mathod/crossplane
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
crossplane/providers/provider-family-aws/resources/s3/compositions/composition.yaml
Mathod 86f733b118 + bucket
2025-11-30 03:37:07 +01:00

184 lines
6.6 KiB
YAML
Raw Permalink Blame History

apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
name: s3bucket.aws.mathod.io
labels:
provider: aws
type: s3
spec:
compositeTypeRef:
apiVersion: mathod.io/v1alpha1
kind: XObjectStorage
mode: Pipeline
pipeline:
- step: patch-and-transform
functionRef:
name: function-patch-and-transform
input:
apiVersion: pt.fn.crossplane.io/v1beta1
kind: Resources
resources:
# Bucket S3
- name: s3-bucket
base:
apiVersion: s3.aws.m.upbound.io/v1beta1
kind: Bucket
spec:
forProvider:
region: eu-west-1
providerConfigRef:
name: default
kind: ProviderConfig
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.bucketName
toFieldPath: metadata.name
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.region
toFieldPath: spec.forProvider.region
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.arn
toFieldPath: status.bucketArn
- type: ToCompositeFieldPath
fromFieldPath: status.atProvider.bucketDomainName
toFieldPath: status.bucketDomain
# Configuration du versioning
- name: bucket-versioning
base:
apiVersion: s3.aws.m.upbound.io/v1beta1
kind: BucketVersioning
spec:
forProvider:
region: eu-west-1
bucketRef:
name: ""
versioningConfiguration:
status: Disabled
providerConfigRef:
name: default
kind: ProviderConfig
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.region
toFieldPath: spec.forProvider.region
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.bucketName
toFieldPath: spec.forProvider.bucketRef.name
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.versioning
toFieldPath: spec.forProvider.versioningConfiguration.status
transforms:
- type: convert
convert:
toType: string
- type: map
map:
"true": Enabled
"false": Suspended
# Configuration du chiffrement
- name: bucket-encryption
base:
apiVersion: s3.aws.m.upbound.io/v1beta1
kind: BucketServerSideEncryptionConfiguration
spec:
forProvider:
region: eu-west-1
bucketRef:
name: ""
rule:
- applyServerSideEncryptionByDefault:
sseAlgorithm: AES256
providerConfigRef:
name: default
kind: ProviderConfig
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.region
toFieldPath: spec.forProvider.region
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.bucketName
toFieldPath: spec.forProvider.bucketRef.name
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.encryption
toFieldPath: spec.forProvider.rule[0].applyServerSideEncryptionByDefault.sseAlgorithm
transforms:
- type: convert
convert:
toType: string
- type: map
map:
"true": AES256
"false": ""
# Bloquer l'accès public
- name: bucket-public-access-block
base:
apiVersion: s3.aws.m.upbound.io/v1beta1
kind: BucketPublicAccessBlock
spec:
forProvider:
region: eu-west-1
bucketRef:
name: ""
blockPublicAcls: true
blockPublicPolicy: true
ignorePublicAcls: true
restrictPublicBuckets: true
providerConfigRef:
name: default
kind: ProviderConfig
patches:
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.region
toFieldPath: spec.forProvider.region
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.bucketName
toFieldPath: spec.forProvider.bucketRef.name
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.publicAccess
toFieldPath: spec.forProvider.blockPublicAcls
transforms:
- type: convert
convert:
toType: string
- type: map
map:
"true": false
"false": true
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.publicAccess
toFieldPath: spec.forProvider.blockPublicPolicy
transforms:
- type: convert
convert:
toType: string
- type: map
map:
"true": false
"false": true
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.publicAccess
toFieldPath: spec.forProvider.ignorePublicAcls
transforms:
- type: convert
convert:
toType: string
- type: map
map:
"true": false
"false": true
- type: FromCompositeFieldPath
fromFieldPath: spec.parameters.publicAccess
toFieldPath: spec.forProvider.restrictPublicBuckets
transforms:
- type: convert
convert:
toType: string
- type: map
map:
"true": false
"false": true
Reference in New Issue View Git Blame Copy Permalink