feat: add value for extending minio policies #68
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds the value
deploykf_opt.deploykf_minio.extraPolicyStatements
, which makes it possible to add custom MinIO policy statements to specific users or groups. In case of groups, there are added to all users of that group.For example:
For context, this feature stems from this discussion.
Implementation comments
generator/helpers/deploykf-minio-policies.tpl
), as this functionality is not really relevant to the kubeflow_pipelines's object_store. Hence, it seems cleaner this way (unless I'm missing something, I'm interested to know your thoughts!). This helper file is used to append policy statements to an existing policy.Version
field to"2012-10-17"
, askubeflow_pipelines.object_store.user.minio_policy
does. It would be cleaner to take the Version from the existing policy (withVersion: {{< $prev_policy.Version >}}
), but the value gets converted to2012-10-17Z00:00:00
and I haven't found a way around that. Since it is also hardcoded in other places and is not settable by the user, I don't think it is a big deal, but I am open to feedback.closes: #69