Skip to content

add tenant provisioning#131

Draft
GatewayJ wants to merge 2 commits into
rustfs:mainfrom
GatewayJ:codex/bucket-user-policy-provisioning
Draft

add tenant provisioning#131
GatewayJ wants to merge 2 commits into
rustfs:mainfrom
GatewayJ:codex/bucket-user-policy-provisioning

Conversation

@GatewayJ
Copy link
Copy Markdown
Member

@GatewayJ GatewayJ commented May 26, 2026

Type of Change

  • New Feature
  • Bug Fix
  • Documentation
  • Performance Improvement
  • Test/CI
  • Refactor
  • Other: N/A

Related Issues

N/A

Summary of Changes

Adds Tenant-driven bucket/user/policy provisioning for RustFS Operator.

This PR extends the Tenant CRD with spec.policies, spec.users, and spec.buckets, plus per-item status.provisioning and a ProvisioningReady condition. The controller reconciles policies, users, and buckets after workloads are ready, using MinIO-aligned bucket semantics while keeping RustFS-specific policy ownership and explicit user policy mapping rules.

Main changes:

  • Add provisioning spec/status types, CRD schema validation, and regenerated Tenant CRDs.
  • Add RustFS admin/S3 client helpers for canned policy listing/apply, user create/info, direct policy mapping, CreateBucket, and object lock verification.
  • Add provisioning reconcile flow with policy hash/conflict checks, MinIO-compatible user Secret key handling, authoritative user policy set, bucket objectLock conflict handling, and Retain status for removed spec items.
  • Watch referenced Secrets and ConfigMaps through rustfs.tenant label or Tenant ownerReference.
  • Expose provisioning fields through Console API/OpenAPI and show provisioning status in the Console tenant detail view.

Checklist

  • I have read and followed the CONTRIBUTING.md guidelines
  • Passed make pre-commit (fmt-check + clippy + test + console-lint + console-fmt-check)
  • Added/updated necessary tests
  • Documentation updated (if needed)
  • CHANGELOG.md updated under [Unreleased] (if user-visible change)
  • CI/CD passed (if applicable)

Impact

  • Breaking change (CRD/API compatibility)
  • Requires doc/config/deployment update
  • Other impact: Tenants that declare provisioning resources wait for ProvisioningReady=True before final Ready.

Verification

cargo fmt --all --check
cargo clippy --all-features -- -D warnings
cargo test --all
cd console-web && ./node_modules/.bin/eslint .
cd console-web && ./node_modules/.bin/prettier --check "app/**/*.{ts,tsx}" "lib/**/*.{ts,tsx}" "types/**/*.{ts,tsx}"
make pre-commit

Additional Notes

  • CHANGELOG update is N/A for this draft until maintainers decide the release-note wording.
  • CI/CD is pending on the draft PR.

@GatewayJ GatewayJ changed the title [codex] add tenant provisioning add tenant provisioning May 26, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@GatewayJ