apiVersion: apiextensions.crossplane.io/v1 kind: Composition metadata: name: s3bucket.aws.mathod.io labels: provider: aws type: s3 spec: compositeTypeRef: apiVersion: mathod.io/v1alpha1 kind: XObjectStorage mode: Pipeline pipeline: - step: patch-and-transform functionRef: name: function-patch-and-transform input: apiVersion: pt.fn.crossplane.io/v1beta1 kind: Resources resources: # Bucket S3 - name: s3-bucket base: apiVersion: s3.aws.m.upbound.io/v1beta1 kind: Bucket spec: forProvider: region: eu-west-1 providerConfigRef: name: aws-provider patches: - type: FromCompositeFieldPath fromFieldPath: spec.parameters.bucketName toFieldPath: metadata.name - type: FromCompositeFieldPath fromFieldPath: spec.parameters.region toFieldPath: spec.forProvider.region - type: ToCompositeFieldPath fromFieldPath: status.atProvider.arn toFieldPath: status.bucketArn - type: ToCompositeFieldPath fromFieldPath: status.atProvider.bucketDomainName toFieldPath: status.bucketDomain # Configuration du versioning - name: bucket-versioning base: apiVersion: s3.aws.m.upbound.io/v1beta1 kind: BucketVersioning spec: forProvider: bucketRef: name: "" versioningConfiguration: - status: Disabled providerConfigRef: name: aws-provider patches: - type: FromCompositeFieldPath fromFieldPath: spec.parameters.bucketName toFieldPath: spec.forProvider.bucketRef.name - type: FromCompositeFieldPath fromFieldPath: spec.parameters.versioning toFieldPath: spec.forProvider.versioningConfiguration[0].status transforms: - type: map map: "true": Enabled "false": Suspended # Configuration du chiffrement - name: bucket-encryption base: apiVersion: s3.aws.m.upbound.io/v1beta1 kind: BucketServerSideEncryptionConfiguration spec: forProvider: bucketRef: name: "" rule: - applyServerSideEncryptionByDefault: - sseAlgorithm: AES256 providerConfigRef: name: aws-provider patches: - type: FromCompositeFieldPath fromFieldPath: spec.parameters.bucketName toFieldPath: spec.forProvider.bucketRef.name - type: FromCompositeFieldPath fromFieldPath: spec.parameters.encryption toFieldPath: spec.forProvider.rule[0].applyServerSideEncryptionByDefault[0].sseAlgorithm transforms: - type: map map: "true": AES256 "false": "" # Bloquer l'accès public - name: bucket-public-access-block base: apiVersion: s3.aws.m.upbound.io/v1beta1 kind: BucketPublicAccessBlock spec: forProvider: bucketRef: name: "" blockPublicAcls: true blockPublicPolicy: true ignorePublicAcls: true restrictPublicBuckets: true providerConfigRef: name: aws-provider patches: - type: FromCompositeFieldPath fromFieldPath: spec.parameters.bucketName toFieldPath: spec.forProvider.bucketRef.name - type: FromCompositeFieldPath fromFieldPath: spec.parameters.publicAccess toFieldPath: spec.forProvider.blockPublicAcls transforms: - type: map map: "true": false "false": true - type: FromCompositeFieldPath fromFieldPath: spec.parameters.publicAccess toFieldPath: spec.forProvider.blockPublicPolicy transforms: - type: map map: "true": false "false": true - type: FromCompositeFieldPath fromFieldPath: spec.parameters.publicAccess toFieldPath: spec.forProvider.ignorePublicAcls transforms: - type: map map: "true": false "false": true - type: FromCompositeFieldPath fromFieldPath: spec.parameters.publicAccess toFieldPath: spec.forProvider.restrictPublicBuckets transforms: - type: map map: "true": false "false": true