operator icon indicating copy to clipboard operation
operator copied to clipboard

Published 20 hours ago verified publisher icon minio

Create users with non-consoleAdmin policies during tenant provisioning

Open dnskr opened this issue 3 years ago • 12 comments

Is your feature request related to a problem? Please describe. The Operator creates a user with consoleAdmin policy by default when tenant.spec.users is used, see users in the doc. It would be great to have posibility to create users with other policies.

Describe the solution you'd like I would like to use optional CONSOLE_POLICY field in user secret to specify the policy. For example:

apiVersion: v1
kind: Secret
metadata:
  name: myuser
type: Opaque
stringData :
  CONSOLE_ACCESS_KEY: minio
  CONSOLE_SECRET_KEY: miniominio
  CONSOLE_POLICY: read_only

Additional context It is not clear for me why CONSOLE_ prefix is used, so it might be a good idea to remove it:

apiVersion: v1
kind: Secret
metadata:
  name: myuser
type: Opaque
stringData :
  ACCESS_KEY: minio
  SECRET_KEY: miniominio
  POLICY: read_only

dnskr avatar May 09 '21 14:05 dnskr

This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 21 days if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Aug 24 '21 17:08 stale[bot]

Still relevant enhancement

dnskr avatar Aug 24 '21 19:08 dnskr

This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 21 days if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Nov 29 '21 06:11 stale[bot]

@Alevsk Hi! Are there any plans to implement this feature or a reason why it will never be implemented?

dnskr avatar Nov 29 '21 20:11 dnskr

@Alevsk Hi! Are there any plans to implement this feature or a reason why it will never be implemented?

We will take a look soon.

harshavardhana avatar Nov 29 '21 20:11 harshavardhana

This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 21 days if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Mar 09 '22 02:03 stale[bot]

Still relevant enhancement

dnskr avatar Mar 09 '22 09:03 dnskr

This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 21 days if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Jun 19 '22 03:06 stale[bot]

Still good to have :)

dnskr avatar Jun 19 '22 09:06 dnskr

@Alevsk Hi! Are there any plans to implement this feature or a reason why it will never be implemented?

We will take a look soon.

Was this looked at? I see #1359 was opened and then closed, but I haven't see any movement since last year.

As @dnskr mentioned, I think this would make a lot of sense:

apiVersion: v1
kind: Secret
metadata:
  name: myuser
type: Opaque
stringData :
  ACCESS_KEY: minio
  SECRET_KEY: miniominio
  POLICY: read_only

It would also be great to have a policies field to create policies at tenant setup time as well.

If all that needs to be done is search and replace on @drivebyer's code in #1359 for CONSOLE_POLICY to POLICY and changing CONSOLE_ACCESS_KEY to ACCESS_KEY/changing CONSOLE_SECRET_KEY to SECRET_KEY, I can do that.

This would make it so that I don't need any extra custom init scripts, which would be really nice.

jessebot avatar Nov 12 '23 12:11 jessebot

This is under discussion and is coming in the next few months. No ETA es yet.

allanrogerr avatar Mar 13 '24 17:03 allanrogerr

MinIO Jobs is in the works - https://github.com/minio/operator/pull/1883

allanrogerr avatar Mar 13 '24 17:03 allanrogerr