Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create users with non-consoleAdmin policies during tenant provisioning #629

Open
dnskr opened this issue May 9, 2021 · 12 comments
Open

Create users with non-consoleAdmin policies during tenant provisioning #629

dnskr opened this issue May 9, 2021 · 12 comments
Assignees
@harshavardhana
Labels
enhancement New feature or request

Comments

@dnskr
Copy link
Contributor

dnskr commented May 9, 2021

Is your feature request related to a problem? Please describe.
The Operator creates a user with consoleAdmin policy by default when tenant.spec.users is used, see users in the doc.
It would be great to have posibility to create users with other policies.

Describe the solution you'd like
I would like to use optional CONSOLE_POLICY field in user secret to specify the policy.
For example:

apiVersion: v1
kind: Secret
metadata:
  name: myuser
type: Opaque
stringData :
  CONSOLE_ACCESS_KEY: minio
  CONSOLE_SECRET_KEY: miniominio
  CONSOLE_POLICY: read_only

Additional context
It is not clear for me why CONSOLE_ prefix is used, so it might be a good idea to remove it:

apiVersion: v1
kind: Secret
metadata:
  name: myuser
type: Opaque
stringData :
  ACCESS_KEY: minio
  SECRET_KEY: miniominio
  POLICY: read_only
@harshavardhana harshavardhana added the enhancement New feature or request label May 25, 2021
@stale
Copy link

stale bot commented Aug 24, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 21 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Aug 24, 2021
@dnskr
Copy link
Contributor Author

dnskr commented Aug 24, 2021

Still relevant enhancement

@stale stale bot removed the stale label Aug 24, 2021
@stale
Copy link

stale bot commented Nov 29, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 21 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Nov 29, 2021
@dnskr
Copy link
Contributor Author

dnskr commented Nov 29, 2021

@Alevsk Hi! Are there any plans to implement this feature or a reason why it will never be implemented?

@stale stale bot removed the stale label Nov 29, 2021
@harshavardhana
Copy link
Member

@Alevsk Hi! Are there any plans to implement this feature or a reason why it will never be implemented?

We will take a look soon.

@stale
Copy link

stale bot commented Mar 9, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 21 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Mar 9, 2022
@dnskr
Copy link
Contributor Author

dnskr commented Mar 9, 2022

Still relevant enhancement

@stale stale bot removed the stale label Mar 9, 2022
@stale
Copy link

stale bot commented Jun 19, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 21 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Jun 19, 2022
@dnskr
Copy link
Contributor Author

dnskr commented Jun 19, 2022

Still good to have :)

@stale stale bot removed the stale label Jun 19, 2022
@drivebyer drivebyer mentioned this issue Dec 1, 2022
Closed
@jessebot
Copy link

@Alevsk Hi! Are there any plans to implement this feature or a reason why it will never be implemented?

We will take a look soon.

Was this looked at? I see #1359 was opened and then closed, but I haven't see any movement since last year.

As @dnskr mentioned, I think this would make a lot of sense:

apiVersion: v1
kind: Secret
metadata:
  name: myuser
type: Opaque
stringData :
  ACCESS_KEY: minio
  SECRET_KEY: miniominio
  POLICY: read_only

It would also be great to have a policies field to create policies at tenant setup time as well.

If all that needs to be done is search and replace on @drivebyer's code in #1359 for CONSOLE_POLICY to POLICY and changing CONSOLE_ACCESS_KEY to ACCESS_KEY/changing CONSOLE_SECRET_KEY to SECRET_KEY, I can do that.

This would make it so that I don't need any extra custom init scripts, which would be really nice.

This was referenced Nov 17, 2023
Closed
Closed
@allanrogerr
Copy link
Contributor

This is under discussion and is coming in the next few months. No ETA es yet.

@allanrogerr
Copy link
Contributor

MinIO Jobs is in the works - #1883

@jfroy jfroy mentioned this issue Mar 13, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@harshavardhana harshavardhana

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
5 participants
@harshavardhana @Alevsk @jessebot @allanrogerr @dnskr