Skip to content

feat(provisioning): support custom user credential Secret references#187

Merged
GatewayJ merged 4 commits into
rustfs:mainfrom
GatewayJ:feat/user-credentials-secret-ref
Jul 18, 2026
Merged

feat(provisioning): support custom user credential Secret references#187
GatewayJ merged 4 commits into
rustfs:mainfrom
GatewayJ:feat/user-credentials-secret-ref

Conversation

@GatewayJ

@GatewayJ GatewayJ commented Jul 18, 2026

Copy link
Copy Markdown
Member

Type of Change

  • New Feature
  • Bug Fix
  • Documentation
  • Performance Improvement
  • Test/CI
  • Refactor
  • Other:

Related Issues

Closes #174

Summary of Changes

  • Add optional spec.users[].credsSecret.name references for provisioning user credentials.
  • Preserve the legacy same-name Secret lookup when credsSecret is omitted.
  • Track the observed Secret identity so reference changes safely reapply credentials.
  • Preflight all user credential Secrets and reject every entry whose resolved accesskey collides before any RustFS user mutation.
  • Move provisioning reference-label convergence from Console request handlers into the operator reconcile boundary.
  • Maintain watch labels idempotently, retry missing references, and remove stale external Secret labels only when no current Tenant field references them.
  • Update Console YAML handling, OpenAPI, generated CRDs, examples, user documentation, and regression tests.

Checklist

  • I have read and followed the CONTRIBUTING.md guidelines
  • Passed make pre-commit (fmt-check + clippy + test + console-lint + console-fmt-check)
  • Added/updated necessary tests
  • Documentation updated (if needed)
  • CHANGELOG.md updated under [Unreleased] (N/A: this repository currently has no CHANGELOG.md)
  • CI/CD passed

Impact

  • Breaking change (CRD/API compatibility)
  • Requires doc/config/deployment update
  • Other impact: existing Tenant manifests remain compatible; installations must apply the updated Tenant CRD before using the new field.

Verification

make pre-commit

Additional Notes

Helm does not upgrade CRDs from the chart crds/ directory. Apply the updated Tenant CRD and wait for the new operator rollout before using users[].credsSecret.


Thank you for your contribution! Please ensure your PR follows the community standards (CODE_OF_CONDUCT.md) and sign the CLA if this is your first contribution.

@GatewayJ

Copy link
Copy Markdown
Member Author

@codex

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2622b1d00f

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".


/// Optional credentials Secret reference. Defaults to a Secret named after the user.
#[serde(default, skip_serializing_if = "Option::is_none")]
pub creds_secret: Option<UserCredentialsSecretRef>,

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Reject duplicate credential Secret references

When two spec.users entries set the same credsSecret.name, the CRD still only enforces uniqueness on the logical user.name, but reconciliation loads the same Secret for both entries and calls set_user_policy(&credentials.access_key, ...). That means both entries operate on the same RustFS account and the later entry can replace the policy mapping while both logical users report Ready; please validate that resolved credential Secret names (or loaded access keys) are unique per Tenant before accepting/applying them.

Useful? React with 👍 / 👎.

Comment thread src/console/handlers/tenants.rs Outdated
Comment on lines +795 to +797
"labels": {
"rustfs.tenant": null,
},

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Preserve labels for Secrets still referenced by Tenant

If a Secret was previously used as a provisioning user Secret but remains referenced elsewhere by the same Tenant, such as spec.rpcSecret.name or spec.credsSecret.name, this cleanup removes the shared rustfs.tenant label only because it is absent from the current user Secret set. The controller's Secret mapper uses that label to enqueue Tenants on external Secret changes, so future rotations of the still-referenced Secret can stop reconciling this Tenant until another event occurs; include all current Tenant Secret refs before treating this label as stale, or avoid removing labels that are not tracked as user-only.

Useful? React with 👍 / 👎.

@GatewayJ
GatewayJ marked this pull request as ready for review July 18, 2026 11:57
@GatewayJ
GatewayJ added this pull request to the merge queue Jul 18, 2026
Merged via the queue into rustfs:main with commit 49f8560 Jul 18, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[feature request] tenant user property to override secret name

1 participant