nold/hive-apps
1
0
Fork 0
mirror of https://github.com/nold360/hive-apps synced 2024-07-03 15:03:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
hive-apps/projects/crossplane/manifests/composition-bucket.yml
nold e92c9bed0e add: crossplane resources
2023-11-08 09:09:08 +01:00

139 lines
3.8 KiB
YAML
Raw Blame History

apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
annotations:
labels:
implementation: terraform
provider: minio
name: tf-bucket.gnu.one
spec:
compositeTypeRef:
apiVersion: s3.gnu.one/v1alpha1
kind: XBucket
mode: Resources
publishConnectionDetailsWithStoreConfigRef:
name: default
resources:
- base:
apiVersion: tf.upbound.io/v1beta1
kind: Workspace
spec:
forProvider:
module: |
terraform {
required_providers {
minio = {
source = "aminueza/minio"
version = "1.17.2"
}
}
}
variable "access_key" {
description = "S3 Access Key"
type = string
}
variable "secret_key" {
description = "S2 Secret Key"
type = string
sensitive = true
}
variable "name" {
description = "Name of Bucket & Service Account"
type = string
}
variable "endpoint" {
description = "Minio Endpoint"
type = string
default = "s3-minio.s3.svc.cluster.local:9000"
}
provider "minio" {
minio_server = var.endpoint
minio_user = var.access_key
minio_password = var.secret_key
}
resource "minio_s3_bucket" "bucket" {
bucket = var.name
acl = "private"
force_destroy = false
}
resource "minio_iam_policy" "policy" {
name = var.name
policy= <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::${var.name}/*",
"arn:aws:s3:::${var.name}"
]
}
]
}
EOF
}
resource "minio_iam_user" "user" {
name = var.name
force_destroy = true
}
resource "minio_iam_user_policy_attachment" "policy_to_user" {
user_name = minio_iam_user.user.id
policy_name = minio_iam_policy.policy.id
}
resource "minio_iam_service_account" "service_account" {
target_user = minio_iam_user.user.name
}
output "endpoint" {
value = var.endpoint
}
output "access_key" {
value = minio_iam_service_account.service_account.access_key
}
output "secret_key" {
value = minio_iam_service_account.service_account.secret_key
sensitive = true
}
source: Inline
varFiles:
- format: JSON
secretKeyRef:
key: secret.json
name: terraform
namespace: crossplane-system
source: SecretKey
vars:
- key: name
- key: endpoint
value: s3-minio.s3.svc.cluster.local:9000
writeConnectionSecretToRef:
name: s3-bucket
namespace: default
name: tf-bucket-and-user
patches:
- fromFieldPath: spec.name
toFieldPath: spec.forProvider.vars[0].value
type: FromCompositeFieldPath
- fromFieldPath: spec.claimRef.namespace
toFieldPath: spec.writeConnectionSecretToRef.namespace
type: FromCompositeFieldPath
- fromFieldPath: spec.secretName
toFieldPath: spec.writeConnectionSecretToRef.name
type: FromCompositeFieldPath
Reference in a new issue View git blame Copy permalink