-
Spike
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
3
-
False
-
None
-
False
-
-
-
OpenShift SPLAT - Sprint 260
Goal:
- As a user I would like to set the minimum IAM permissions required to create an OCP cluster on AWS
Context:
After 4.16, when switching to CAPA as infrastructure provisioner, the permissions changed and tracking the changes across releases could be a challenge. The bug OCPBUGS-35378 describes an assessment request to review the existing permissions.
We are investigating how to do it by parsing events in CloudTrail across releases and deployment variants. This threads describes[1] the initial effort.
Acceptance criteria:
- Make an assessment installing a cluster and parsing the CLoudTrail events, check the outliers (missing and extra permissions) and create a report
- Check if there is any improvement or opportunities to embed in the CI workflow
Additional context and references:
- relates to
-
CORS-1514 Minimum AWS permissions should be regression tested in CI
- Closed