tooptoop4
commented
2 weeks ago would u like to raise PR @AndreasDisterhoeft ?
Open AndreasDisterhoeft opened 1 year ago
tooptoop4
commented
2 weeks ago would u like to raise PR @AndreasDisterhoeft ?
Summary
We need support for minio STS tokens to be used in the artifact repository defined in an argo workflow. Currently, it is not intended to pass session tokens to access the artifact repository in minio. See https://github.com/argoproj/pkg/blob/master/s3/s3.go#L122 where the passed session token is always an empty string.
Use Cases
We would love to use sts tokens to grant temporal access to the artifact repository as we are using a separate data access process before triggering the workflow. This process is part of our workflow trigger job which ensures certain requirements. It is intended that the access to the artifact repository is denied once the session token has expired and another token has to be issued to get access, and therefore the requirements must be checked again.
Our current work-around includes the creation of minio service accounts to grant temporal access to the repository. Eventually, this temporal service account is deleted by a separate tidy-up job.
Message from the maintainers:
Love this enhancement proposal? Give it a 👍. We prioritise the proposals with the most 👍.