From b94bcafe563d5e0cb743e5575f34f3919d4ff143 Mon Sep 17 00:00:00 2001
From: John Gardiner Myers <jgmyers@proofpoint.com>
Date: Fri, 23 Jul 2021 14:03:41 -0700
Subject: [PATCH] Remove unnecessary IAM permission

---
 pkg/model/alimodel/policy_builder.go | 1 -
 pkg/model/iam/iam_builder.go         | 1 -
 2 files changed, 2 deletions(-)

diff --git a/pkg/model/alimodel/policy_builder.go b/pkg/model/alimodel/policy_builder.go
index a7ab087224..817d17c9db 100644
--- a/pkg/model/alimodel/policy_builder.go
+++ b/pkg/model/alimodel/policy_builder.go
@@ -280,7 +280,6 @@ func (b *PolicyBuilder) AddOSSPermissions(p *Policy) (*Policy, error) {
 					strings.Join([]string{b.RAMPrefix(), ":oss:*:*:", ramOSSPath, "/config"}, ""),
 					strings.Join([]string{b.RAMPrefix(), ":oss:*:*:", ramOSSPath, "/instancegroup/*"}, ""),
 					strings.Join([]string{b.RAMPrefix(), ":oss:*:*:", ramOSSPath, "/pki/private/kube-proxy/*"}, ""),
-					strings.Join([]string{b.RAMPrefix(), ":oss:*:*:", ramOSSPath, "/pki/ssh/*"}, ""),
 					strings.Join([]string{b.RAMPrefix(), ":oss:*:*:", ramOSSPath, "/secrets/dockerconfig"}, ""),
 				}
 
diff --git a/pkg/model/iam/iam_builder.go b/pkg/model/iam/iam_builder.go
index 0d2e4fe432..62789e9739 100644
--- a/pkg/model/iam/iam_builder.go
+++ b/pkg/model/iam/iam_builder.go
@@ -633,7 +633,6 @@ func ReadableStatePaths(cluster *kops.Cluster, role Subject) ([]string, error) {
 			"/addons/*",
 			"/cluster-completed.spec",
 			"/igconfig/node/*",
-			"/pki/ssh/*",
 			"/secrets/dockerconfig",
 		)