid":"OrganizationReadOnlyAccess","Effect":"Allow","Principal":"*","Action":["ecr:BatchCheckLayerAvailability","ecr:BatchGetImage","ecr:DescribeImageScanFindings","ecr:DescribeImages","ecr:DescribeRepositories","ecr:GetAuthorizationToken","ecr:GetDownloadUrlForLayer","ecr:GetRepositoryPolicy","ecr:ListImages"],"Condition":{"StringLike":{"aws:PrincipalOrgID":"o-u7wq0k1pyq"}}},{"Sid":"AllowCrossAccountPushPull","Effect":"Allow","Principal":{"AWS":["arn:aws:iam::694518486591:role/ts_all_base_administrator_role","arn:aws:iam::694518486591:role/ts_all_base_eks-deployer_role","arn:aws:iam::933138817065:role/ts_all_card_eks-deployer_role","arn:aws:iam::615254691163:role/ts_all_test_ci-it-slave_role","arn:aws:iam::615254691163:role/ts_all_test_ci-components-slave_role","arn:aws:iam::408856936053:role/ts_all_prod_eks-deployer_role","arn:aws:iam::408856936053:role/ts_all_prod_eks-deployer-batch","arn:aws:iam::408856936053:role/ts_all_sand_eks-deployer-batch"]},"Action":["ecr:BatchCheckLayerAvailability","ecr:BatchGetImage","ecr:CompleteLayerUpload","ecr:DescribeImageScanFindings","ecr:DescribeImages","ecr:DescribeRepositories","ecr:GetAuthorizationToken","ecr:GetDownloadUrlForLayer","ecr:GetRepositoryPolicy","ecr:InitiateLayerUpload","ecr:ListImages","ecr:PutImage","ecr:UploadLayerPart"]}]}');
 
 /***/ }),
 
diff --git a/src/resources/ecr-iam-policy.json b/src/resources/ecr-iam-policy.json
index 25e28a33..e3486874 100644
--- a/src/resources/ecr-iam-policy.json
+++ b/src/resources/ecr-iam-policy.json
@@ -32,7 +32,9 @@
           "arn:aws:iam::933138817065:role/ts_all_card_eks-deployer_role",
           "arn:aws:iam::615254691163:role/ts_all_test_ci-it-slave_role",
           "arn:aws:iam::615254691163:role/ts_all_test_ci-components-slave_role",
-          "arn:aws:iam::408856936053:role/ts_all_prod_eks-deployer_role"
+          "arn:aws:iam::408856936053:role/ts_all_prod_eks-deployer_role",
+          "arn:aws:iam::408856936053:role/ts_all_prod_eks-deployer-batch",
+          "arn:aws:iam::408856936053:role/ts_all_sand_eks-deployer-batch"
         ]
       },
       "Action": [