diff --git a/charts/s3-proxy/values.yaml b/charts/s3-proxy/values.yaml index 6399eab..9c50981 100644 --- a/charts/s3-proxy/values.yaml +++ b/charts/s3-proxy/values.yaml @@ -377,230 +377,231 @@ configFiles: # Targets map targets: - first-bucket: - ## Mount point - mount: - path: - - / - # A specific host can be added for filtering. Otherwise, all hosts will be accepted - # host: localhost:8080 - # ## Resources declaration - # ## WARNING: Think about all path that you want to protect. At the end of the list, you should add a resource filter for /* otherwise, it will be public. - # resources: - # # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path) - # - path: / - # # Whitelist - # whiteList: true - # # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path) - # - path: /specific_doc/* - # # HTTP Methods authorized (Must be in GET, PUT or DELETE) - # methods: - # - GET - # - PUT - # - DELETE - # # A authentication provider declared in section before, here is the key name - # provider: provider1 - # # OIDC section for access filter - # oidc: - # # NOTE: This list can be empty ([]) for authentication only and no group filter - # authorizationAccesses: # Authorization accesses : groups or email or regexp - # - group: specific_users - # # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path) - # - path: /directory1/* - # # HTTP Methods authorized (Must be in GET, PUT or DELETE) - # methods: - # - GET - # - PUT - # - DELETE - # # A authentication provider declared in section before, here is the key name - # provider: provider1 - # # Basic authentication section - # basic: - # credentials: - # - user: user1 - # password: - # path: password1-in-file - # # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path) - # - path: /opa-protected/* - # # OIDC section for access filter - # oidc: - # # Authorization through OPA server configuration - # authorizationOPAServer: - # # OPA server url with data path - # url: http://localhost:8181/v1/data/example/authz/allowed - # # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path) - # - path: /specific_doc/* - # # HTTP Methods authorized (Must be in GET, PUT or DELETE) - # methods: - # - GET - # - PUT - # - DELETE - # # A authentication provider declared in section before, here is the key name - # provider: provider1 - # # Header section for access filter - # header: - # # NOTE: This list can be empty ([]) for authentication only and no group filter - # authorizationAccesses: # Authorization accesses : groups or email or regexp - # - group: specific_users - # # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path) - # - path: /opa-protected/* - # # Header section for access filter - # header: - # # Authorization through OPA server configuration - # authorizationOPAServer: - # # OPA server url with data path - # url: http://localhost:8181/v1/data/example/authz/allowed - # ## Actions - # actions: - # # Action for GET requests on target - # GET: - # # Will allow GET requests - # enabled: true - # # Configuration for GET requests - # config: - # # Redirect with trailing slash when a file isn't found - # redirectWithTrailingSlashForNotFoundFile: true - # # Index document to display if exists in folder - # indexDocument: index.html - # # Allow to add headers to streamed files (can be templated) - # streamedFileHeaders: {} - # # Redirect to a S3 signed URL - # redirectToSignedUrl: true - # # Signed URL expiration time - # signedUrlExpiration: 15m - # # Webhooks - # webhooks: [] - # # Action for PUT requests on target - # PUT: - # # Will allow PUT requests - # enabled: true - # # Configuration for PUT requests - # config: - # # Metadata key/values that will be put on S3 objects. - # # Values can be templated. Empty values will be flushed. - # metadata: - # key: value - # # System Metadata cases. - # # Values can be templated. Empty values will be flushed. - # systemMetadata: - # # Cache-Control value (will be put as header after) - # cacheControl: "" - # # Content-Disposition value (will be put as header after) - # contentDisposition: "" - # # Content-Encoding value (will be put as header after) - # contentEncoding: "" - # # Content-Language value (will be put as header after) - # contentLanguage: "" - # # Expires value (will be put as header after) - # # Side note: This must have the RFC3339 date format at the end. - # expires: "" - # # Storage class that will be used for uploaded objects - # # See storage class here: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html - # # Values can be templated. Empty values will be flushed. - # storageClass: STANDARD # GLACIER, ... - # # Will allow override objects if enabled - # allowOverride: false - # # Canned ACL put on each file uploaded. - # # https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl - # # cannedACL: "" - # # Webhooks - # webhooks: [] - # # Action for DELETE requests on target - # DELETE: - # # Will allow DELETE requests - # enabled: true - # # Configuration for DELETE requests - # config: - # # Webhooks - # webhooks: [] - # # Key rewrite list - # # This will allow to rewrite keys before doing any requests to S3 - # # For more information about how this works, see in the documentation. - # keyRewriteList: - # - # Source represents a Regexp (golang format with group naming support) - # source: ^/(?P\w+)/(?P\w+)/(?P\w+)?$ - # # Target type: Regex or Template - # # Regex will allow to do a simple regex replace/update, like in the example - # # Template will allow to do golang template replace, like this example as "target" value: {{ regexReplaceAll "/input1(/.