update rbac and fix minio user not exist error

labring · Nov 30, 2023 · 1bf17ab · 1bf17ab
1 parent 67dd44e
commit 1bf17ab
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 3 deletions.
diff --git a/controllers/account/config/rbac/role.yaml b/controllers/account/config/rbac/role.yaml
@@ -37,6 +37,18 @@ rules:
   - configmaps/status
   verbs:
   - get
+- apiGroups:
+    - ""
+  resources:
+    - secrets
+  verbs:
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch
 - apiGroups:
   - account.sealos.io
   resources:

diff --git a/controllers/account/controllers/namespace_controller.go b/controllers/account/controllers/namespace_controller.go
@@ -325,9 +325,11 @@ func (r *NamespaceReconciler) suspendObjectStorage(ctx context.Context, namespac
 
 	err := r.setOSUserStatus(ctx, user, Disabled)
 	if err != nil {
-		r.Log.Error(err, "failed to suspend object storage")
+		r.Log.Error(err, "failed to suspend object storage", "user", user)
+		return err
 	}
 
+	r.Log.Info("suspend object storage", "user", user)
 	return nil
 }
 
@@ -337,9 +339,11 @@ func (r *NamespaceReconciler) resumeObjectStorage(ctx context.Context, namespace
 
 	err := r.setOSUserStatus(ctx, user, Enabled)
 	if err != nil {
-		r.Log.Error(err, "failed to resume object storage")
+		r.Log.Error(err, "failed to resume object storage", "user", user)
+		return err
 	}
 
+	r.Log.Info("resume object storage", "user", user)
 	return nil
 }
 
@@ -367,7 +371,17 @@ func (r *NamespaceReconciler) setOSUserStatus(ctx context.Context, user string,
 		r.OSAdminClient = oSAdminClient
 	}
 
-	err := r.OSAdminClient.SetUserStatus(ctx, user, madmin.AccountStatus(status))
+	users, err := r.OSAdminClient.ListUsers(ctx)
+	if err != nil {
+		r.Log.Error(err, "failed to list minio user", "user", user)
+		return err
+	}
+
+	if _, ok := users[user]; !ok {
+		return nil
+	}
+
+	err = r.OSAdminClient.SetUserStatus(ctx, user, madmin.AccountStatus(status))
 	if err != nil {
 		r.Log.Error(err, "failed to set user status", "user", user, "status", status)
 		return err

diff --git a/controllers/account/deploy/manifests/deploy.yaml.tmpl b/controllers/account/deploy/manifests/deploy.yaml.tmpl
@@ -734,6 +734,18 @@ rules:
   - configmaps/status
   verbs:
   - get
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - account.sealos.io
   resources:
@@ -1296,6 +1308,12 @@ spec:
           value: "604800"
         - name: DebtDetectionCycleSeconds
           value: "30"
+        - name: OSAdminSecret
+          value: '{{ .OSAdminSecret }}'
+        - name: OSInternalEndpoint
+          value: '{{ .OSInternalEndpoint }}'
+        - name: oSNamespace
+          value: '{{ .OSNamespace }}'
         envFrom:
         - secretRef:
             name: payment-secret