fcomte
commented
1 year ago I think this feature request can be link with the subject to start a service with a service account in stead of personnal creds.
Open alexisdondon opened 1 year ago
fcomte
commented
1 year ago I think this feature request can be link with the subject to start a service with a service account in stead of personnal creds.
Onyxia ui authenticate user based on oidc configuration. The oidc jwt let onyxia generate some temporary token on s3 if the s3 allow AssumeRoleWithWebIdentity operation.
This is not an operation that all s3 solution implement.
To let onyxia be opened to more customers and more s3 solutions, we could imagine a special configuration in the region where the administrator could specify sts or not sts enabled.
If sts enabled the flow is the one supported with AssumeRoleWithWebIdentity . if sts not enabled, the ui shoud let user specify his user s3 configuration accesskey/secretKey.
This issue could be discussed to make a first minimalist viable proposition as the subject could be complex. Especially thinking of this feature from a group perspective.