Skip to content

Comments

SREP-3410: Add ec2:DescribeInstanceTypes to CAPA policy#2642

Open
MitaliBhalla wants to merge 1 commit intoopenshift:masterfrom
MitaliBhalla:SREP-3410
Open

SREP-3410: Add ec2:DescribeInstanceTypes to CAPA policy#2642
MitaliBhalla wants to merge 1 commit intoopenshift:masterfrom
MitaliBhalla:SREP-3410

Conversation

@MitaliBhalla
Copy link
Contributor

@MitaliBhalla MitaliBhalla commented Feb 16, 2026
edited by openshift-ci bot
Loading

What type of PR is this?

feature

What this PR does / why we need it?

ROSA HCP supports scale-to-zero functionality. For this to work, AWSMachineTemplate.Status.Capacity fields need to be populated by the CAPA provider.

This PR adds ec2:DescribeInstanceTypes permission to the CAPA controller manager credentials policy (ROSANodePoolManagementPolicy), enabling the controller to query instance type specifications (vCPU, memory, etc.) needed for capacity calculations.

Permission Details:

Field Value
Permission ec2:DescribeInstanceTypes
Purpose Populate AWSMachineTemplate.Status.Capacity for scale-to-zero
Conditions None - AWS Describe APIs don't support resource-level conditions
Resource * (required for Describe actions)

Which Jira/Github issue(s) this PR fixes?

Fixes SREP-3410

Special notes for your reviewer:

This permission already exists in other policies in this repo:

  • sts_hcp_installer_permission_policy.json
  • sts_extended_hcp_support_permission_policy.json (NetworkVerifier)
  • openshift_hcp_cloud_network_config_cloud_credentials_permission_policy.json

Pre-checks (if applicable):

  • Tested latest changes against a cluster
  • Included documentation changes with PR
  • If this is a new object that is not intended for the FedRAMP environment - N/A (modification to existing policy)

@MitaliBhalla
SREP-3410: Add ec2:DescribeInstanceTypes to CAPA controller for scale…
8e88746 
…-to-zero

Add ec2:DescribeInstanceTypes permission to the ReadPermissions Sid in
the CAPA controller manager credentials policy. This permission is
required for scale-to-zero functionality to populate
AWSMachineTemplate.Status.Capacity fields.

Fixes SREP-3410
@openshift-ci-robot
Copy link

openshift-ci-robot commented Feb 16, 2026
edited by openshift-ci bot
Loading

@MitaliBhalla: This pull request references SREP-3410 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

What type of PR is this?

feature

What this PR does / why we need it?

ROSA HCP supports scale-to-zero functionality. For this to work, AWSMachineTemplate.Status.Capacity fields need to be populated by the CAPA provider.

This PR adds ec2:DescribeInstanceTypes permission to the CAPA controller manager credentials policy (ROSANodePoolManagementPolicy), enabling the controller to query instance type specifications (vCPU, memory, etc.) needed for capacity calculations.

Permission Details:

Field Value
Permission ec2:DescribeInstanceTypes
Purpose Populate AWSMachineTemplate.Status.Capacity for scale-to-zero
Conditions None - AWS Describe APIs don't support resource-level conditions
Resource * (required for Describe actions)

Which Jira/Github issue(s) this PR fixes?

Fixes SREP-3410

Special notes for your reviewer:

This permission already exists in other policies in this repo:

  • sts_hcp_installer_permission_policy.json
  • sts_extended_hcp_support_permission_policy.json (NetworkVerifier)
  • openshift_hcp_cloud_network_config_cloud_credentials_permission_policy.json

Pre-checks (if applicable):

  • Tested latest changes against a cluster
  • Included documentation changes with PR
  • If this is a new object that is not intended for the FedRAMP environment - N/A (modification to existing policy)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Feb 16, 2026
@openshift-ci-robot
Copy link

openshift-ci-robot commented Feb 16, 2026
edited by openshift-ci bot
Loading

@MitaliBhalla: This pull request references SREP-3410 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

What type of PR is this?

feature

What this PR does / why we need it?

ROSA HCP supports scale-to-zero functionality. For this to work, AWSMachineTemplate.Status.Capacity fields need to be populated by the CAPA provider.

This PR adds ec2:DescribeInstanceTypes permission to the CAPA controller manager credentials policy (ROSANodePoolManagementPolicy), enabling the controller to query instance type specifications (vCPU, memory, etc.) needed for capacity calculations.

Permission Details:

Field Value
Permission ec2:DescribeInstanceTypes
Purpose Populate AWSMachineTemplate.Status.Capacity for scale-to-zero
Conditions None - AWS Describe APIs don't support resource-level conditions
Resource * (required for Describe actions)

Which Jira/Github issue(s) this PR fixes?

Fixes SREP-3410

Special notes for your reviewer:

This permission already exists in other policies in this repo:

  • sts_hcp_installer_permission_policy.json
  • sts_extended_hcp_support_permission_policy.json (NetworkVerifier)
  • openshift_hcp_cloud_network_config_cloud_credentials_permission_policy.json

Pre-checks (if applicable):

  • Tested latest changes against a cluster
  • Included documentation changes with PR
  • If this is a new object that is not intended for the FedRAMP environment - N/A (modification to existing policy)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot requested review from bng0y and iamkirkbater February 16, 2026 06:16
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Feb 16, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: MitaliBhalla
Once this PR has been reviewed and has the lgtm label, please assign iamkirkbater for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Feb 16, 2026

@MitaliBhalla: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@bmeng
Copy link
Contributor

bmeng commented Feb 17, 2026

/hold

@openshift-ci openshift-ci bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Feb 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bng0y bng0y Awaiting requested review from bng0y

@iamkirkbater iamkirkbater Awaiting requested review from iamkirkbater

Assignees

No one assigned

Labels

do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MitaliBhalla @openshift-ci-robot @bmeng