0Z"}} iam-assets/user_mappings.json {} iam-assets/group_mappings.json {} iam-assets/stsuser_mappings.json {"uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io":{"version":0,"policy":"consoleAdmin","updatedAt":"2024-09-09T15:59:59.399979442Z"},"uid=dillon,ou=people,ou=swengg,dc=min,dc=io":{"version":0,"policy":"consoleAdmin","updatedAt":"2024-09-09T16:00:03.729549302Z"}}...

##
resources:
  requests:
    memory: 16Gi

## List of policies to be created after minio install
##
## In addition to default policies [readonly|readwrite|writeonly|consoleAdmin|diagnostics]
## you can define additional policies with custom supported actions and resources
policies: []
## writeexamplepolicy policy grants creation or deletion of buckets with name

iam-assets/policies.json {"consoleAdmin":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["admin:*"]},{"Effect":"Allow","Action":["kms:*"]},{"Effect":"Allow","Action":["s3:*"],"Resource":["arn:aws:s3:::*"]}]},diagnostics":{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["admin:TopLocksInfo","admin:BandwidthMonitor","admin:ConsoleLog","admin:OBDInfo","admin:Profiling","admin:Prometheus","admin:ServerInfo","admin:ServerTrace"],"Resource":["arn:aws:s3:::*"]}]},rea...

	client_id="minio-client-app" \
	client_secret="minio-client-app-secret" \
	scopes="openid,groups,email,profile" \
	redirect_uri="http://127.0.0.1:10000/oauth_callback" \
	display_name="Login via dex1" \
	role_policy="consoleAdmin"

./mc admin service restart myminio --json
./mc ready myminio
./mc admin cluster iam import myminio docs/distributed/samples/myminio-iam-info-openid.zip

# Verify if buckets / objects accessible using service account

	echo "expected bucket tag to have replicated, exiting..."
	exit_1
fi
# Create user with policy consoleAdmin on minio1
./mc admin user add minio1 foobarx foobar123
if [ $? -ne 0 ]; then
	echo "adding user failed, exiting.."
	exit_1
fi
./mc admin policy attach minio1 consoleAdmin --user=foobarx
if [ $? -ne 0 ]; then
	echo "adding policy mapping failed, exiting.."
	exit_1
fi
sleep 10

		t.Fatalf("unable to get policy to credential, %s", err)
	}

	if len(policies) == 0 {
		t.Fatal("no policies found")
	}

	if policies[0] != "consoleAdmin" {
		t.Fatalf("expected 'consoleAdmin', %s", policies[0])
	}
}

// TestSkipContentSha256Cksum - Test validate the logic which decides whether
// to skip checksum validation based on the request header.
func TestSkipContentSha256Cksum(t *testing.T) {

mc admin policy attach myminio deny-non-sse-kms-pol --user minio123
mc admin policy attach myminio deny-invalid-sse-kms-pol --user minio123
mc admin policy attach myminio consoleAdmin --user minio123

mc mb -l myminio/test-bucket
mc mb -l myminio/multi-key-poc

export MC_HOST_myminio1="http://minio123:minio123@localhost:9000/"

mc cp /etc/issue myminio1/test-bucket
ret=$?

export MC_HOST_siteb=http://minioadmin:minioadmin@127.0.0.1:9004

./mc ready sitea
./mc ready siteb

./mc admin replicate add sitea siteb

./mc admin user add sitea foobar foo12345

./mc admin policy attach sitea/ consoleAdmin --user=foobar

./mc admin user info siteb foobar

killall -9 minio

echo "turning off root access, however site replication must continue"
export MINIO_API_ROOT_ACCESS=off

        "version": 0,
        "policy": "consoleAdmin",
        "updatedAt": "2024-04-17T23:54:28.442998301Z"
    },
    "mygroup": {
        "version": 0,
        "policy": "consoleAdmin",
        "updatedAt": "2024-04-23T21:34:43.66922872Z"
    },
    "cn=project.c,ou=groups,OU=swengg,DC=min,DC=io": {
        "version": 0,
        "policy": "consoleAdmin",
        "updatedAt": "2024-04-17T20:54:28.442998301Z"

assigned to the user ## Default policies are [readonly|readwrite|writeonly|consoleAdmin|diagnostics] ## Add new policies as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management.html#access-management ## NOTE: this will fail if LDAP is enabled in your MinIO deployment ## make sure to disable this if you are using LDAP. - accessKey: console secretKey: console123 policy: consoleAdmin # Or you can refer to specific secret #- accessKey: externalSecret # existingSecret:...