From 19e7afc166defcd2ac24a8f0098f2cccc71c75b5 Mon Sep 17 00:00:00 2001
From: da3mon-01 <da3mon-01@users.noreply.github.com>
Date: Mon, 7 Dec 2020 17:54:40 +0100
Subject: [PATCH 1/2] fix: limit iam policy only to the secret arns

Without this, the function has access to every secret, this policy should scope if to the proper resources.
---
 template.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/template.yaml b/template.yaml
index 326e70f2..304a7f11 100644
--- a/template.yaml
+++ b/template.yaml
@@ -82,7 +82,11 @@ Resources:
             Effect: Allow
             Action:
               - "secretsmanager:Get*"
-            Resource: '*'
+            Resource:
+              - !Ref AWSGoogleCredentialsSecret
+              - !Ref AWSGoogleAdminEamil
+              - !Ref AWSSCIMEndpointSecret
+              - !Ref AWSSCIMAccessTokenSecret
       Events:
         SyncScheduledEvent:
           Type: Schedule

From ad2d445c71783a954b83b322e733cf86f4b49ead Mon Sep 17 00:00:00 2001
From: da3mon-01 <da3mon-01@users.noreply.github.com>
Date: Mon, 7 Dec 2020 18:12:26 +0100
Subject: [PATCH 2/2] Update workflow to latest golanci

Hopefully should fix https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
---
 .github/workflows/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 67037f45..c8de75a9 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -27,9 +27,9 @@ jobs:
         run: GOBIN=$PWD/bin go install honnef.co/go/tools/cmd/staticcheck && ./bin/staticcheck ./...
 
       - name: Run Linting
-        uses: golangci/golangci-lint-action@v1
+        uses: golangci/golangci-lint-action@v2
         with:
-          version: v1.27
+          version: v1.33.0
 
       - name: Run Tests
         run: go test -cover -p 1 -race -v ./...