no-jira: Validate AWS resource tag keys with aws: prefix

[patrickdillon]

AWS docs indicate that tag keys cannot be prefix with aws:. See:
https://docs.aws.amazon.com/directoryservice/latest/devguide/API_Tag.html

Using this key prefix leads to an AWS API error indicating the prefix
is reserved for AWS system usage. This commit adds API validation
and ratecheting tests, as the key was previously allowed.

This was originally included in #2124 but cannot land due to a bug addressed by openshift/kubernetes#2167, so

Depends on #2124
Depends on openshift/kubernetes#2167

[openshift-ci-robot]

@patrickdillon: This pull request explicitly references no jira issue.

In response to this:

AWS docs indicate that tag keys cannot be prefix with aws:. See:
https://docs.aws.amazon.com/directoryservice/latest/devguide/API_Tag.html

Using this key prefix leads to an AWS API error indicating the prefix
is reserved for AWS system usage. This commit adds API validation
and ratecheting tests, as the key was previously allowed.

This was originally included in #2124 but cannot land due to a bug addressed by openshift/kubernetes#2167, so

Depends on #2124
Depends on openshift/kubernetes#2167

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[patrickdillon]

/hold
for dependencies

[openshift-ci]

Hello @patrickdillon! Some important instructions when contributing to openshift/api:
API design plays an important part in the user experience of OpenShift and as such API PRs are subject to a high level of scrutiny to ensure they follow our best practices. If you haven't already done so, please review the OpenShift API Conventions and ensure that your proposed changes are compliant. Following these conventions will help expedite the api review process for your PR.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: patrickdillon
Once this PR has been reviewed and has the lgtm label, please assign knobunc for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-merge-robot]

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

@patrickdillon: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/okd-scos-e2e-aws-ovn	9ae0e4a	link	false	/test okd-scos-e2e-aws-ovn
ci/prow/e2e-gcp	9ae0e4a	link	false	/test e2e-gcp
ci/prow/verify	9ae0e4a	link	true	/test verify
ci/prow/minor-e2e-upgrade-minor	9ae0e4a	link	true	/test minor-e2e-upgrade-minor
ci/prow/minor-images	9ae0e4a	link	true	/test minor-images
ci/prow/verify-client-go	9ae0e4a	link	true	/test verify-client-go
ci/prow/e2e-upgrade-out-of-change	9ae0e4a	link	true	/test e2e-upgrade-out-of-change
ci/prow/e2e-aws-serial-techpreview	9ae0e4a	link	true	/test e2e-aws-serial-techpreview
ci/prow/verify-crd-schema	9ae0e4a	link	true	/test verify-crd-schema
ci/prow/e2e-aws-ovn-techpreview	9ae0e4a	link	true	/test e2e-aws-ovn-techpreview
ci/prow/e2e-aws-ovn	9ae0e4a	link	true	/test e2e-aws-ovn
ci/prow/e2e-aws-serial	9ae0e4a	link	true	/test e2e-aws-serial
ci/prow/unit	9ae0e4a	link	true	/test unit
ci/prow/e2e-aws-ovn-hypershift	9ae0e4a	link	true	/test e2e-aws-ovn-hypershift
ci/prow/okd-scos-images	9ae0e4a	link	true	/test okd-scos-images
ci/prow/images	9ae0e4a	link	true	/test images
ci/prow/integration	9ae0e4a	link	true	/test integration
ci/prow/verify-feature-promotion	9ae0e4a	link	true	/test verify-feature-promotion
ci/prow/lint	9ae0e4a	link	true	/test lint
ci/prow/e2e-upgrade	9ae0e4a	link	true	/test e2e-upgrade
ci/prow/verify-deps	9ae0e4a	link	true	/test verify-deps
ci/prow/build	9ae0e4a	link	true	/test build
ci/prow/e2e-aws-ovn-hypershift-conformance	9ae0e4a	link	true	/test e2e-aws-ovn-hypershift-conformance
ci/prow/e2e-aws-serial-2of2	9ae0e4a	link	true	/test e2e-aws-serial-2of2
ci/prow/e2e-aws-serial-techpreview-2of2	9ae0e4a	link	true	/test e2e-aws-serial-techpreview-2of2
ci/prow/e2e-aws-serial-techpreview-1of2	9ae0e4a	link	true	/test e2e-aws-serial-techpreview-1of2
ci/prow/e2e-aws-serial-1of2	9ae0e4a	link	true	/test e2e-aws-serial-1of2

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[openshift-bot]

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

[JoelSpeed]

@patrickdillon Did you intend to move this PR forward?