Add openID to the Etersoft Minio (#43)

Reviewed-on: https://git.badhouseplants.net/badhouseplants/k8s-cluster-config/pulls/43
2023-03-26 12:04:17 +00:00 · 2023-03-26 12:04:17 +00:00 · bef5ee4261
commit bef5ee4261
parent a2bd88b8b0
2 changed files with 44 additions and 12 deletions
--- a/etersoft/values/secrets.minio.yaml
+++ b/etersoft/values/secrets.minio.yaml
@ -6,6 +6,16 @@ users:
    - accessKey: ENC[AES256_GCM,data:mavKbC9T,iv:gfiilFHH9P3/UUTfjo/kl4r/tcMFN3/J1KyMF+3gY24=,tag:JEhrPdUjeBasQyrsduif9w==,type:str]
      secretKey: ENC[AES256_GCM,data:kUs0AzmT/DCLqQEuF9Y=,iv:HoilTHkjITFUREb74y4JAl4YDWHz64XxTvVvKCGE6AE=,tag:bzw9XRz6C4BgB/4mYAf5jg==,type:str]
      policy: ENC[AES256_GCM,data:DbIQFNub,iv:NB+PF0acEGFls9BNeQFm+00V1kX+5N7UGJFnhb8DUAU=,tag:tQSO5L0G5Vy51nVD/EKHmw==,type:str]
+oidc:
+    enabled: ENC[AES256_GCM,data:AJwlxQ==,iv:e8Y4xI9VW7R64o5y2TYrMRnL92+RCzFaoF9v4wHDTlc=,tag:T0iZj9cCBxaF444+xuvKuA==,type:bool]
+    configUrl: ENC[AES256_GCM,data:UHLEsZwSGwNEV9r6wpiw4lLsMOLxJ6QfHKrrP2oduJE+YG7hImEljrO+/kPSUOgWMGgtXIjT/VLYw7xhW+TL,iv:v6bXPeKMho108y+kErL71RvqlfL0YEUtAaexITN6arY=,tag:r/oglMJVU2J2s3mEgjP+dA==,type:str]
+    clientId: ENC[AES256_GCM,data:39mFCS47/yw1lGxvDs7nLkk941qPaHUMgGBgtcqmJukGMfJK,iv:rfE/1ukQAO8geJVIJQOQaXmn37DfhDMR/t7Ghwd093A=,tag:SDz4TVKiMY+bXAtfrm17/Q==,type:str]
+    clientSecret: ENC[AES256_GCM,data:KcamhnHBTErbSS6dR7W+suwV5q13yXqZAUBYhKJ5Kj3t14dp6VDHoYc1Dwyt+hebFz0BYYbRA9g=,iv:hOhGu/lRjsEsEz4f6Wnkds6HNq3DnvM+GsJOAz1fOds=,tag:aQ4+xPDgg/2op+NQl7jhSg==,type:str]
+    claimName: ENC[AES256_GCM,data:UUrHhIFP,iv:dKg4zBykxhEKeG40a1eSWRYTyzpb5kBmzhEaULFgSII=,tag:3vfbgsoKkNF2Tmwx3Wi56w==,type:str]
+    redirectUri: ENC[AES256_GCM,data:evZK5yq5syKOsTqeqICTWLTq96AXTKftwDdbPYP9Na67N7I12P+jK8k1zKswHQY=,iv:L5AmYGkO2lyU4ytjyMOmuWDg4GtbeoTzcEdZF7WP+es=,tag:BF8AZUJ39+xICfrdNsY9iQ==,type:str]
+    comment: ENC[AES256_GCM,data:4h455QlIXewffU2bSKihkg==,iv:p5WRTZfAUgqbF/XpIlaLuUIhQhMWxgs0MW6cqNOiOtg=,tag:yk6CHXx7E8XBY3dath9ezQ==,type:str]
+    claimPrefix: ""
+    scopes: ENC[AES256_GCM,data:6DDclrvw1aAnE7KqMYcevELx/VUrQxUq/+my,iv:BUT/J2uFueDxUCdlylJgJ6cBn52fVAV6r+dGYUg+gx8=,tag:sAXpt6zqNi4kwdfYm5J75A==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -21,8 +31,8 @@ sops:
            UmdLL0NqWVpuNXBYRENEeTltdFVLREUKrwPN2daokcqABFVXjYCbNyCA0zdMCYh6
            vzTTtNV718OAPQKgl3Ho2c5nhhQcWy5YlWPfGMUklZhocXsAvMXS/g==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-02-19T20:49:43Z"
-    mac: ENC[AES256_GCM,data:LKS2YTDM0VSJwHyItYQ3rdgZgwvJNoHgsQdolduzYZ1RA33RX2b1IvWSufhfTTwR9AWoAYQgjrutyNSjC9ND5hSvvlQ97wAGUwgj9jFseDy5kAFet5QfhQBtWy6ngE3SlzY/zuapHij2b+AbjcRRQ1/6kQ72ht3cM5G7QvBV1bM=,iv:yrl/diVMfiNpBftBvUMLsbN3Lv+tXxVF8dmYi6QW/iM=,tag:O9lIRXDJLnbEaOgc89UO0Q==,type:str]
+    lastmodified: "2023-03-26T11:56:18Z"
+    mac: ENC[AES256_GCM,data:oiaqwWDTTSvdGZxcLqAJrLkF+jNL2PfOOrTFtO2Arry1LehiGeXqNiqlHTd5IvnB/LrU9vGv5SjDrq+FRycfceai8O5hW8aGBXqCSZANIx7cpCJqtm1ErNAm8yw+K5rq/WeRKEySszNx7QtSZiM9ufo/GIAZMZgcd/bqFdm6oXE=,iv:s+uHg40NPT3kjwHnRIu3udkbm3gE36JMzPFhM6NdT/4=,tag:Q97lA8fRcPr5kGZEUbmhxQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3
--- a/etersoft/values/values.minio.yaml
+++ b/etersoft/values/values.minio.yaml
@ -25,6 +25,28 @@ resources:
  requests:
    memory: 0.7Gi
 policies:
+  - name: badhouseplants:owners
+    statements:
+      - resources:
+          - 'arn:aws:s3:::*'
+        actions:
+          - "s3:*"
+      - resources: []
+        actions:
+          - "admin:*"
+      - resources: []
+        actions:
+          - "kms:*"
+  - name: badhouseplants
+    statements:
+      - resources:
+          - 'arn:aws:s3:::badhouseplants-net'
+        actions:
+          - "s3:*"
+      - resources:
+          - 'arn:aws:s3:::badhouseplants-net/*'
+        actions:
+          - "s3:*"
  - name: backup
    statements:
    - resources: