From eef0a722cda085363a14fe140f95233916995833 Mon Sep 17 00:00:00 2001 From: Nikolai Rodionov Date: Mon, 14 Oct 2024 21:04:11 +0200 Subject: [PATCH] Add oauth to etersoft minio --- values/etersoft/secrets.minio.yaml | 44 +++++++++++++++--------------- values/etersoft/values.minio.yaml | 22 +++++++++++++++ 2 files changed, 44 insertions(+), 22 deletions(-) diff --git a/values/etersoft/secrets.minio.yaml b/values/etersoft/secrets.minio.yaml index aa6f894..f370273 100644 --- a/values/etersoft/secrets.minio.yaml +++ b/values/etersoft/secrets.minio.yaml @@ -1,21 +1,21 @@ -rootPassword: ENC[AES256_GCM,data:n1VUZzN+3cnuaJn+HXQbRysXo/JWlf1sGQ==,iv:qOobWa+IopOFLUV3Myw9+Dido7AVFozyAUJduc0jnwg=,tag:80nre795v5J+XRGUFEFG0g==,type:str] +rootPassword: ENC[AES256_GCM,data:bmSUj7jV22Nn3jPoigNcroQkG+gH70E8Tw==,iv:ZOECPnP16H1REbmSsel7upCSNMst65YDfmneYnqZ2Jw=,tag:0OgKemuzHle5BfZZYDer9Q==,type:str] users: - - accessKey: ENC[AES256_GCM,data:Q8k8fTbqFuQ=,iv:yWtVtnkJEm1qLC3TI0eEMrrqwb6oohva8Xe6GcS/zlg=,tag:Qcj1W3gXr6dg+rymUn+6PQ==,type:str] - secretKey: ENC[AES256_GCM,data:QzPpkdonyf2QkeX1tdI3MIkF6zoDiV1kFg==,iv:Ytqq1ecVUjuMaOhFZW/MK7I3qOXUWz9rxjlAfXfi6Vc=,tag:uOsU/0uPVGZAzgDhU+Xuig==,type:str] - policy: ENC[AES256_GCM,data:6z6jVUXAfB4=,iv:FmqtWwO71CR99Mg9uqV/wvjknq7UevIekTNZ7VLBmPw=,tag:p0hW8imTV2dzpk7WlHktsg==,type:str] - - accessKey: ENC[AES256_GCM,data:gMZgrnIe,iv:fd4SNg6Hua3dnFNkn145/oxo+V+23vQAxy4TEBrP0mU=,tag:J7VAfLl2PJcglrMZoMv5WQ==,type:str] - secretKey: ENC[AES256_GCM,data:4Cx5Q/HjJL3rWXzVzipmXLwTZET7Uw2tnA==,iv:7ljDmEJMwekXB4NyauUr7T1UWYkDPW381ly+9Um+q/c=,tag:7UzHPuGCu5SfkICK1fK4mQ==,type:str] - policy: ENC[AES256_GCM,data:hfd7EKCx,iv:i2vsrfY29fPp2fsHhV1dmbEBToyQSYwQlXWhydfyIpE=,tag:LK9XoWe5M3yoRScFZIgFiA==,type:str] + - accessKey: ENC[AES256_GCM,data:ov/mmIEluI8=,iv:0WD3tcZhjlD1lZpXA/tFpGrib1HZYqmwNlN47d6FEac=,tag:2uT68fxo1s/lEe1CNEPvfw==,type:str] + secretKey: ENC[AES256_GCM,data:uRqmakHfnFZEmJ3Ls7YKetmD5bG6yRz7tg==,iv:WxYlyTuCYbSTar00bcmB79qEvMauV8D7tLFROUSL6aM=,tag:hqR8y18y7SQJFVJrffuIAQ==,type:str] + policy: ENC[AES256_GCM,data:DOR6PWZqsvs=,iv:Rss6N7dQX38GoDn6qAK8SzxQqpUn7vQCpF9nvnaKRyE=,tag:mDG/ri8/MEpm+S1Wqq5yNg==,type:str] + - accessKey: ENC[AES256_GCM,data:I4uyv3sh,iv:UVKwb0AHyYDqNvO+8QJIcCklyboaMdmGyry9TvS0lDo=,tag:78sMpl3DvMbwTsyzGRC6Kw==,type:str] + secretKey: ENC[AES256_GCM,data:2DJBDOWojCJNPb4B1WenGtrwj+lopQvXlA==,iv:IgloeRaqdiUADVdqVBTmc1HtUV84px8TUv1T2TRG+WU=,tag:B6X1jm4NXdfunhMpR5TqhA==,type:str] + policy: