no-jira: Validate AWS resource tag keys with aws: prefix

[patrickdillon]

AWS docs indicate that tag keys cannot be prefix with aws:. See: https://docs.aws.amazon.com/directoryservice/latest/devguide/API_Tag.html

Using this key prefix leads to an AWS API error indicating the prefix is reserved for AWS system usage. This commit adds API validation and ratecheting tests, as the key was previously allowed.

This was originally included in #2124 but cannot land due to a bug addressed by https://github.com/openshift/kubernetes/pull/2167, so

Depends on #2124 Depends on https://github.com/openshift/kubernetes/pull/2167

[openshift-ci-robot]

@patrickdillon: This pull request explicitly references no jira issue.

In response to this:

AWS docs indicate that tag keys cannot be prefix with aws:. See: https://docs.aws.amazon.com/directoryservice/latest/devguide/API_Tag.html

Using this key prefix leads to an AWS API error indicating the prefix is reserved for AWS system usage. This commit adds API validation and ratecheting tests, as the key was previously allowed.

This was originally included in #2124 but cannot land due to a bug addressed by https://github.com/openshift/kubernetes/pull/2167, so

Depends on #2124 Depends on https://github.com/openshift/kubernetes/pull/2167

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[patrickdillon]

/hold for dependencies

[openshift-ci[bot]]

Hello @patrickdillon! Some important instructions when contributing to openshift/api: API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[openshift-bot]

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

[JoelSpeed]

@patrickdillon Did you intend to move this PR forward?

[patrickdillon]

@patrickdillon Did you intend to move this PR forward?

Yes. I see now the dependent work has merged. So I can rebase this; I am tied up with a conference this week so I will try to get this once I'm back next week.

[JoelSpeed]

@patrickdillon Just a reminder to move this one along when you have a moment

[patrickdillon]

/remove-lifecycle stale

[patrickdillon]

/hold cancel

@JoelSpeed finally ready, thanks!

[patrickdillon]

/hold

[patrickdillon]

@JoelSpeed these fields are supposed to be immutable. Should i just add validation to enforce that?

[patrickdillon]

/hold cancel

[openshift-ci-robot]

Scheduling tests matching the pipeline_run_if_changed or not excluded by pipeline_skip_if_only_changed parameters: /test e2e-aws-ovn /test e2e-aws-ovn-hypershift /test e2e-aws-ovn-hypershift-conformance /test e2e-aws-ovn-techpreview /test e2e-aws-serial-1of2 /test e2e-aws-serial-2of2 /test e2e-aws-serial-techpreview-1of2 /test e2e-aws-serial-techpreview-2of2 /test e2e-azure /test e2e-gcp /test e2e-upgrade /test e2e-upgrade-out-of-change

[openshift-ci[bot]]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JoelSpeed

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• ~~OWNERS~~ [JoelSpeed]

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

[patrickdillon]

/verified by e2e-aws

[openshift-ci-robot]

@patrickdillon: This PR has been marked as verified by e2e-aws.

In response to this:

/verified by e2e-aws

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD f4cd2bbf8568ce6b998e0039abf6833cb86c450f and 2 for PR HEAD d58295417a7b9e29243df7f4919592dc22ad0a1e in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 8691c3014652a8ced9d3304efb4a0cd76c3a35b2 and 1 for PR HEAD d58295417a7b9e29243df7f4919592dc22ad0a1e in total

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 9a9f303061e7e71f37fa5f9cd48e92608c2c3ede and 0 for PR HEAD d58295417a7b9e29243df7f4919592dc22ad0a1e in total

[openshift-ci[bot]]

@patrickdillon: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-serial-techpreview	9ae0e4a30a7e58dc9fbb046fb9b9ecdf64dee678	link	true	/test e2e-aws-serial-techpreview
ci/prow/e2e-aws-serial	9ae0e4a30a7e58dc9fbb046fb9b9ecdf64dee678	link	true	/test e2e-aws-serial

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-ci-robot]

/hold

Revision d58295417a7b9e29243df7f4919592dc22ad0a1e was retested 3 times: holding

[openshift-ci[bot]]

New changes are detected. LGTM label has been removed.

[patrickdillon]

/hold cancel

@JoelSpeed I just noticed this never merged due to essentially a rebase conflict. I rebased and reran make update. PTAL