Uploaded image for project: 'OpenShift Hosted Control Plane'
  1. OpenShift Hosted Control Plane
  2. HOSTEDCP-954

Determine if ec2:ReleaseAddress is required for NodePool policy

    XMLWordPrintable

Details

    • Task
    • Resolution: Unresolved
    • Undefined
    • None
    • None
    • None
    • None
    • False
    • None
    • False
    • 0
    • 0
    • 0

    Description

      `ec2:ReleaseAddress` is documented as a required permission for the NodePool management policy: https://github.com/openshift/hypershift/blob/main/api/v1beta1/hostedcluster_types.go#L1285

       

      This is too permissive and the permission will at least need a condition to scope it. However, it may not be used by the NodePool controller at all. In that case, this permission should be removed.

       

      Done Criteria:

      • Determine if ec2:ReleaseAddress is required for NodePool management in Hypershift
      • If not required, remove the permission from documentation

      Attachments

        Activity

          People

            Unassigned Unassigned
            tfahlman Taylor Fahlman
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: