kubernetes-sigs
diff --git a/‎config/crd/bases/controlplane.cluster.x-k8s.io_rosacontrolplanes.yaml
Lines changed: 9 additions & 0 deletions b/‎config/crd/bases/controlplane.cluster.x-k8s.io_rosacontrolplanes.yaml
Lines changed: 9 additions & 0 deletions
diff --git a/‎config/crd/bases/infrastructure.cluster.x-k8s.io_rosaroleconfigs.yaml
Lines changed: 9 additions & 0 deletions b/‎config/crd/bases/infrastructure.cluster.x-k8s.io_rosaroleconfigs.yaml
Lines changed: 9 additions & 0 deletions
diff --git a/‎controlplane/rosa/api/v1beta2/rosacontrolplane_types.go
Lines changed: 8 additions & 8 deletions b/‎controlplane/rosa/api/v1beta2/rosacontrolplane_types.go
Lines changed: 8 additions & 8 deletions
diff --git a/‎controlplane/rosa/api/v1beta2/rosacontrolplane_webhook.go
Lines changed: 16 additions & 0 deletions b/‎controlplane/rosa/api/v1beta2/rosacontrolplane_webhook.go
Lines changed: 16 additions & 0 deletions
diff --git a/‎exp/api/v1beta2/rosaroleconfig_types.go
Lines changed: 25 additions & 4 deletions b/‎exp/api/v1beta2/rosaroleconfig_types.go
Lines changed: 25 additions & 4 deletions
diff --git a/‎exp/controllers/rosamachinepool_controller.go
Lines changed: 16 additions & 0 deletions b/‎exp/controllers/rosamachinepool_controller.go
Lines changed: 16 additions & 0 deletions
@@ -759,6 +759,15 @@ spec:
                       [\n\t\t{\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"ec2:AttachVolume\",\n\t\t\t\t\"ec2:CreateSnapshot\",\n\t\t\t\t\"ec2:CreateTags\",\n\t\t\t\t\"ec2:CreateVolume\",\n\t\t\t\t\"ec2:DeleteSnapshot\",\n\t\t\t\t\"ec2:DeleteTags\",\n\t\t\t\t\"ec2:DeleteVolume\",\n\t\t\t\t\"ec2:DescribeInstances\",\n\t\t\t\t\"ec2:DescribeSnapshots\",\n\t\t\t\t\"ec2:DescribeTags\",\n\t\t\t\t\"ec2:DescribeVolumes\",\n\t\t\t\t\"ec2:DescribeVolumesModifications\",\n\t\t\t\t\"ec2:DetachVolume\",\n\t\t\t\t\"ec2:ModifyVolume\"\n\t\t\t],\n\t\t\t\"Resource\":
                       \"*\"\n\t\t}\n\t]\n}"
                     type: string
+                required:
+                - controlPlaneOperatorARN
+                - imageRegistryARN
+                - ingressARN
+                - kmsProviderARN
+                - kubeCloudControllerARN
+                - networkARN
+                - nodePoolManagementARN
+                - storageARN
                 type: object
               rosaClusterName:
                 description: |-
 
@@ -410,6 +410,15 @@ spec:
                       [\n\t\t{\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"ec2:AttachVolume\",\n\t\t\t\t\"ec2:CreateSnapshot\",\n\t\t\t\t\"ec2:CreateTags\",\n\t\t\t\t\"ec2:CreateVolume\",\n\t\t\t\t\"ec2:DeleteSnapshot\",\n\t\t\t\t\"ec2:DeleteTags\",\n\t\t\t\t\"ec2:DeleteVolume\",\n\t\t\t\t\"ec2:DescribeInstances\",\n\t\t\t\t\"ec2:DescribeSnapshots\",\n\t\t\t\t\"ec2:DescribeTags\",\n\t\t\t\t\"ec2:DescribeVolumes\",\n\t\t\t\t\"ec2:DescribeVolumesModifications\",\n\t\t\t\t\"ec2:DetachVolume\",\n\t\t\t\t\"ec2:ModifyVolume\"\n\t\t\t],\n\t\t\t\"Resource\":
                       \"*\"\n\t\t}\n\t]\n}"
                     type: string
+                required:
+                - controlPlaneOperatorARN
+                - imageRegistryARN
+                - ingressARN
+                - kmsProviderARN
+                - kubeCloudControllerARN
+                - networkARN
+                - nodePoolManagementARN
+                - storageARN
                 type: object
             type: object
         type: object
 
@@ -414,7 +414,7 @@ type AWSRolesRef struct {
 	//		}
 	//	]
 	// }
-	IngressARN string `json:"ingressARN,omitempty"`
+	IngressARN string `json:"ingressARN"`
 
 	// ImageRegistryARN is an ARN value referencing a role appropriate for the Image Registry Operator.
 	//
@@ -449,7 +449,7 @@ type AWSRolesRef struct {
 	//		}
 	//	]
 	// }
-	ImageRegistryARN string `json:"imageRegistryARN,omitempty"`
+	ImageRegistryARN string `json:"imageRegistryARN"`
 
