[FIX] 🐛 Fix bug when reconcile policy for user

Author: Eneman Donatien

internal/controller/policy/finalizer.go

@@ -17,11 +17,8 @@ limitations under the License.
 package policy_controller
 
 import (
-	"bytes"
 	"context"
-	"encoding/json"
 
-	"github.com/minio/madmin-go/v3"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 	"sigs.k8s.io/controller-runtime/pkg/log"
@@ -107,25 +104,3 @@ func (r *PolicyReconciler) handleDeletion(
 	}
 	return ctrl.Result{}, nil
 }
-
-func (r *PolicyReconciler) isPolicyMatchingWithCustomResource(
-	policyResource *s3v1alpha1.Policy,
-	effectivePolicy *madmin.PolicyInfo,
-) (bool, error) {
-	// The policy content visible in the custom resource usually contains indentations and newlines
-	// while the one we get from S3 is compacted. In order to compare them, we compact the former.
-	policyResourceAsByteSlice := []byte(policyResource.Spec.PolicyContent)
-	buffer := new(bytes.Buffer)
-	err := json.Compact(buffer, policyResourceAsByteSlice)
-	if err != nil {
-		return false, err
-	}
-
-	// Another gotcha is that the effective policy comes up as a json.RawContent,
-	// which needs marshalling in order to be properly compared to the []byte we get from the CR.
-	marshalled, err := json.Marshal(effectivePolicy.Policy)
-	if err != nil {
-		return false, err
-	}
-	return bytes.Equal(buffer.Bytes(), marshalled), nil
-}

internal/controller/policy/reconcile.go

@@ -17,7 +17,9 @@ limitations under the License.
 package policy_controller
 
 import (
+	"bytes"
 	"context"
+	"encoding/json"
 	"fmt"
 
 	k8sapierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -29,6 +31,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 
 	s3v1alpha1 "github.com/InseeFrLab/s3-operator/api/v1alpha1"
+	"github.com/minio/madmin-go/v3"
 )
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
@@ -387,3 +390,27 @@ func (r *PolicyReconciler) handleCreation(ctx context.Context, req reconcile.Req
 		err,
 	)
 }
+
+func (r *PolicyReconciler) isPolicyMatchingWithCustomResource(
+	policyResource *s3v1alpha1.Policy,
+	effectivePolicy *madmin.PolicyInfo,
+) (bool, error) {
+	// The policy content visible in the custom resource usually contains indentations and newlines
+	// while the one we get from S3 is compacted. In order to compare them, we compact the former.
+
+	policyResourceAsByteSlice := []byte(policyResource.Spec.PolicyContent)
+	buffer := new(bytes.Buffer)
+	err := json.Compact(buffer, policyResourceAsByteSlice)
+	if err != nil {
+		return false, err
+	}
+
+	// Another gotcha is that the effective policy comes up as a json.RawContent,
+	// which needs marshalling in order to be properly compared to the []byte we get from the CR.
+	marshalled, err := json.Marshal(effectivePolicy.Policy)
+	if err != nil {
+		return false, err
+	}
+
+	return bytes.Equal(buffer.Bytes(), marshalled), nil
+}

internal/s3/client/impl/minioS3Client.go

@@ -24,6 +24,7 @@ import (
 	"fmt"
 	"net/http"
 	neturl "net/url"
+	"slices"
 	"strings"
 
 	s3client "github.com/InseeFrLab/s3-operator/internal/s3/client"
@@ -468,6 +469,9 @@ func (minioS3Client *MinioS3Client) GetUserPolicies(accessKey string) ([]string,
 
 		return []string{}, err
 	}
+	if len(strings.Split(userInfo.PolicyName, ",")) == 1 && slices.Contains(strings.Split(userInfo.PolicyName, ","), "") {
+		return []string{}, nil
+	}
 	return strings.Split(userInfo.PolicyName, ","), nil
 }