Uploaded image for project: 'OpenShift Specialist Platform Team'
  1. OpenShift Specialist Platform Team
  2. SPLAT-1816

[aws][spike] Review the minimum permissions required by installer and components

XMLWordPrintable

    • Icon: Spike Spike
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • None
    • 3
    • False
    • None
    • False
    • OpenShift SPLAT - Sprint 260

      Goal:

      • As a user I would like to set the minimum IAM permissions required to create an OCP cluster on AWS

      Context:

      After 4.16, when switching to CAPA as infrastructure provisioner, the permissions changed and tracking the changes across releases could be a challenge. The bug OCPBUGS-35378 describes an assessment request to review the existing permissions.

      We are investigating how to do it by parsing events in CloudTrail across releases and deployment variants. This threads describes[1] the initial effort.

       

      Acceptance criteria:

      • Make an assessment installing a cluster and parsing the CLoudTrail events, check the outliers (missing and extra permissions) and create a report
      • Check if there is any improvement or opportunities to embed in the CI workflow

       

      Additional context and references:

            rhn-support-mrbraga Marco Braga
            rhn-support-mrbraga Marco Braga
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: