From 9f04b70cd9789d096112006972e080784e6efd55 Mon Sep 17 00:00:00 2001 From: Mathod Date: Sun, 30 Nov 2025 01:50:18 +0100 Subject: [PATCH] + s3 composition --- .../s3/compositions/composition.yaml | 150 ++++++++++++++++++ .../resources/s3/compositions/definition.yaml | 4 +- .../s3/compositions/objectstorage.yaml | 15 ++ 3 files changed, 167 insertions(+), 2 deletions(-) diff --git a/providers/provider-family-aws/resources/s3/compositions/composition.yaml b/providers/provider-family-aws/resources/s3/compositions/composition.yaml index e69de29..0bf7b45 100644 --- a/providers/provider-family-aws/resources/s3/compositions/composition.yaml +++ b/providers/provider-family-aws/resources/s3/compositions/composition.yaml @@ -0,0 +1,150 @@ +apiVersion: apiextensions.crossplane.io/v1 +kind: Composition +metadata: + name: s3bucket.aws.mathod.io + labels: + provider: aws + type: s3 +spec: + compositeTypeRef: + apiVersion: mathod.io/v1alpha1 + kind: XObjectStorage + + mode: Pipeline + + pipeline: + - step: patch-and-transform + functionRef: + name: function-patch-and-transform + input: + apiVersion: pt.fn.crossplane.io/v1beta1 + kind: Resources + resources: + # Bucket S3 + - name: s3-bucket + base: + apiVersion: s3.aws.m.upbound.io/v1beta1 + kind: Bucket + spec: + forProvider: + region: eu-west-1 + providerConfigRef: + name: aws-provider + patches: + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.bucketName + toFieldPath: metadata.name + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.region + toFieldPath: spec.forProvider.region + - type: ToCompositeFieldPath + fromFieldPath: status.atProvider.arn + toFieldPath: status.bucketArn + - type: ToCompositeFieldPath + fromFieldPath: status.atProvider.bucketDomainName + toFieldPath: status.bucketDomain + + # Configuration du versioning + - name: bucket-versioning + base: + apiVersion: s3.aws.m.upbound.io/v1beta1 + kind: BucketVersioning + spec: + forProvider: + bucketRef: + name: "" + versioningConfiguration: + - status: Disabled + providerConfigRef: + name: aws-provider + patches: + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.bucketName + toFieldPath: spec.forProvider.bucketRef.name + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.versioning + toFieldPath: spec.forProvider.versioningConfiguration[0].status + transforms: + - type: map + map: + "true": Enabled + "false": Suspended + + # Configuration du chiffrement + - name: bucket-encryption + base: + apiVersion: s3.aws.m.upbound.io/v1beta1 + kind: BucketServerSideEncryptionConfiguration + spec: + forProvider: + bucketRef: + name: "" + rule: + - applyServerSideEncryptionByDefault: + - sseAlgorithm: AES256 + providerConfigRef: + name: aws-provider + patches: + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.bucketName + toFieldPath: spec.forProvider.bucketRef.name + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.encryption + toFieldPath: spec.forProvider.rule[0].applyServerSideEncryptionByDefault[0].sseAlgorithm + transforms: + - type: map + map: + "true": AES256 + "false": "" + + # Bloquer l'accès public + - name: bucket-public-access-block + base: + apiVersion: s3.aws.m.upbound.io/v1beta1 + kind: BucketPublicAccessBlock + spec: + forProvider: + bucketRef: + name: "" + blockPublicAcls: true + blockPublicPolicy: true + ignorePublicAcls: true + restrictPublicBuckets: true + providerConfigRef: + name: aws-provider + patches: + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.bucketName + toFieldPath: spec.forProvider.bucketRef.name + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.publicAccess + toFieldPath: spec.forProvider.blockPublicAcls + transforms: + - type: map + map: + "true": false + "false": true + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.publicAccess + toFieldPath: spec.forProvider.blockPublicPolicy + transforms: + - type: map + map: + "true": false + "false": true + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.publicAccess + toFieldPath: spec.forProvider.ignorePublicAcls + transforms: + - type: map + map: + "true": false + "false": true + - type: FromCompositeFieldPath + fromFieldPath: spec.parameters.publicAccess + toFieldPath: spec.forProvider.restrictPublicBuckets + transforms: + - type: map + map: + "true": false + "false": true \ No newline at end of file diff --git a/providers/provider-family-aws/resources/s3/compositions/definition.yaml b/providers/provider-family-aws/resources/s3/compositions/definition.yaml index efcaacb..58f939e 100644 --- a/providers/provider-family-aws/resources/s3/compositions/definition.yaml +++ b/providers/provider-family-aws/resources/s3/compositions/definition.yaml @@ -1,10 +1,10 @@ apiVersion: apiextensions.crossplane.io/v2 kind: CompositeResourceDefinition metadata: - name: xobjectstorages.mathod.io #(1)! + name: xobjectstorages.mathod.io spec: scope: Namespaced - group: mathod.io #(2)! + group: mathod.io names: kind: XObjectStorage plural: xobjectstorages diff --git a/providers/provider-family-aws/resources/s3/compositions/objectstorage.yaml b/providers/provider-family-aws/resources/s3/compositions/objectstorage.yaml index e69de29..be14fcf 100644 --- a/providers/provider-family-aws/resources/s3/compositions/objectstorage.yaml +++ b/providers/provider-family-aws/resources/s3/compositions/objectstorage.yaml @@ -0,0 +1,15 @@ +apiVersion: mathod.io/v1alpha1 +kind: XObjectStorage +metadata: + name: my-s3-bucket-example + namespace: default +spec: + parameters: + bucketName: mon-bucket-exemple-123 + region: eu-west-1 + versioning: true + encryption: true + publicAccess: false + crossplane: + compositionRef: + name: s3bucket.aws.mathod.io \ No newline at end of file