mirror of
https://github.com/nold360/hive-apps
synced 2025-01-06 22:07:58 +00:00
139 lines
3.8 KiB
YAML
139 lines
3.8 KiB
YAML
|
apiVersion: apiextensions.crossplane.io/v1
|
||
|
kind: Composition
|
||
|
metadata:
|
||
|
annotations:
|
||
|
labels:
|
||
|
implementation: terraform
|
||
|
provider: minio
|
||
|
name: tf-bucket.gnu.one
|
||
|
spec:
|
||
|
compositeTypeRef:
|
||
|
apiVersion: s3.gnu.one/v1alpha1
|
||
|
kind: XBucket
|
||
|
mode: Resources
|
||
|
publishConnectionDetailsWithStoreConfigRef:
|
||
|
name: default
|
||
|
resources:
|
||
|
- base:
|
||
|
apiVersion: tf.upbound.io/v1beta1
|
||
|
kind: Workspace
|
||
|
spec:
|
||
|
forProvider:
|
||
|
module: |
|
||
|
terraform {
|
||
|
required_providers {
|
||
|
minio = {
|
||
|
source = "aminueza/minio"
|
||
|
version = "1.17.2"
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
variable "access_key" {
|
||
|
description = "S3 Access Key"
|
||
|
type = string
|
||
|
}
|
||
|
|
||
|
variable "secret_key" {
|
||
|
description = "S2 Secret Key"
|
||
|
type = string
|
||
|
sensitive = true
|
||
|
}
|
||
|
|
||
|
variable "name" {
|
||
|
description = "Name of Bucket & Service Account"
|
||
|
type = string
|
||
|
}
|
||
|
|
||
|
variable "endpoint" {
|
||
|
description = "Minio Endpoint"
|
||
|
type = string
|
||
|
default = "s3-minio.s3.svc.cluster.local:9000"
|
||
|
}
|
||
|
|
||
|
provider "minio" {
|
||
|
minio_server = var.endpoint
|
||
|
minio_user = var.access_key
|
||
|
minio_password = var.secret_key
|
||
|
}
|
||
|
|
||
|
resource "minio_s3_bucket" "bucket" {
|
||
|
bucket = var.name
|
||
|
acl = "private"
|
||
|
force_destroy = false
|
||
|
}
|
||
|
|
||
|
resource "minio_iam_policy" "policy" {
|
||
|
name = var.name
|
||
|
policy= <<EOF
|
||
|
{
|
||
|
"Version": "2012-10-17",
|
||
|
"Statement": [
|
||
|
{
|
||
|
"Effect": "Allow",
|
||
|
"Action": [
|
||
|
"s3:*"
|
||
|
],
|
||
|
"Resource": [
|
||
|
"arn:aws:s3:::${var.name}/*",
|
||
|
"arn:aws:s3:::${var.name}"
|
||
|
]
|
||
|
}
|
||
|
]
|
||
|
}
|
||
|
EOF
|
||
|
}
|
||
|
|
||
|
resource "minio_iam_user" "user" {
|
||
|
name = var.name
|
||
|
force_destroy = true
|
||
|
}
|
||
|
|
||
|
resource "minio_iam_user_policy_attachment" "policy_to_user" {
|
||
|
user_name = minio_iam_user.user.id
|
||
|
policy_name = minio_iam_policy.policy.id
|
||
|
}
|
||
|
|
||
|
resource "minio_iam_service_account" "service_account" {
|
||
|
target_user = minio_iam_user.user.name
|
||
|
}
|
||
|
|
||
|
output "endpoint" {
|
||
|
value = var.endpoint
|
||
|
}
|
||
|
|
||
|
output "access_key" {
|
||
|
value = minio_iam_service_account.service_account.access_key
|
||
|
}
|
||
|
|
||
|
output "secret_key" {
|
||
|
value = minio_iam_service_account.service_account.secret_key
|
||
|
sensitive = true
|
||
|
}
|
||
|
source: Inline
|
||
|
varFiles:
|
||
|
- format: JSON
|
||
|
secretKeyRef:
|
||
|
key: secret.json
|
||
|
name: terraform
|
||
|
namespace: crossplane-system
|
||
|
source: SecretKey
|
||
|
vars:
|
||
|
- key: name
|
||
|
- key: endpoint
|
||
|
value: s3-minio.s3.svc.cluster.local:9000
|
||
|
writeConnectionSecretToRef:
|
||
|
name: s3-bucket
|
||
|
namespace: default
|
||
|
name: tf-bucket-and-user
|
||
|
patches:
|
||
|
- fromFieldPath: spec.name
|
||
|
toFieldPath: spec.forProvider.vars[0].value
|
||
|
type: FromCompositeFieldPath
|
||
|
- fromFieldPath: spec.claimRef.namespace
|
||
|
toFieldPath: spec.writeConnectionSecretToRef.namespace
|
||
|
type: FromCompositeFieldPath
|
||
|
- fromFieldPath: spec.secretName
|
||
|
toFieldPath: spec.writeConnectionSecretToRef.name
|
||
|
type: FromCompositeFieldPath
|