Add extraPolicyStatements
for embedded MinIO (define user access)
#69
Labels
kind/enhancement
kind - new features or changes
priority/low
priority - work on this when we get time
status/help-wanted
status - this needs contributions
Originally posted by @thesuperzapper in #64 (comment) replying to @Diddy42
While it's a bit dangerous to encourage usage of the embedded MinIO, I am open to accepting a contribution that lets you define
extraPolicyStatements
, as we don't currently provide a way to extend the policies we automatically generate for each user defined indeploykf_core.deploykf_profiles_generator.users
.For example, we could add a value like
deploykf_opt.deploykf_minio.extraPolicyStatements
:The way this would be implemented would be by extending the automatically generated
deploykf_opt.deploykf_minio.policies
which are defined here:deployKF/generator/templates/manifests/deploykf-opt/deploykf-minio/values.yaml
Lines 210 to 240 in 80b6483
Some of the important templates which are called in the above section are:
runtime/deploykf_profiles__users_id_mapping_json
:user
->user info
(needed to get theemail
of the user, for the policy name)kubeflow_pipelines.object_store.user.minio_policy
:extra_statements
)You would also need to use the
group
->user
mapping JSON template, to get the list of users in a group:runtime/deploykf_profiles__groups_id_mapping_json
The text was updated successfully, but these errors were encountered: