From d4442261aa141e21222dc13407023b96570d055f Mon Sep 17 00:00:00 2001
From: Dominik Kaminski <kaminski@univention.de>
Date: Thu, 22 Feb 2024 19:36:16 +0100
Subject: [PATCH] fix(helmfile): Enhance objectore environment variables to
 allow external Object Store

---
 .../values-nextcloud-mgmt.yaml.gotmpl         | 11 +++++--
 helmfile/apps/openproject/values.yaml.gotmpl  |  4 +--
 .../apps/services/values-minio.yaml.gotmpl    | 29 +++----------------
 .../values-portal-listener.yaml.gotmpl        |  8 ++---
 .../values-portal-server.yaml.gotmpl          |  8 ++---
 .../environments/default/objectstore.gotmpl   | 22 +++++++++-----
 6 files changed, 38 insertions(+), 44 deletions(-)

diff --git a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl
index e4b7c1ae..10381d48 100644
--- a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl
@@ -51,9 +51,16 @@ configuration:
   objectstore:
     auth:
       accessKey:
-        value: "nextcloud_user"
+        value: {{ .Values.objectstores.nextcloud.username | quote }}
       secretKey:
-        value: {{ .Values.secrets.minio.nextcloudUser | quote }}
+        value: {{ .Values.objectstores.nextcloud.secretKey | default .Values.secrets.minio.nextcloudUser | quote }}
+    bucket: {{ .Values.objectstores.nextcloud.bucket | quote }}
+    host: {{ .Values.objectstores.nextcloud.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
+    region: {{ .Values.objectstores.nextcloud.region | quote }}
+    storageClass: {{ .Values.objectstores.nextcloud.storageClass | quote }}
+    port: {{ .Values.objectstores.nextcloud.port | quote }}
+    pathStyle: {{ .Values.objectstores.nextcloud.pathStyle | quote }}
+    useSSL: {{ .Values.objectstores.nextcloud.useSSL | quote }}
   oidc:
     username:
       value: "opendesk-nextcloud"
diff --git a/helmfile/apps/openproject/values.yaml.gotmpl b/helmfile/apps/openproject/values.yaml.gotmpl
index eb59d15b..698e22d0 100644
--- a/helmfile/apps/openproject/values.yaml.gotmpl
+++ b/helmfile/apps/openproject/values.yaml.gotmpl
@@ -155,13 +155,13 @@ s3:
   enabled: true
   endpoint: {{ .Values.objectstores.openproject.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
   host: {{ (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
-  pathStyle: "true"
+  pathStyle: {{ .Values.objectstores.openproject.pathStyle | quote }}
   region: {{ .Values.objectstores.openproject.region | quote }}
   bucketName: {{ .Values.objectstores.openproject.bucket | quote }}
   use_iam_profile: {{ .Values.objectstores.openproject.useIAMProfile | default "false" | quote }}
   auth:
     accessKeyId: {{ .Values.objectstores.openproject.username | quote }}
-    secretAccessKey: {{ .Values.objectstores.openproject.secret | default .Values.secrets.minio.openprojectUser | quote }}
+    secretAccessKey: {{ .Values.objectstores.openproject.secretKey | default .Values.secrets.minio.openprojectUser | quote }}
 