ENC[AES256_GCM,data:avAtFZ2K,iv:1YvF9NPQSkx4ClwVDcY5SWizB+YimsHZ07CDuDc8Cz0=,tag:P7c3EX9gR/xedSwfggV/qw==,type:str] oidc: - enabled: ENC[AES256_GCM,data:XwTiITI=,iv:GzpkTeFGUOxdkJANyKyGi4Z5+CUGpMqJffL6JdlbTj4=,tag:IhbTeHvmsyytC485zwJEqg==,type:bool] - configUrl: ENC[AES256_GCM,data:vMHvNMuaEhb4QAMwk8OdzTZA7Xzy7V/p8piOCi4v8a7KhU1XB5mG1F+nNdEtGC0N9Bce5jhMawDgVmwSCkgIjhaPIBqBp32A6HUYtie4dwZcWHZpQg6ZB44=,iv:29waX4rE2Z5jdSscyOLR9BdIXPvwLhl5W23O6ccUK4k=,tag:dbOSrIu6gY6wNvLbbu+/jA==,type:str] - clientId: ENC[AES256_GCM,data:vrdpstg=,iv:NZNL8YzUcjnGnecy3r4sjE/IQGIbC7uH1VKo1oRdcAg=,tag:qI51CiLCZ5CZenm63YHnBw==,type:str] - clientSecret: ENC[AES256_GCM,data:eitJmKp6w68zDN23/UV+mWLs2QisgHPG2zRkcGWzxE/tc39+mEFzwnRkcqe1KVF6dkvR9SB7G84tH/zqVqz84lcrLjSzU0HpazcFWznzqndg5mxh5QHLAe3dE/f5OIogOnM8zynB8eVtjY9+mj6vtjfkJn/dvEi/PNWb/O4Bcao=,iv:f48b+ffuHoStR1/vwOcWzkDW/aOslB5auZWYdEIiLCA=,tag:mMZ7QXc03/GLPss/R2rmew==,type:str] - claimName: ENC[AES256_GCM,data:STT+KU3R,iv:oERkgzTsHBMTU/ThWoN4U6b1OiCuhR/2v4qMuf8s5gw=,tag:75sURwM2odoiFP1fywH2vA==,type:str] - redirectUri: ENC[AES256_GCM,data:fpw1TBdg6ssOOVYQbJMfV06Qa2iyXXk4dPC4yUPkHadwBPCmzsYI43cfEh2ycBs=,iv:P2igpU5mzBjMhAH2qQ+OHyFsXaL47TMbqCfC6pUD1kQ=,tag:VyjnZ1YefVTC2muFxi3FBQ==,type:str] - comment: ENC[AES256_GCM,data:5a1zKrPl1f4A1MzdmrSaClC86kQ=,iv:M0/gDLvrsQAodVaQZLWZ/23GoV8Im6yuHRrKcR9c+ZU=,tag:2YH8HADT8F95IwJuSlTwaQ==,type:str] + enabled: ENC[AES256_GCM,data:RPWHkA==,iv:npna2Zji3IL8EB2Qp+Cf1Oj/XDkUNc+j9iXLIcEo/rQ=,tag:mkhPo4y0lVe26de/mjE5gg==,type:bool] + configUrl: ENC[AES256_GCM,data:vBaNZoiktfVjwbQ+O42L0y4q20dMAbpqUKmVUrjoELHOu/PvRW/V5Ridf3xVRsRAgVQy1KhUUDPwt3np6E1Op1hXWSs4Mq7Dke8Srp42Q8zZGTRjtifrOtXnxzYJCl8eb6M=,iv:Jzjy8cyx2UEBmbUmqDPKNSU5++9JWofBJOuE4+SPcxY=,tag:qd9XcuEDrINuqCXQHzhCiw==,type:str] + clientId: ENC[AES256_GCM,data:3fnGcA26080XEwIxDL8=,iv:uSi5Y8GmJX1Z83xtZQzpTauHktccn0o6jeDjIT9bHdw=,tag:VqwlR9wwT4QNB9BEszODMg==,type:str] + clientSecret: ENC[AES256_GCM,data:aok+cDVGVqRh1+Xt43T7Vsrhhb8b4PEWIFwfnHTcwtF9Ykmdl7ZZh1/AZsI46nM+ENQqOcn0nY3YF701HYnNC6QokD9c6bw0xXqmX4UN7gbz5KK34J6laBrZkP3gqDSxt6yFr/Zv8AeZIH3Ox1y0t5x2LpWxpevbR2skk31O5W8=,iv:TIRPOkkDKlHgdoXy4zBHiTG7pPooenj3bXeBnFOLSc4=,tag:mesIn+nsYc8DPeHmYV60Vw==,type:str] + claimName: ENC[AES256_GCM,data:N84Gj+MR,iv:VVXWzxekoDcVweHgr3zOXuQY4LgUSa24mG+iZNwRJAs=,tag:yJCHIGnJMTK/5R/23lCR4w==,type:str] + redirectUri: ENC[AES256_GCM,data:mc7zoLhn1ubs6ed39t/xuxtlKhvDnK8mkG15w/9BcYCPAVgbSJapEPFOdZujWrk=,iv:K/Nu+uIl3MSYOiBTvpjoTQLZ2RIWBtXkwDZzOg8NUxY=,tag:MpO8KM9JbzTs2hGUnuYjRg==,type:str] + comment: