[DO NOT MERGE] Testing Minimal Policy

[mdzraf]

What type of PR is this?

Testing CI with Minimal Policy & review new proposed minimal policy.

Manual Tests Completed:

* Create Volume (With Tags)
* Modify Volume (Changed volume type, iops, and deleted tag)
* Attach Volume
* Detach Volume
* Delete Volume 
* Resize Volume
* Create Snapshot From Volume (snapshot with tags, and FSR enabled)
* Restore Volume From Snapshot
* Delete snapshot
* Copy Volume (with tags)
* Create Snapshot with Lock
* Cannot Create/consume PV from pre-existing volume
* Can create/consume PV from pre-existing volume that had tags manually added

[k8s-ci-robot]

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[github-actions]

Code Coverage Diff

This PR does not change the code coverage

[mdzraf]

We do not actually call this anywhere in the driver besides in a testing function that does not actually need it:

aws-ebs-csi-driver/pkg/cloud/cloud_test.go

Line 3666 in 33be568

mockEC2.EXPECT().DescribeTags(gomock.Any(), gomock.Any()).Return(&ec2.DescribeTagsOutput{}, nil).AnyTimes()

So I have removed it from the policy.

[mdzraf]

These calls have * permissions because they only have ec2:Region as an allowed condition key, therefore we cannot pass in any condition key that would clearly identify a resource managed by the driver (I.e. tags on resource) see: https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html

[mdzraf]

Only made changes here to test CI, feel free to skip review.

[mdzraf]

Only made changes here to test CI, feel free to skip review.

[mdzraf]

Necessary for the EBS CSI Driver to perform the privileged task of attaching/detaching volumes on a host on behalf of the user.

[mdzraf]

/retest

Trying to see if it was a flake, the pre-provisioned tests should all pass since we actually do add the required tags.

[ElijahQuinones]

/lgtm

[k8s-ci-robot]

This PR has multiple commits, and the default merge method is: merge.
You can request commits to be squashed using the label: tide/merge-method-squash

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[k8s-ci-robot]

New changes are detected. LGTM label has been removed.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from elijahquinones. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[mdzraf]

/hold