memory: 128Mi # Command to run after the main command on exit exitCommand: "" ## List of service accounts to be created after minio install ## # svcaccts: ## accessKey, secretKey and parent user to be assigned to the service accounts ## Add new service accounts as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management/minio-user-management.html#service-accounts # - accessKey: console-svcacct # secretKey: console123 # user: console ## Or you can refer to...

memory: 128Mi # Command to run after the main command on exit exitCommand: "" ## List of service accounts to be created after minio install ## svcaccts: [] ## accessKey, secretKey and parent user to be assigned to the service accounts ## Add new service accounts as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management/minio-user-management.html#service-accounts # - accessKey: console-svcacct # secretKey: console123 # user: console ## Or you can refer to...

memory: 128Mi # Command to run after the main command on exit exitCommand: "" ## List of service accounts to be created after minio install ## # svcaccts: ## accessKey, secretKey and parent user to be assigned to the service accounts ## Add new service accounts as explained here https://min.io/docs/minio/kubernetes/upstream/administration/identity-access-management/minio-user-management.html#service-accounts # - accessKey: console-svcacct # secretKey: console123 # user: console ## Or you can refer to...

- `svcaccts[].accessKey` - accessKey of service account
- `svcaccts[].secretKey` - secretKey of svcacctsecretRef
- `svcaccts[].existingSecret` - secret name that contains the secretKey of service account
- `svcaccts[].existingSecretKey` - data key in existingSecret secret containing the secretKey
- `svcaccts[].user` - name of the parent user to assign to service account

## Uninstalling the Chart

	}

	var users2 []User
	DB.Preload("Account", clause.Eq{Column: "number", Value: users[0].Account.Number}).Find(&users2, "id IN ?", userIDs)
	sort.Slice(users2, func(i, j int) bool {
		return users2[i].ID < users2[j].ID
	})

	for idx, user := range users2[1:2] {
		if user.Account.Number != "" {
			t.Errorf("No account should found for user %v but got %v", idx+2, user.Account.Number)
		}
	}

			if err != nil {
				return nil, err
			}

			// Set the parent of the temporary access key, this is useful
			// in obtaining service accounts by this cred.
			cred.ParentUser = lookupResult.NormDN

			// Set this value to LDAP groups, LDAP user can be part
			// of large number of groups
			cred.Groups = targetGroups

	ctx, cancel := context.WithTimeout(context.Background(), testDefaultTimeout)
	defer cancel()

	// we need to do this so that the user has a policy before authentication.
	// ldap user accounts without policies are denied access in sftp.
	policy := "mypolicy"
	policyBytes := []byte(`{
 "Version": "2012-10-17",
 "Statement": [
  {
   "Effect": "Allow",
   "Action": [
    "s3:PutObject",

     * been resolved and it is not a domain SID or builtin account,
     * the full DOMAIN\name form of the account will be
     * returned (e.g. MYDOM\alice or MYDOM\Domain Users).
     * If the SID has been resolved but it is is a domain SID,
     * only the domain name will be returned (e.g. MYDOM).
     * If the SID has been resolved but it is a builtin account,
     * only the name component will be returned (e.g. SYSTEM).

			if _, ok := claims[k]; !ok { // only add to claims not update it.
				claims[k] = v
			}
		}
	}
	return nil
}

// DiscoveryDoc - parses the output from openid-configuration
// for example https://accounts.google.com/.well-known/openid-configuration
type DiscoveryDoc struct {
	Issuer                           string   `json:"issuer,omitempty"`
	AuthEndpoint                     string   `json:"authorization_endpoint,omitempty"`

		AccessKey: DefaultAccessKey,
		SecretKey: DefaultSecretKey,
	}
)

// claim key found in credentials which are service accounts
const iamPolicyClaimNameSA = "sa-policy"

const (
	// AccountOn indicates that credentials are enabled
	AccountOn = "on"
	// AccountOff indicates that credentials are disabled
	AccountOff = "off"
)

// Credentials holds access and secret keys.