Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add policies for users #1872

Closed
wants to merge 4 commits into from
Closed

Conversation

jessebot
Copy link

@jessebot jessebot commented Nov 17, 2023

Piggybacking off of the work presented in #1359 (thank you, @drivebyer). Fixes #629

Not sure of the preferred testing method, but this should allow you to decoratively create users with specific policies, or no policy at all. We'd still need a separate PR for allowing declaration of policies as well, and if we do, then those policies must be created before we create users.

Happy to workshop this to be better if you have any suggestions! :)

@jessebot
Copy link
Author

If there are any other docs you need me to update, I'm happy to do so, btw 🙏 New to this codebase though, so did what I could.

Copy link
Collaborator

@dvaldivia dvaldivia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since at bootstraping time there's only a few policies (consoleAdmin, diagnostics, readonly, readwrite and writeonly) I'm not sure this is the right solution to address the problem of provisioning users with limited capabilities, this section was only intended to provision administrators so people didn't rely on the root credentials to access their Tenant.

We are working on a more complete solution, a new CRD for configuring things in a more declarative way, I'd recommend you wait for that, should be in in the following week for review

@jessebot
Copy link
Author

Thanks for your response! Wouldn't it make more sense to have CRDs per minio resource, such as Policies, Buckets, and Users? That way, you could declare each resource in it's own manifest?

@pjuarezd
Copy link
Member

pjuarezd commented Feb 6, 2024

Thanks for your response! Wouldn't it make more sense to have CRDs per minio resource, such as Policies, Buckets, and Users? That way, you could declare each resource in it's own manifest?

We have discussed it internally and decided to go other route with the solution to this problem, MinIO Jobs is in the works, closing this.

@pjuarezd pjuarezd closed this Feb 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Create users with non-consoleAdmin policies during tenant provisioning
3 participants