Conversation
1a4399d to
dcfe3ae
Compare
With this commit the provider is able to manage users as well. The users can't yet do anything as a user without any policy has no permissions at all.
| // It can be used to assign a policy to a usser. | ||
| func NewMinioAdmin(ctx context.Context, c client.Client, config *providerv1.ProviderConfig) (*madmin.AdminClient, error) { | ||
|
|
||
| secret := &corev1.Secret{} |
There was a problem hiding this comment.
Maybe we could easily cash this value? Connect() method id always invoked before any reconciliation.
There was a problem hiding this comment.
We're using the cached kube client from the manager anyway. So this should already by cached by that.
Also with an additional cache we might miss updates to the secret.
| u.emitCreationEvent(user) | ||
|
|
||
| annotations := user.GetAnnotations() | ||
| annotations[UserCreatedAnnotationKey] = "true" |
There was a problem hiding this comment.
Why this annotation is needed? If the resource is Ready that it would imply that it's created.
There was a problem hiding this comment.
The problem is that we can't update the status during creation, so we need the annotation to mark it as created. We can then set the proper condition in the observe function. We've used this pattern to indicate that the creation function actually ran in the other providers as well.
Also see here for more information on how the crossplane provider framework works: https://kb.vshn.ch/app-catalog/explanations/crossplane_provider_mechanics.html
Add user management
Summary
The minio admin sdk is under AGPL-3.0, so we need to adjust accordingly.
Checklist
bug,enhancement,documentation,change,breaking,dependencyas they show up in the changelog