Nest auth related values

CRThaze · CRThaze · commit 6b3fc85fff3b · 2025-10-02T14:50:37.000+02:00
diff --git a/charts/s3proxy/Chart.yaml b/charts/s3proxy/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.3
+version: 0.0.4
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/charts/s3proxy/README.md.gotmpl b/charts/s3proxy/README.md.gotmpl
@@ -53,9 +53,10 @@ The following section lists the configurable parameters of the {{ template "char
 ```yaml
 # values-filesystem.yaml
 config:
-  authorization: "aws-v4"
-  identity: "myaccesskey"
-  credential: "mysecretkey"
+  auth:
+    type: "aws-v4"
+    identity: "myaccesskey"
+    secret: "mysecretkey"
   backend:
     provider: "filesystem-nio2"
     filesystem:
@@ -76,9 +77,10 @@ helm install s3proxy-fs ./{{ template "chart.name" . }} -f values-filesystem.yam
 ```yaml
 # values-aws-s3.yaml
 config:
-  authorization: "aws-v4"
-  identity: "proxy-access-key"  # For clients connecting to s3proxy
-  credential: "proxy-secret-key"
+  auth:
+    type: "aws-v4"
+    identity: "proxy-access-key"  # For clients connecting to s3proxy
+    secret: "proxy-secret-key"
   backend:
     provider: "aws-s3"
     awsS3:
@@ -100,9 +102,10 @@ helm install s3proxy-s3 ./{{ template "chart.name" . }} -f values-aws-s3.yaml
 ```yaml
 # values-azure.yaml
 config:
-  authorization: "aws-v4"
-  identity: "myaccesskey"
-  credential: "mysecretkey"
+  auth:
+    type: "aws-v4"
+    identity: "myaccesskey"
+    secret: "mysecretkey"
   backend:
     provider: "azureblob"
     azureblob:
@@ -123,9 +126,10 @@ helm install s3proxy-azure ./{{ template "chart.name" . }} -f values-azure.yaml
 ```yaml
 # values-gcs.yaml
 config:
-  authorization: "aws-v4"
-  identity: "myaccesskey"
-  credential: "mysecretkey"
+  auth:
+    type: "aws-v4"
+    identity: "myaccesskey"
+    secret: "mysecretkey"
   backend:
     provider: "google-cloud-storage"
     googleCloudStorage:
@@ -145,7 +149,8 @@ persistence:
 ```yaml
 # values-anonymous.yaml
 config:
-  authorization: "none"
+  auth:
+    type: "none"
   backend:
     provider: "transient-nio2"  # In-memory storage
 
@@ -263,7 +268,7 @@ This will remove all resources created by the chart. If using persistence, the P
 
 ### Common Issues
 
-1. **Authentication failures**: Ensure `config.identity` and `config.credential` are set correctly for client authentication.
+1. **Authentication failures**: Ensure `config.auth.identity` and `config.auth.secret` are set correctly for client authentication.
 
 2. **Backend connection issues**: Verify backend credentials are correctly configured in the appropriate section (e.g., `config.backend.awsS3.*`).
 
diff --git a/charts/s3proxy/override-values.example.yaml b/charts/s3proxy/override-values.example.yaml
@@ -3,14 +3,14 @@
 
 # S3Proxy configuration
 config:
-  # Authentication type for clients connecting to S3Proxy
-  # Options: none, aws-v2, aws-v4, aws-v2-or-v4
-  authorization: "aws-v4"
-
-  # Credentials for clients to authenticate to S3Proxy
-  # These should be changed to secure values
-  identity: "admin"
-  credential: "changeme123"
+  auth:
+    # Authentication type for clients connecting to S3Proxy
+    # Options: none, aws-v2, aws-v4, aws-v2-or-v4
+    type: "aws-v4"
+    # Credentials for clients to authenticate to S3Proxy
+    # These should be changed to secure values
+    identity: "admin"
+    secret: "changeme123"
 
   # Enable CORS for web applications
   cors:
diff --git a/charts/s3proxy/templates/NOTES.txt b/charts/s3proxy/templates/NOTES.txt
@@ -23,7 +23,7 @@
 
 2. S3Proxy Configuration:
    - Backend Provider: {{ .Values.config.backend.provider }}
-   - Authorization: {{ .Values.config.authorization }}
+   - Authorization: {{ .Values.config.auth.type }}
 {{- if .Values.config.cors.enabled }}
    - CORS: Enabled
 {{- end }}
@@ -34,13 +34,13 @@
 3. Testing S3Proxy:
    Once the service is available, you can test it using AWS CLI or curl:
 
-{{- if eq .Values.config.authorization "none" }}
+{{- if eq .Values.config.auth.type "none" }}
    # Anonymous access (no authentication required)
    curl -X GET http://<SERVICE_URL>/
 {{- else }}
    # Set up AWS CLI credentials (if authentication is enabled)
    export AWS_ACCESS_KEY_ID=<your-s3proxy-identity>
-   export AWS_SECRET_ACCESS_KEY=<your-s3proxy-credential>
+   export AWS_SECRET_ACCESS_KEY=<your-s3proxy-secret>
 
    # List buckets
    aws --endpoint-url http://<SERVICE_URL> s3 ls
@@ -53,7 +53,7 @@
 
 
