aws-auth-operator icon indicating copy to clipboard operation
aws-auth-operator copied to clipboard
verified publisher icon gp42

Allow to manually manage single users

Open gp42 opened this issue 4 years ago • 0 comments

Current operator allows to synchronise IAM groups, but sometimes it is required to create a single user record which does not belong to IAM group.

For example, the following configuration:

apiVersion: auth.ops42.org/v1alpha1
kind: AwsAuthSyncConfig
metadata:
  name: default
  namespace: kube-system
spec:
  mapUsers:
    - userarn: arn:aws:iam::677983237296:user/john
      username: john # optional, defaults to AWS username
      groups:
        - dev-operator-k8s-admins
        - dev-operator-k8s-users

Should result in the following AWS Auth configmap:

...
  mapUsers: |
    - userarn: arn:aws:iam::677983237296:user/john
      username: john
      groups:
      - dev-operator-k8s-admins
      - dev-operator-k8s-users

This functionality should support combining with syncIamGroups configurations.

gp42 avatar Dec 19 '21 10:12 gp42