Uploaded image for project: 'OpenShift Hosted Control Plane'
  1. OpenShift Hosted Control Plane
  2. HOSTEDCP-954

Determine if ec2:ReleaseAddress is required for NodePool policy

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • None
    • False
    • None
    • False
    • 0
    • 0
    • 0

      `ec2:ReleaseAddress` is documented as a required permission for the NodePool management policy: https://github.com/openshift/hypershift/blob/main/api/v1beta1/hostedcluster_types.go#L1285

       

      This is too permissive and the permission will at least need a condition to scope it. However, it may not be used by the NodePool controller at all. In that case, this permission should be removed.

       

      Done Criteria:

      • Determine if ec2:ReleaseAddress is required for NodePool management in Hypershift
      • If not required, remove the permission from documentation

            Unassigned Unassigned
            tfahlman Taylor Fahlman
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: