Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

combine STS, SVC accounts into access keys with or without expiration #5004

Merged
merged 3 commits into from
Aug 17, 2024
Merged

combine STS, SVC accounts into access keys with or without expiration #5004

merged 3 commits into from
Aug 17, 2024

Conversation

harshavardhana
Copy link
Member

Community Contribution License

All community contributions in this pull request are licensed to the project maintainers
under the terms of the Apache 2 license.
By creating this pull request I represent that I have the right to license the
contributions to the project maintainers under the Apache 2 license.

Description

combine STS, SVC accounts into access keys with or without expiration

Motivation and Context

from an end-user point of view, they are no different

How to test this PR?

Configure LDAP and perform all the necessary activities to create accounts
with or without expiration. Then, observe the pretty printed output.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Optimization (provides speedup with no functional changes)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • Fixes a regression (If yes, please add commit-id or PR # here)
  • Unit tests added/updated
  • Internal documentation updated
  • Create a documentation update request here

@taran-p
Copy link
Contributor

taran-p commented Jul 31, 2024

Would the inability to delete STS access keys be an issue with listing them together?

@donatello
Copy link
Member

Also sts keys need tokens so I think there should be an indication like a type so that users don't go looking for them in apps or scripts (for an audit for example).

@harshavardhana
Copy link
Member Author

Fundamentally they are all the same from an API point of view, the idea here is just to show them a hint. Adding an sts tag might be okay let me see if I can add it cleanly.

The current UI is quite wrong we need to address it.

@harshavardhana
Copy link
Member Author

harshavardhana commented Aug 12, 2024
edited
Loading

Would the inability to delete STS access keys be an issue with listing them together?

The API has no contract which requires that all access keys be allowed to be deleted. Service Accounts is our extended implementation in MinIO. AWS STS credentials do not have such a feature, so in MinIO, we didn't implement a DELETE behavior for them, either.

@harshavardhana
Copy link
Member Author

Added STS differentiation

@jiuker jiuker mentioned this pull request Aug 15, 2024
Merged
8 tasks
@harshavardhana harshavardhana merged commit 456709a into minio:master Aug 17, 2024
5 checks passed
@harshavardhana harshavardhana deleted the fix-list branch August 17, 2024 11:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@donatello donatello donatello approved these changes

@taran-p taran-p taran-p approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@harshavardhana @taran-p @donatello @jiuker