Skip to content

CMK encryption for webhook broken when EventBridge enabled #4218

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
npalm opened this issue Oct 29, 2024 · 0 comments · Fixed by #4220
Closed

CMK encryption for webhook broken when EventBridge enabled #4218

npalm opened this issue Oct 29, 2024 · 0 comments · Fixed by #4220
Assignees
@npalm

Comments

@npalm
Copy link
Member

npalm commented Oct 29, 2024

Problme

When deploying the module with the eventbridge enabled and relying on a provided key (CMK), the webhook has no permission to decrypt the secret.

The problem will not occur when

  • EventBridge is not enabled
  • No CMK is used
@npalm npalm self-assigned this Oct 29, 2024
@npalm npalm mentioned this issue Oct 29, 2024
Merged
4 tasks
npalm added a commit that referenced this issue Oct 29, 2024
@npalm
fix(webhook): grant KMS permission to decrypt wehn using EventBridge (#…
380bcaf 
…4220)

## Description

This PR grants the webhook (for EventBridge) access to the provided KMS
key. In case no key is provided a dummy policy will be created. This to
avoid terraform conditon is throwing errors when a KMS key is created in
the same Terraform deploy as runner module

## Tested

- [x] default example with KMS no eventbridge
- [x] default example with KMS and eventbridge
- [x] default example without KMS and eventbridge
- [x] default example without KMS no eventbridge

fix: #4218

---------

Co-authored-by: philips-labs-pr|bot <philips-labs-pr[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@npalm npalm

Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@npalm