 seederJob:
   annotations:
diff --git a/helmfile/apps/services/values-minio.yaml.gotmpl b/helmfile/apps/services/values-minio.yaml.gotmpl
index 934f0f0b..c73d57bf 100644
--- a/helmfile/apps/services/values-minio.yaml.gotmpl
+++ b/helmfile/apps/services/values-minio.yaml.gotmpl
@@ -88,16 +88,13 @@ provisioning:
   extraCommands:
     - "mc anonymous set download provisioning/ums/portal-assets"
   buckets:
-    - name: "openproject"
-      versioning: true
-      withLock: false
-    - name: "openxchange"
+    - name: {{ .Values.objectstores.openproject.bucket | quote }}
       versioning: true
       withLock: false
     - name: {{ .Values.objectstores.univentionManagementStack.bucket | quote }}
       versioning: false
       withLock: false
-    - name: "nextcloud"
+    - name: {{ .Values.objectstores.nextcloud.bucket | quote }}
       versioning: true
       withLock: false
   policies:
@@ -113,18 +110,6 @@ provisioning:
           effect: "Allow"
           actions:
             - "s3:*"
-    - name: "openxchange-bucket-policy"
-      statements:
-        - resources:
-            - "arn:aws:s3:::openxchange"
-          effect: "Allow"
-          actions:
-            - "s3:*"
-        - resources:
-            - "arn:aws:s3:::openxchange/*"
-          effect: "Allow"
-          actions:
-            - "s3:*"
     - name: "ums-bucket-policy"
       statements:
         - resources:
@@ -150,25 +135,19 @@ provisioning:
           actions:
             - "s3:*"
   users:
-    - username: "openproject_user"
+    - username: {{ .Values.objectstores.openproject.username | quote }}
       password: {{ .Values.secrets.minio.openprojectUser | quote }}
       disabled: false
       policies:
         - "openproject-bucket-policy"
       setPolicies: true
-    - username: "openxchange_user"
-      password: {{ .Values.secrets.minio.openxchangeUser | quote }}
-      disabled: false
-      policies:
-        - "openxchange-bucket-policy"
-      setPolicies: true
     - username: {{ .Values.objectstores.univentionManagementStack.username | quote }}
       password: {{ .Values.secrets.minio.umsUser | quote }}
       disabled: false
       policies:
         - "ums-bucket-policy"
       setPolicies: true
-    - username: "nextcloud_user"
+    - username: {{ .Values.objectstores.nextcloud.username | quote }}
       password: {{ .Values.secrets.minio.nextcloudUser | quote }}
       disabled: false
       policies:
diff --git a/helmfile/apps/univention-management-stack/values-portal-listener.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-portal-listener.yaml.gotmpl
index 44008cd1..288ccb73 100644
--- a/helmfile/apps/univention-management-stack/values-portal-listener.yaml.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-portal-listener.yaml.gotmpl
@@ -41,10 +41,10 @@ portalListener:
   udmApiUsername: "cn=admin"
   umcGetUrl: "http://ums-umc-server/get"
   umcSessionUrl: "http://ums-umc-server/get/session-info"
-  objectStorageEndpoint: "http://minio:9000"
-  objectStorageBucket: "ums"
-  objectStorageAccessKeyId: "ums_user"
-  objectStorageSecretAccessKey: {{ .Values.secrets.minio.umsUser | quote }}
+  objectStorageEndpoint: {{ .Values.objectstores.univentionManagementStack.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
+  objectStorageBucket: {{ .Values.objectstores.univentionManagementStack.bucket | quote }}
+  objectStorageAccessKeyId: {{ .Values.objectstores.univentionManagementStack.username | quote }}
+  objectStorageSecretAccessKey: {{ .Values.objectstores.univentionManagementStack.secretKey | default .Values.secrets.minio.umsUser | quote }}
 
 resources:
   {{ .Values.resources.umsPortalListener | toYaml | nindent 2 }}
diff --git a/helmfile/apps/univention-management-stack/values-portal-server.yaml.gotmpl b/helmfile/apps/univention-management-stack/values-portal-server.yaml.gotmpl
index 1c28e0dd..8c848b51 100644
--- a/helmfile/apps/univention-management-stack/values-portal-server.yaml.gotmpl
+++ b/helmfile/apps/univention-management-stack/values-portal-server.yaml.gotmpl
@@ -19,10 +19,10 @@ portalServer:
   logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"WARN"{{ end }}
   adminGroup: {{ printf "%s,%s" "cn=Domain Admins,cn=groups" .Values.ldap.baseDn | quote }}
   ucsInternalPath: "portal-data"
-  objectStorageEndpoint: "http://minio:9000"
-  objectStorageBucket: "ums"
-  objectStorageAccessKeyId: "ums_user"
-  objectStorageSecretAccessKey: {{ .Values.secrets.minio.umsUser | quote }}
+  objectStorageEndpoint: {{ .Values.objectstores.univentionManagementStack.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
+  objectStorageBucket: {{ .Values.objectstores.univentionManagementStack.bucket | quote }}
+  objectStorageAccessKeyId: {{ .Values.objectstores.univentionManagementStack.username | quote }}
+  objectStorageSecretAccessKey: {{ .Values.objectstores.univentionManagementStack.secretKey | default .Values.secrets.minio.umsUser | quote }}
   centralNavigation:
     enabled: true
     authenticatorSecret: {{ .Values.secrets.centralnavigation.apiKey | quote }}
diff --git a/helmfile/environments/default/objectstore.gotmpl b/helmfile/environments/default/objectstore.gotmpl
index ec6b4409..b8e1e4f0 100644
--- a/helmfile/environments/default/objectstore.gotmpl
+++ b/helmfile/environments/default/objectstore.gotmpl
@@ -4,20 +4,28 @@ SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 objectstores:
+  nextcloud:
+    bucket: "nextcloud"
+    endpoint: ""
+    region: "eu-west-1"
+    secretKey: ""
+    username: "nextcloud_user"
+    storageClass: "STANDARD"
+    useSSL: true
+    pathStyle: true
+    port: 443
   openproject:
-    backend: "minio"
     bucket: "openproject"
     endpoint: ""
-    region: ""
-    secret: ""
+    region: "eu-west-1"
+    secretKey: ""
     username: "openproject_user"
+    pathStyle: true
     useIAMProfile: ""
   univentionManagementStack:
-    backend: "minio"
     bucket: "ums"
     endpoint: ""
-    region: ""
-    secret: ""
+    region: "eu-west-1"
+    secretKey: ""
     username: "ums_user"
-    useIAMProfile: ""
 ...