    # You can also use other AWS S3 API compatible clients like MinIO's mc.
-   mc alias set s3proxy http://<SERVICE_URL> <your-s3proxy-identity> <your-s3proxy-credential>
+   mc alias set s3proxy http://<SERVICE_URL> <your-s3proxy-identity> <your-s3proxy-secret>
 
    # List buckets
    mc ls s3proxy
@@ -73,8 +73,8 @@
 {{- if or (eq .Values.config.backend.provider "filesystem") (eq .Values.config.backend.provider "filesystem-nio2") }}
    - Using filesystem backend at: {{ .Values.config.backend.filesystem.basedir }}
 {{- end }}
-{{- if not .Values.config.identity }}
-   - WARNING: S3Proxy identity not configured. Remember to set s3proxy.identity and s3proxy.credential for authentication.
+{{- if not .Values.config.auth.identity }}
+   - WARNING: S3Proxy identity not configured. Remember to set config.auth.identity and config.auth.secret for authentication.
 {{- end }}
 {{- if and (ne .Values.config.backend.provider "filesystem") (ne .Values.config.backend.provider "filesystem-nio2") (ne .Values.config.backend.provider "transient") (ne .Values.config.backend.provider "transient-nio2") }}
    - Make sure to configure backend credentials for {{ .Values.config.backend.provider }}
diff --git a/charts/s3proxy/templates/configmap.yaml b/charts/s3proxy/templates/configmap.yaml
@@ -8,12 +8,12 @@ data:
   s3proxy.properties: |
     # S3Proxy configuration
     s3proxy.endpoint=http://0.0.0.0:{{ .Values.service.targetPort }}
-    s3proxy.authorization={{ .Values.config.authorization }}
+    s3proxy.authorization={{ .Values.config.auth.type }}
 {{- if .Values.config.virtualHost }}
     s3proxy.virtual-host={{ .Values.config.virtualHost }}
 {{- end }}
 
-{{- if ne .Values.config.authorization "none" }}
+{{- if ne .Values.config.auth.type "none" }}
     # These will be overridden by environment variables from the secret
     s3proxy.identity=${S3PROXY_IDENTITY}
     s3proxy.credential=${S3PROXY_CREDENTIAL}
diff --git a/charts/s3proxy/templates/secret.yaml b/charts/s3proxy/templates/secret.yaml
@@ -6,11 +6,11 @@ metadata:
     {{- include "s3proxy.labels" . | nindent 4 }}
 type: Opaque
 data:
-{{- if and .Values.config.identity .Values.config.credential }}
+{{- if and .Values.config.auth.identity .Values.config.auth.secret }}
   # S3Proxy authentication credentials (for clients connecting to s3proxy)
   # Using uppercase names to match environment variable conventions
-  S3PROXY_IDENTITY: {{ .Values.config.identity | b64enc | quote }}
-  S3PROXY_CREDENTIAL: {{ .Values.config.credential | b64enc | quote }}
+  S3PROXY_IDENTITY: {{ .Values.config.auth.identity | b64enc | quote }}
+  S3PROXY_CREDENTIAL: {{ .Values.config.auth.secret | b64enc | quote }}
 {{- end }}
   
 {{- if or (eq .Values.config.backend.provider "aws-s3") (eq .Values.config.backend.provider "s3") }}
diff --git a/charts/s3proxy/values.yaml b/charts/s3proxy/values.yaml
@@ -41,9 +41,9 @@ service:
   # -- Kubernetes service type
   type: ClusterIP
   # -- Service port
-  port: 8080
+  port: 9000
   # -- Target port (controls both the container port and S3Proxy bind port)
-  targetPort: 8080
+  targetPort: 9000
   # -- Service annotations
   annotations: {}
 
@@ -102,13 +102,13 @@ tolerations: []
 affinity: {}
 
 config:
-  # -- Authorization type (none, aws-v2, aws-v4, aws-v2-or-v4)
-  authorization: "aws-v4"
-
-  # -- S3 Access Key ID for client authentication
-  identity: ""
-  # -- S3 Secret Access Key for client authentication
-  credential: ""
+  auth:
+    # -- Authorization type (none, aws-v2, aws-v4, aws-v2-or-v4)
+    type: "aws-v4"
+    # -- S3 Access Key ID for client authentication
+    identity: ""
+    # -- S3 Secret Access Key for client authentication
+    secret: ""
 
   # -- Virtual Host configuration
   virtualHost: ""
