1. Proposed title of this feature request: OCP Components Spanning Control Plane and Data Plane Get Individual Identities and Permissions
2. What is the nature and description of the request?

• As part of HyperShift, there are some components in OCP which live on both the control plane and data plane. Right now in all clouds they assume to use the same identity and permissions. We should leverage the principal of least privilege and split the identities and permissions associated with the control plane and data plane component(s).
  • If a component lives on the control plane and performs a specific set of responsibilities that differ from the data plane component equivalent, then those two should have separate identities and a separate set of permissions. (i.e. separation of creating a volume vs. attaching a volume)

3. Why does the customer need this? (List the business requirements here)

• Principal of least privilege / better security posture

4. List any affected packages or components. Specific to Azure:

• HyperShift
• Cloud controller manager
  • Technically the data plane node manager uses IMDS instead of authenticating to Azure to populate node information
• Cluster Ingress operator
• CSI Disk operator
• CSI file operator
• Network operator