(konkong) fix ownership of rubinobs-butler-* buckets

jhoblitt · jhoblitt · commit 46661449cce6 · 2025-05-16T15:56:56.000-07:00
diff --git a/fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-extended-ceph-exporter.yaml b/fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreuser-extended-ceph-exporter.yaml
@@ -10,7 +10,7 @@ spec:
   displayName: extended-ceph-exporter
   capabilities:
     buckets: read
-    users: read
-    usage: read
     metadata: read
+    usage: read
+    users: read
     zone: read
diff --git a/fleet/lib/rook-ceph-conf/charts/konkong/templates/obc-rubinobs-butler-latiss.yaml b/fleet/lib/rook-ceph-conf/charts/konkong/templates/obc-rubinobs-butler-latiss.yaml
@@ -8,7 +8,7 @@ spec:
   bucketName: *name
   storageClassName: lfa
   additionalConfig:
-    bucketOwner: latiss
+    bucketOwner: butler
     bucketMaxSize: 1Ti
     bucketPolicy: |
       {
diff --git a/fleet/lib/rook-ceph-conf/charts/konkong/templates/obc-rubinobs-butler-lsstcam.yaml b/fleet/lib/rook-ceph-conf/charts/konkong/templates/obc-rubinobs-butler-lsstcam.yaml
@@ -8,7 +8,7 @@ spec:
   bucketName: *name
   storageClassName: lfa
   additionalConfig:
-    bucketOwner: lsstcam
+    bucketOwner: butler
     bucketMaxSize: 34Ti
     bucketPolicy: |
       {
diff --git a/fleet/lib/rook-ceph-conf/charts/konkong/templates/obc-rubinobs-calibrations.yaml b/fleet/lib/rook-ceph-conf/charts/konkong/templates/obc-rubinobs-calibrations.yaml
@@ -43,6 +43,21 @@ spec:
                       "arn:aws:s3:::rubinobs-calibrations",
                       "arn:aws:s3:::rubinobs-calibrations/*"
                   ]
+              },
+              {
+                  "Effect": "Allow",
+                  "Principal": {
+                      "AWS": "arn:aws:iam:::user/oods-lsstcam"
+                  },
+                  "Action": [
+                      "s3:GetObject",
+                      "s3:ListBucket",
+                      "s3:GetBucketLocation"
+                  ],
+                  "Resource": [
+                      "arn:aws:s3:::rubinobs-calibrations",
+                      "arn:aws:s3:::rubinobs-calibrations/*"
+                  ]
               }
           ]
       }
diff --git a/fleet/lib/rook-ceph-conf/charts/konkong/values.yaml b/fleet/lib/rook-ceph-conf/charts/konkong/values.yaml
@@ -8,6 +8,8 @@ users:
   - name: calib
     spec:
       store: lfa
+      quotas:
+        maxBuckets: 1
   - name: latiss
     spec:
       store: lfa
@@ -21,9 +23,13 @@ users:
   - name: oods-latiss
     spec:
       store: lfa
+      quotas:
+        maxBuckets: 0
   - name: oods-lsstcam
     spec:
       store: lfa
+      quotas:
+        maxBuckets: 0
   - name: rubintv
     spec:
       store: lfa
@@ -33,4 +39,4 @@ users:
     spec:
       store: lfa
       quotas:
-        maxBuckets: 2
+        maxBuckets: 1

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@ spec:`
`8`	`8`	`bucketName: *name`
`9`	`9`	`storageClassName: lfa`
`10`	`10`	`additionalConfig:`
`11`		`- bucketOwner: latiss`
	`11`	`+ bucketOwner: butler`
`12`	`12`	`bucketMaxSize: 1Ti`
`13`	`13`	`bucketPolicy: \|`
`14`	`14`	`{`
Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,21 @@ spec:`
`43`	`43`	`"arn:aws:s3:::rubinobs-calibrations",`
`44`	`44`	`"arn:aws:s3:::rubinobs-calibrations/*"`
`45`	`45`	`]`
	`46`	`+ },`
	`47`	`+ {`
	`48`	`+ "Effect": "Allow",`
	`49`	`+ "Principal": {`
	`50`	`+ "AWS": "arn:aws:iam:::user/oods-lsstcam"`
	`51`	`+ },`
	`52`	`+ "Action": [`
	`53`	`+ "s3:GetObject",`
	`54`	`+ "s3:ListBucket",`
	`55`	`+ "s3:GetBucketLocation"`
	`56`	`+ ],`
	`57`	`+ "Resource": [`
	`58`	`+ "arn:aws:s3:::rubinobs-calibrations",`
	`59`	`+ "arn:aws:s3:::rubinobs-calibrations/*"`
	`60`	`+ ]`
`46`	`61`	`}`
`47`	`62`	`]`
`48`	`63`	`}`