ENC[AES256_GCM,data:7MH5YoAZ+hKOHvCrUQMuGWGEjs0=,iv:zYqySTHgPBmzpcrfg4PtyZptgEw4ugE3djbNK7zbuU0=,tag:GUOX/On0hfxmLIzJZ5qpmw==,type:str] claimPrefix: "" - scopes: ENC[AES256_GCM,data:H6YqnIkVCYYQb5y8SVUY/aOBR7XHfmleE0SF,iv:Fdgxb+4vp2R+JNMOMiM27WfFB+vZLqatHdgrPVvp4tE=,tag:yLT35ia5aG/SInst97azGg==,type:str] + scopes: ENC[AES256_GCM,data:5hkqyxmi4fz7igbsJcy0PlU3MXKf3DvodOd8,iv:p2AZLCFsiYh8bqPpEROOt95omNGbLn3ku1xWITGGF5A=,tag:fBimZOzCd1B36YWdgLvksg==,type:str] sops: kms: [] gcp_kms: [] @@ -25,14 +25,14 @@ sops: - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5YnFrbUJRQjBQQWFkSTdi - RE9aaE4yV3pRTWQxblJTaDRDYlVmSVFqalFnCkdJdDl3WGt5VjAvYmhnM21oZ2VD - K1dEb0doRVRVVG95bGhkN3JFZUdYOVkKLS0tIDE2SE5DSysyVitCT2VLckVWajBW - OVowQ1NCTkJvWjA4alk4RmVPM3BNY0EKye4sLiyYGnxNpRjjulI+4LXmYX+H/U3x - Tbd9xwkmx3KH+lbdgggg2avoIVWyj8dc4xCOazmPQulNaoOeS/hBxw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXeFdMc0Z0bXkxWG5nY0tm + WU1kZ01uZXozb2tNbm40a20wNUZKZTFlVmhzCmZpT1BaZ1RJaVpMVy9zdDYyWUd2 + T21JRkYwODMwdXJpeitURmRZcG5pREkKLS0tIDdtQkRFbFVGUEJNWHRYLzVNTEFL + eHVyaUVaWmFLU3IwbHhpKytRYTFlcUUK0OpKOjrTmaYWwVK/08jg7DYw9mpZavsl + iCBDuQ+Edjz5bJTPqY5RZTUwSaBpJ932QnW6Ox2gA6U2/TMzCYjSAQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-14T08:08:21Z" - mac: ENC[AES256_GCM,data:NgSOT5VBdxKGVUamQtAwmQblTZdJFmeNDZu6bq6hgAbc38QMCafJ9ZIQX4JhrIyAz8h0rGjOiS7QIBZsve2u4YkW2VJcrRqkvotqoy9lRQzUAwGCI3un4dVBvUkf3gmkLZFHpqsbXCL1rF5y4+nKiR+ybKWUSy6s8b+L4SKbnOQ=,iv:yS4MP4DSoOJU25u01JvCN1ZAXhvN9h5K6gim8Fovmjs=,tag:BvdGhe2gg9TgkEGtrsDhaw==,type:str] + lastmodified: "2024-10-14T18:57:27Z" + mac: ENC[AES256_GCM,data:Gyt5f4YJh7YwO4rcOyCwqMj2xE7sQnhJoPKJKJeNPr53S1b5F1tm6Bwc6wPOR1oOxcdRvbeoJ2Ua2oHSN89T4E5xfXbMhe9PgW1JgG0tR0vNkXToiMEFyPvrENWwRxTI9hgs79WPhvzdPVABbA3BOOC68vCPvhqWbScG0UcAhT0=,iv:5Fr5lqAlHim8fXId+kVCyokVu6rmQ4farwUSheNmDBs=,tag:DXwXVuYb4pFiSSTHu/GS7g==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/values/etersoft/values.minio.yaml b/values/etersoft/values.minio.yaml index 8b0f932..8fae75c 100644 --- a/values/etersoft/values.minio.yaml +++ b/values/etersoft/values.minio.yaml @@ -91,3 +91,25 @@ policies: - 'arn:aws:s3:::velero/*' actions: - "s3:*" + - name: Admins + statements: + - resources: + - 'arn:aws:s3:::*' + actions: + - "s3:*" + - resources: [] + actions: + - "admin:*" + - resources: [] + actions: + - "kms:*" + - name: DevOps + statements: + - resources: + - 'arn:aws:s3:::badhouseplants-net' + actions: + - "s3:*" + - resources: + - 'arn:aws:s3:::badhouseplants-net/*' + actions: + - "s3:*"