 	// StorageARN is an ARN value referencing a role appropriate for the Storage Operator.
 	//
@@ -480,7 +480,7 @@ type AWSRolesRef struct {
 	//		}
 	//	]
 	// }
-	StorageARN string `json:"storageARN,omitempty"`
+	StorageARN string `json:"storageARN"`
 
 	// NetworkARN is an ARN value referencing a role appropriate for the Network Operator.
 	//
@@ -506,7 +506,7 @@ type AWSRolesRef struct {
 	//		}
 	//	]
 	// }
-	NetworkARN string `json:"networkARN,omitempty"`
+	NetworkARN string `json:"networkARN"`
 
 	// KubeCloudControllerARN is an ARN value referencing a role appropriate for the KCM/KCC.
 	// Source: https://cloud-provider-aws.sigs.k8s.io/prerequisites/#iam-policies
@@ -584,7 +584,7 @@ type AWSRolesRef struct {
 	//  ]
 	// }
 	// +immutable
-	KubeCloudControllerARN string `json:"kubeCloudControllerARN,omitempty"`
+	KubeCloudControllerARN string `json:"kubeCloudControllerARN"`
 
 	// NodePoolManagementARN is an ARN value referencing a role appropriate for the CAPI Controller.
 	//
@@ -697,7 +697,7 @@ type AWSRolesRef struct {
 	// }
 	//
 	// +immutable
-	NodePoolManagementARN string `json:"nodePoolManagementARN,omitempty"`
+	NodePoolManagementARN string `json:"nodePoolManagementARN"`
 
 	// ControlPlaneOperatorARN  is an ARN value referencing a role appropriate for the Control Plane Operator.
 	//
@@ -737,8 +737,8 @@ type AWSRolesRef struct {
 	//	]
 	// }
 	// +immutable
-	ControlPlaneOperatorARN string `json:"controlPlaneOperatorARN,omitempty"`
-	KMSProviderARN          string `json:"kmsProviderARN,omitempty"`
+	ControlPlaneOperatorARN string `json:"controlPlaneOperatorARN"`
+	KMSProviderARN          string `json:"kmsProviderARN"`
 }
 
 // RosaControlPlaneStatus defines the observed state of ROSAControlPlane.
 
@@ -1,3 +1,19 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package v1beta2
 
 import (
 
@@ -1,5 +1,5 @@
 /*
-Copyright The Kubernetes Authors.
+Copyright 2025 The Kubernetes Authors.
 
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -25,9 +25,6 @@ import (
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 )
 
-// EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
-// NOTE: json tags are required.  Any new fields you add must have json tags for the fields to be serialized.
-
 // ROSARoleConfigSpec defines the desired state of ROSARoleConfig
 type ROSARoleConfigSpec struct {
 	AccountRoleConfig  AccountRoleConfig             `json:"accountRoleConfig"`
@@ -158,6 +155,25 @@ const (
 	RosaRoleConfigCreatedReason = "Created"
 )
 
+const (
+	// IngressOperatorARNSuffix is the suffix for the ingress operator role.
+	IngressOperatorARNSuffix = "-openshift-ingress-operator-cloud-credentials"
+	// ImageRegistryARNSuffix is the suffix for the image registry operator role.
+	ImageRegistryARNSuffix = "-openshift-image-registry-installer-cloud-credentials"
+	// StorageARNSuffix is the suffix for the storage operator role.
+	StorageARNSuffix = "-openshift-cluster-csi-drivers-ebs-cloud-credentials"
+	// NetworkARNSuffix is the suffix for the network operator role.
+	NetworkARNSuffix = "-openshift-cloud-network-config-controller-cloud-credentials"
+	// KubeCloudControllerARNSuffix is the suffix for the kube cloud controller role.
+	KubeCloudControllerARNSuffix = "-kube-system-kube-controller-manager"
+	// NodePoolManagementARNSuffix is the suffix for the node pool management role.
+	NodePoolManagementARNSuffix = "-kube-system-capa-controller-manager"
+	// ControlPlaneOperatorARNSuffix is the suffix for the control plane operator role.
+	ControlPlaneOperatorARNSuffix = "-kube-system-control-plane-operator"
+	// KMSProviderARNSuffix is the suffix for the kms provider role.
+	KMSProviderARNSuffix = "-kube-system-kms-provider"
+)
+
 // SetConditions sets the conditions of the ROSARoleConfig.
 func (r *ROSARoleConfig) SetConditions(conditions clusterv1.Conditions) {
 	r.Status.Conditions = conditions
@@ -168,6 +184,11 @@ func (r *ROSARoleConfig) GetConditions() clusterv1.Conditions {
 	return r.Status.Conditions
 }
 
+// IsSharedVPC checks if the shared VPC config is set.
+func (s SharedVPCConfig) IsSharedVPC() bool {
+	return s.VPCEndpointRoleARN != "" && s.RouteRoleARN != ""
+}
+
 func init() {
 	SchemeBuilder.Register(&ROSARoleConfig{}, &ROSARoleConfigList{})
 }
@@ -1,3 +1,19 @@
+/*
+Copyright 2023 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
 package controllers
 
 import (