Merge pull request #997 from lsst-it/IT-6361/bts-rotate-lsstcam-s3-creds

(konkong) add 2nd s3 creds to rgw lsstcam user

Author: jhoblitt

fleet/lib/rook-ceph-conf/charts/konkong/templates/cephobjectstoreusers-1pass-rotate-keys.yaml

@@ -0,0 +1,40 @@
+# yamllint disable-file
+{{- range .Values.users_rotate_keys }}
+---
+apiVersion: ceph.rook.io/v1
+kind: CephObjectStoreUser
+metadata:
+  name: {{ .name }}
+  namespace: rook-ceph
+spec:
+  clusterNamespace: rook-ceph
+  {{- toYaml .spec | nindent 2 }}
+  keys:
+    - accessKeyRef:
+        name: cephobjectstoreuser-{{ .name }}
+        key: AWS_ACCESS_KEY_ID
+      secretKeyRef:
+        name: cephobjectstoreuser-{{ .name }}
+        key: AWS_SECRET_ACCESS_KEY
+    - accessKeyRef:
+        name: cephobjectstoreuser-{{ .name }}
+        key: AWS_ACCESS_KEY_ID_2
+      secretKeyRef:
+        name: cephobjectstoreuser-{{ .name }}
+        key: AWS_SECRET_ACCESS_KEY_2
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: cephobjectstoreuser-{{ .name }}
+  namespace: rook-ceph
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: onepassword-oods
+  dataFrom:
+    - find:
+        path: {{ .name }}
+        name:
+          regexp: "^AWS_.*"
+{{ end }}

fleet/lib/rook-ceph-conf/charts/konkong/values.yaml

@@ -15,11 +15,6 @@ users:
       store: lfa
       quotas:
         maxBuckets: 2
-  - name: lsstcam
-    spec:
-      store: lfa
-      quotas:
-        maxBuckets: 2
   - name: oods-latiss
     spec:
       store: lfa
@@ -40,3 +35,9 @@ users:
       store: lfa
       quotas:
         maxBuckets: 1
+users_rotate_keys:
+  - name: lsstcam
+    spec:
+      store: lfa
+      quotas:
+        maxBuckets: 2