Allow bootstrapping policies with special characters in Helm (#14356)

If the policy fails MinIO's minimum threshold for a valid policy,
they'll still (correctly) fail, but policies with a : (and probably a
/) should be allowed since they work with standard MC/MinIO 
Console interactions.

This creates the files as policy_IDX.json instead of <name>.json 
to avoid any issues with the name + Kubernetes ConfigMaps since 
ConfigMap keys must be: [-._a-zA-Z0-9]+
This commit is contained in:
Eric 2022-02-20 07:21:17 +00:00 committed by GitHub
parent 23930355a7
commit a2bc383e15
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 6 deletions

View File

@ -43,17 +43,19 @@ checkPolicyExists() {
return $?
}
# createPolicy($name)
# createPolicy($name, $filename)
createPolicy () {
NAME=$1
FILENAME=$2
# Create the name if it does not exist
echo "Checking policy: $NAME (in /config/$FILENAME.json)"
if ! checkPolicyExists $NAME ; then
echo "Creating policy '$NAME'"
else
echo "Policy '$NAME' already exists."
fi
${MC} admin policy add myminio $NAME /config/$NAME.json
${MC} admin policy add myminio $NAME /config/$FILENAME.json
}
@ -67,7 +69,7 @@ connectToMinio $scheme
{{ if .Values.policies }}
# Create the policies
{{- range .Values.policies }}
createPolicy {{ .name }}
{{- range $idx, $policy := .Values.policies }}
createPolicy {{ $policy.name }} policy_{{ $idx }}
{{- end }}
{{- end }}

View File

@ -15,8 +15,9 @@ data:
{{ include (print $.Template.BasePath "/_helper_create_user.txt") . | indent 4 }}
add-policy: |-
{{ include (print $.Template.BasePath "/_helper_create_policy.txt") . | indent 4 }}
{{- range .Values.policies }}
{{ .name }}.json: |-
{{- range $idx, $policy := .Values.policies }}
# {{ $policy.name }}
policy_{{ $idx }}.json: |-
{{ include (print $.Template.BasePath "/_helper_policy.tpl") . | indent 4 }}
{{ end }}
custom-command: |-