Merge pull request #378 from mintel/INFRA-37496-S3-MRAP

  INFRA-37496:S3 MRAP - Secrets ARN: added outputscrets in helm charts

Author: bcbrockway

.github/workflows/pull-request.yml

@@ -10,12 +10,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
       - name: Set up Helm
-        uses: azure/setup-helm@v3
+        uses: Azure/setup-helm@v4.3.1
         with:
           version: v3.13.0
 
@@ -24,7 +24,7 @@ jobs:
           git config user.name "$GITHUB_ACTOR"
           git config user.email "$GITHUB_ACTION@users.noreploy.github.com"
 
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@v6
         with:
           python-version: 3.13
 
@@ -38,7 +38,7 @@ jobs:
           done
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.7.0
+        uses: helm/chart-testing-action@v2.8.0
 
       - name: List changed charts
         id: list-changed

.github/workflows/release.yml

@@ -10,12 +10,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
       - name: Set up Helm
-        uses: azure/setup-helm@v3
+        uses: Azure/setup-helm@v4.3.1
         with:
           version: v3.13.0
 
@@ -24,7 +24,7 @@ jobs:
           git config user.name "$GITHUB_ACTOR"
           git config user.email "$GITHUB_ACTION@users.noreploy.github.com"
 
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@v6
         with:
           python-version: 3.13
 
@@ -38,7 +38,7 @@ jobs:
           done
 
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.6.0
+        uses: helm/chart-releaser-action@v1.7.0
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         with:

charts/standard-application-stack/CHANGELOG.md

@@ -5,6 +5,9 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [v11.2.0] - 2026-02-05
+### Added
+- Added support for consuming S3 Multi-Region Access Point (MRAP) secrets.
 
 ## [v11.1.0] - 2026-01-26
 ### Changed

charts/standard-application-stack/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 11.1.0
+version: 11.2.0
 
 dependencies:
   - name: redis

charts/standard-application-stack/README.md

@@ -1,6 +1,6 @@
 # standard-application-stack
 
-![Version: 11.1.0](https://img.shields.io/badge/Version-11.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 11.2.0](https://img.shields.io/badge/Version-11.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 A generic chart to support most common application requirements
 
@@ -318,6 +318,8 @@ A generic chart to support most common application requirements
 | resources.requests | object | `{}` | The requested resources for the container |
 | s3.enabled | bool | `false` |  |
 | s3.outputSecret | bool | `true` | set outputSecret to true to allow TF Cloud chart create ExternalSecrets |
+| s3MultiRegionAccessPoint.enabled | bool | `false` |  |
+| s3MultiRegionAccessPoint.outputSecret | bool | `true` | set outputSecret to true to allow TF Cloud chart create ExternalSecrets |
 | securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"runAsNonRoot":true,"runAsUser":1000}` | Security context for the container ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ |
 | service | object | `{"annotations":{},"enabled":true,"labels":{},"type":"ClusterIP"}` | Kubernetes svc configutarion |
 | service.annotations | object | `{}` | Annotations to add to service |

charts/standard-application-stack/templates/_helpers.tpl

@@ -247,6 +247,14 @@ Create a default s3 external secret name.
 {{- end }}
 {{- end -}}
 
+{{/*
+Create a default S3 Multi Region Access Point external secret name.
+*/}}
+{{- define "mintel_common.defaultS3MultiRegionAccessPointSecretName" -}}
+{{- $fullname := include "mintel_common.fullname" . }}
+{{- printf "%s-s3-multi-region-access-point" $fullname }}
+{{- end -}}
+
 {{/*
 Return the proper Docker Image Registry Secret Names
 */}}

charts/standard-application-stack/templates/deployment.yaml

@@ -252,6 +252,10 @@ spec:
             - secretRef:
                 name: {{ .Values.s3.secretNameOverride | default (include "mintel_common.defaultS3SecretName" .) }}
               {{- end }}
+              {{- if (and .Values.s3MultiRegionAccessPoint .Values.s3MultiRegionAccessPoint.enabled) }}
+            - secretRef:
+                name: {{ .Values.s3MultiRegionAccessPoint.secretNameOverride | default (include "mintel_common.defaultS3MultiRegionAccessPointSecretName" .) }}
+              {{- end }}
               {{- if (and .Values.sqs .Values.sqs.enabled) }}
             - secretRef:
                 name: {{ .Values.sqs.secretNameOverride | default (include "mintel_common.defaultSqsSecretName" .) }}
@@ -443,7 +447,7 @@ spec:
           volumeMounts:
             - mountPath: {{ .Values.gitSyncSidecar.root }}
               name: {{ include "mintel_common.fullname" . }}-git-sync
-      {{- end }}
+        {{- end }}
       {{- if or (and .Values.filebeatSidecar .Values.filebeatSidecar.enabled) (and .Values.gitSyncSidecar .Values.gitSyncSidecar.enabled) (.Values.volumes) }}
       volumes:
         {{- if not .Values.statefulset }}