From 2eff8777ee5f723568ec18f242958ff07eb205ba Mon Sep 17 00:00:00 2001 From: Starlight Romero <28881133+starlightromero@users.noreply.github.com> Date: Sun, 27 Apr 2025 09:21:45 -0700 Subject: [PATCH] feat(kmsMasterKeyRef): allow Bucket encryption with KMS key reference --- .../crd/bases/s3.services.k8s.aws_buckets.yaml | 15 +++++++++++++++ config/rbac/cluster-role-controller.yaml | 14 ++++++++++++++ helm/crds/s3.services.k8s.aws_buckets.yaml | 16 ++++++++++++++++ helm/templates/_helpers.tpl | 14 ++++++++++++++ 4 files changed, 59 insertions(+) diff --git a/config/crd/bases/s3.services.k8s.aws_buckets.yaml b/config/crd/bases/s3.services.k8s.aws_buckets.yaml index e5e4990..5668e4f 100644 --- a/config/crd/bases/s3.services.k8s.aws_buckets.yaml +++ b/config/crd/bases/s3.services.k8s.aws_buckets.yaml @@ -216,6 +216,21 @@ spec: properties: kmsMasterKeyID: type: string + kmsMasterKeyRef: + description: "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: string + namespace: string + type: object + type: object sseAlgorithm: type: string type: object diff --git a/config/rbac/cluster-role-controller.yaml b/config/rbac/cluster-role-controller.yaml index 2234ceb..8b64e8d 100644 --- a/config/rbac/cluster-role-controller.yaml +++ b/config/rbac/cluster-role-controller.yaml @@ -22,6 +22,20 @@ rules: - get - list - watch +- apiGroups: + - kms.services.k8s.aws + resources: + - keys + verbs: + - get + - list +- apiGroups: + - kms.services.k8s.aws + resources: + - keys/status + verbs: + - get + - list - apiGroups: - s3.services.k8s.aws resources: diff --git a/helm/crds/s3.services.k8s.aws_buckets.yaml b/helm/crds/s3.services.k8s.aws_buckets.yaml index 39edc94..a074760 100644 --- a/helm/crds/s3.services.k8s.aws_buckets.yaml +++ b/helm/crds/s3.services.k8s.aws_buckets.yaml @@ -216,6 +216,22 @@ spec: properties: kmsMasterKeyID: type: string + kmsMasterKeyRef: + description: |- + "AWSResourceReferenceWrapper provides a wrapper around + *AWSResourceReference\ntype to provide more user friendly syntax + for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t + \ name: my-api" + properties: + from: + description: |- + AWSResourceReference provides all the values necessary to reference another + k8s resource for finding the identifier(Id/ARN/Name) + properties: + name: string + namespace: string + type: object + type: object sseAlgorithm: type: string type: object diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index 16f0fe5..af5d1f0 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -69,6 +69,20 @@ rules: - get - list - watch +- apiGroups: + - kms.services.k8s.aws + resources: + - keys + verbs: + - get + - list +- apiGroups: + - kms.services.k8s.aws + resources: + - keys/status + verbs: + - get + - list - apiGroups: - s3.services.k8s.aws resources: