(elqui) add 2nd s3 creds to rgw lsstcam user

To start rotation of the s3 creds.

Author: jhoblitt

fleet/lib/rook-ceph-conf/charts/elqui/templates/cephobjectstoreusers-1pass-rotate-keys.yaml

@@ -0,0 +1,40 @@
+# yamllint disable-file
+{{- range .Values.users_rotate_keys }}
+---
+apiVersion: ceph.rook.io/v1
+kind: CephObjectStoreUser
+metadata:
+  name: {{ .name }}
+  namespace: rook-ceph
+spec:
+  clusterNamespace: rook-ceph
+  {{- toYaml .spec | nindent 2 }}
+  keys:
+    - accessKeyRef:
+        name: cephobjectstoreuser-{{ .name }}
+        key: AWS_ACCESS_KEY_ID
+      secretKeyRef:
+        name: cephobjectstoreuser-{{ .name }}
+        key: AWS_SECRET_ACCESS_KEY
+    - accessKeyRef:
+        name: cephobjectstoreuser-{{ .name }}
+        key: AWS_ACCESS_KEY_ID_2
+      secretKeyRef:
+        name: cephobjectstoreuser-{{ .name }}
+        key: AWS_SECRET_ACCESS_KEY_2
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: cephobjectstoreuser-{{ .name }}
+  namespace: rook-ceph
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-oods
+  dataFrom:
+    - find:
+        path: {{ .name }}
+        name:
+          regexp: "^AWS_.*"
+{{ end }}

fleet/lib/rook-ceph-conf/charts/elqui/values.yaml

@@ -20,11 +20,6 @@ users:
       store: lfa
       quotas:
         maxBuckets: 2
-  - name: lsstcam
-    spec:
-      store: lfa
-      quotas:
-        maxBuckets: 2
   - name: oods-comcam
     spec:
       store: lfa
@@ -59,3 +54,9 @@ users:
       store: lfa
       quotas:
         maxBuckets: 1
+users_rotate_keys:
+  - name: lsstcam
+    spec:
+      store: lfa
+      quotas:
+        maxBuckets: 2