Skip to content

Conversation

cesnietor
Copy link
Collaborator

@cesnietor cesnietor commented Apr 20, 2020

adds new functionality for creating a service
account for a user, for this, an admin client
is created with the user credentials so that
the service account can be assigned to him.

To test this:

  • create a user and assign a policy to him

  • login to mcs with the user credentials

  • create a serviceAccount on /api/v1/service-accounts
    The payload can (optional) have a policy defined as string e.g.

     {
      "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":[\"s3:GetBucketLocation\"],\"Resource\":[\"arn:aws:s3:::*\"]},{\"Effect\":\"Allow\",\"Action\":[\"s3:ListBucket\",\"s3:GetObject\"],\"Resource\":[\"arn:aws:s3:::bucktest1s/*\"]}]}"
     }
    

    it should return the Service Account credentials like:

    {
     "accessKey": "Y6ERKY9HLILEC9DMKDC5",
     "secretKey": "dYsoHwQKm+REFzNGkKyR4iLr5sSkZDJNSSMcdcIT"
    }
    
  • Test that the Service Account can be added as a new host and have the proper permissions

@cesnietor cesnietor added the WIP This PR is WIP and cannot be merged yet label Apr 20, 2020
@cesnietor cesnietor self-assigned this Apr 21, 2020
@cesnietor cesnietor force-pushed the add-service-accounts-api branch from 9857f90 to 6b7dc7f Compare April 24, 2020 20:36
@cesnietor cesnietor changed the title add Create Service Account api [WIP] add Create Service Account api Apr 24, 2020
@cesnietor cesnietor force-pushed the add-service-accounts-api branch from 6b7dc7f to b5fd8f2 Compare April 29, 2020 01:24
@cesnietor cesnietor changed the title [WIP] add Create Service Account api Add Create Service Account api Apr 29, 2020
@cesnietor cesnietor removed the WIP This PR is WIP and cannot be merged yet label Apr 29, 2020
dvaldivia
dvaldivia previously approved these changes Apr 29, 2020
Copy link
Collaborator

@bexsoft bexsoft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just this minor detail, everything else looks good

Copy link
Contributor

@Alevsk Alevsk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reviewing 👀

adds new functionality for creating a service
account for a user, for this, an admin client
is created with the user credentials so that
the service account can be assigned to him.

This also updates to  minio RELEASE.2020-04-28T23-56-56Z
@cesnietor cesnietor force-pushed the add-service-accounts-api branch from aa15a98 to 81d691c Compare April 29, 2020 18:47
@cesnietor cesnietor requested review from bexsoft and dvaldivia April 29, 2020 18:47
Copy link
Collaborator

@bexsoft bexsoft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Alevsk
Copy link
Contributor

Alevsk commented Apr 30, 2020

Tested, works good 👍

@cesnietor
Copy link
Collaborator Author

Tested, works good 👍

@Alevsk can you please remove you request change? XD

@Alevsk Alevsk merged commit b85712e into minio:master Apr 30, 2020
@cesnietor cesnietor mentioned this pull request May 6, 2020
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants