Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: create user with default policy #1906

Closed
wants to merge 8 commits into from
Closed

feat: create user with default policy #1906

wants to merge 8 commits into from

Conversation

jiuker
Copy link
Contributor

@jiuker jiuker commented Dec 11, 2023
edited
Loading

fix #1870
how to test:
set use with

apiVersion: v1
kind: Secret
metadata:
  name: mytest-minio-user-0
  namespace: minio-system
  labels:
    v1.min.io/tenant: mytest-minio
immutable: true
type: Opaque
data:
  CONSOLE_ACCESS_KEY: bXlhZG1pbmNvbnNvbGU=
  CONSOLE_SECRET_KEY: cGFzc3dvcmRjb25zb2xl
  MyUser_ACCESS_KEY: bXlhZG1pbg==
  MyUser_SECRET_KEY: cGFzc3dvcmQ=
  MyUser_POLICY: cmVhZG9ubHk=

User info:

    CONSOLE_ACCESS_KEY: myadminconsole
    CONSOLE_SECRET_KEY: passwordconsole
    MyUser_ACCESS_KEY: myadmin
    MyUser_SECRET_KEY: password
    MyUser_POLICY: readonly

guozhi.li added 2 commits December 11, 2023 18:18
@jiuker jiuker requested a review from pjuarezd December 11, 2023 10:19
guozhi.li added 2 commits December 11, 2023 18:24
@jiuker jiuker requested a review from cniackz December 11, 2023 10:32
@shtripat
Copy link
Contributor

I followed below steps

  1. docker buildx build --no-cache -o type=docker -t docker.io/minio/operator:create-user .
  2. kind create cluster --config ./kind-config.yaml
  3. kind load docker-image docker.io/minio/operator:create-user
  4. kubectl kustomize . > operator-test.yaml and changed the image name to docker.io/minio/operator:create-user in YAML
  5. kubectl apply -f operator-test.yaml
  6. kubectl kustomize ./examples/kustomization/tenant-lite/ > tenant-u.yaml
  7. Added below content additionally to the YAML
apiVersion: v1
kind: Secret
metadata:
  name: mytest-minio-user-0
  namespace: tenant-lite
  labels:
    v1.min.io/tenant: myminio
immutable: true
type: Opaque
data:
    CONSOLE_ACCESS_KEY: bXlhZG1pbmNvbnNvbGUK
    CONSOLE_SECRET_KEY: cGFzc3dvcmRjb25zb2xlCg==
    MyUser_ACCESS_KEY: bXlhZG1pbgo=
    MyUser_SECRET_KEY: cGFzc3dvcmQK
    MyUser_POLICY: readonly
  1. kubectl apply -f tenant-u.yaml

I can see secret created but unable to create alias using the creds myadmin and password. Please add detailed steps for verification and sample YAMLs.

@jiuker
Copy link
Contributor Author

jiuker commented Dec 12, 2023
edited
Loading

Use

 CONSOLE_ACCESS_KEY: bXlhZG1pbmNvbnNvbGU=
  CONSOLE_SECRET_KEY: cGFzc3dvcmRjb25zb2xl
  MyUser_ACCESS_KEY: bXlhZG1pbg==
  MyUser_SECRET_KEY: cGFzc3dvcmQ=
  MyUser_POLICY: cmVhZG9ubHk=

instead. Value should be base64.

@shtripat
Copy link
Contributor

Use

 CONSOLE_ACCESS_KEY: bXlhZG1pbmNvbnNvbGU=
  CONSOLE_SECRET_KEY: cGFzc3dvcmRjb25zb2xl
  MyUser_ACCESS_KEY: bXlhZG1pbg==
  MyUser_SECRET_KEY: cGFzc3dvcmQ=
  MyUser_POLICY: cmVhZG9ubHk=

instead. Value should be base64.

We need to add new user to the users list as well in tenant YAML for this change to work as below

  users:
  - name: storage-user
  - name: mytest-minio-user-0

@jiuker jiuker marked this pull request as draft December 20, 2023 03:07
guozhi.li added 2 commits January 5, 2024 15:20
Merge branch 'master' into create_user_with_policy
d8de580 
# Conflicts:
#	go.mod
#	go.sum
#	kubectl-minio/go.mod
#	kubectl-minio/go.sum
check the user after create
ab687fc
@jiuker jiuker marked this pull request as ready for review January 5, 2024 07:22
@jiuker jiuker marked this pull request as draft January 7, 2024 13:59
@jiuker jiuker closed this Jan 23, 2024
@jiuker
Copy link
Contributor Author

jiuker commented Jan 23, 2024

Job CRD to do this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shtripat shtripat shtripat left review comments

@harshavardhana harshavardhana Awaiting requested review from harshavardhana

@dvaldivia dvaldivia Awaiting requested review from dvaldivia

@pjuarezd pjuarezd Awaiting requested review from pjuarezd

@cniackz cniackz Awaiting requested review from cniackz

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

'Create User' and 'Create Service Account' options missing from tenant helm chart
2 participants
@jiuker @shtripat