*)" .Key (printf "/input1/%s${1}" .User.Username) }} - # # targetType: REGEX # TEMPLATE - # # Target represents the template of the new key that will be used - # target: /$two/$one/$three/$one/ - ## Target custom templates - # templates: - # # Helpers - # helpers: - # - inBucket: false - # path: "" - # # Folder list template - # folderList: - # inBucket: false - # path: "" - # headers: {} - # status: "200" - # # Not found error template - # notFoundError: - # inBucket: false - # path: "" - # headers: {} - # status: "404" - # # Internal server error template - # internalServerError: - # inBucket: false - # path: "" - # headers: {} - # status: "500" - # # Forbidden error template - # forbiddenError: - # inBucket: false - # path: "" - # headers: {} - # status: "403" - # # Unauthorized error template - # unauthorizedError: - # inBucket: false - # path: "" - # headers: {} - # status: "401" - # # Bad Request error template - # badRequestError: - # inBucket: false - # path: "" - # headers: {} - # status: "400" - # # PUT template - # put: - # inBucket: false - # path: "" - # headers: {} - # status: "204" - # # DELETE template - # delete: - # inBucket: false - # path: "" - # headers: {} - # status: "204" - ## Bucket configuration - bucket: - name: super-bucket - prefix: - region: eu-west-1 - s3Endpoint: - disableSSL: false - # s3ListMaxKeys: 1000 - # credentials: - # accessKey: - # env: AWS_ACCESS_KEY_ID - # secretKey: - # path: secret_key_file - # requestConfig: - # listHeaders: - # Accept-Encoding: gzip - # getHeaders: - # Accept-Encoding: gzip - # putHeaders: - # Accept-Encoding: gzip - # deleteHeaders: - # Accept-Encoding: gzip + {} + # first-bucket: + # ## Mount point + # mount: + # path: + # - / + # # A specific host can be added for filtering. Otherwise, all hosts will be accepted + # # host: localhost:8080 + # # ## Resources declaration + # # ## WARNING: Think about all path that you want to protect. At the end of the list, you should add a resource filter for /* otherwise, it will be public. + # # resources: + # # # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path) + # # - path: / + # # # Whitelist + # # whiteList: true + # # # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path) + # # - path: /specific_doc/* + # # # HTTP Methods authorized (Must be in GET, PUT or DELETE) + # # methods: + # # - GET + # # - PUT + # # - DELETE + # # # A authentication provider declared in section before, here is the key name + # # provider: provider1 + # # # OIDC section for access filter + # # oidc: + # # # NOTE: This list can be empty ([]) for authentication only and no group filter + # # authorizationAccesses: # Authorization accesses : groups or email or regexp + # # - group: specific_users + # # # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path) + # # - path: /directory1/* + # # # HTTP Methods authorized (Must be in GET, PUT or DELETE) + # # methods: + # # - GET + # # - PUT + # # - DELETE + # # # A authentication provider declared in section before, here is the key name + # # provider: provider1 + # # # Basic authentication section + # # basic: + # # credentials: + # # - user: user1 + # # password: + # # path: password1-in-file + # # # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path) + # # - path: /opa-protected/* + # # # OIDC section for access filter + # # oidc: + # # # Authorization through OPA server configuration + # # authorizationOPAServer: + # # # OPA server url with data path + # # url: http://localhost:8181/v1/data/example/authz/allowed + # # # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path) + # # - path: /specific_doc/* + # # # HTTP Methods authorized (Must be in GET, PUT or DELETE) + # # methods: + # # - GET + # # - PUT + # # - DELETE + # # # A authentication provider declared in section before, here is the key name + # # provider: provider1 + # # # Header section for access filter + # # header: + # # # NOTE: This list can be empty ([]) for authentication only and no group filter + # # authorizationAccesses: # Authorization accesses : groups or email or regexp + # # - group: specific_users + # # # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path) + # # - path: /opa-protected/* + # # # Header section for access filter + # # header: + # # # Authorization through OPA server configuration + # # authorizationOPAServer: + # # # OPA server url with data path + # # url: http://localhost:8181/v1/data/example/authz/allowed + # # ## Actions + # # actions: + # # # Action for GET requests on target + # # GET: + # # # Will allow GET requests + # # enabled: true + # # # Configuration for GET requests + # # config: + # # # Redirect with trailing slash when a file isn't found + # # redirectWithTrailingSlashForNotFoundFile: true + # # # Index document to display if exists in folder + # # indexDocument: index.html + # # # Allow to add headers to streamed files (can be templated) + # # streamedFileHeaders: {} + # # # Redirect to a S3 signed URL + # # redirectToSignedUrl: true + # # # Signed URL expiration time + # # signedUrlExpiration: 15m + # # # Webhooks + # # webhooks: [] + # # # Action for PUT requests on target + # # PUT: + # # # Will allow PUT requests + # # enabled: true + # # # Configuration for PUT requests + # # config: + # # # Metadata key/values that will be put on S3 objects. + # # # Values can be templated. Empty values will be flushed. + # # metadata: + # # key: value + # # # System Metadata cases. + # # # Values can be templated. Empty values will be flushed. + # # systemMetadata: + # # # Cache-Control value (will be put as header after) + # # cacheControl: "" + # # # Content-Disposition value (will be put as header after) + # # contentDisposition: "" + # # # Content-Encoding value (will be put as header after) + # # contentEncoding: "" + # # # Content-Language value (will be put as header after) + # # contentLanguage: "" + # # # Expires value (will be put as header after) + # # # Side note: This must have the RFC3339 date format at the end. + # # expires: "" + # # # Storage class that will be used for uploaded objects + # # # See storage class here: https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html + # # # Values can be templated. Empty values will be flushed. + # # storageClass: STANDARD # GLACIER, ... + # # # Will allow override objects if enabled + # # allowOverride: false + # # # Canned ACL put on each file uploaded. + # # # https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl + # # # cannedACL: "" + # # # Webhooks + # # webhooks: [] + # # # Action for DELETE requests on target + # # DELETE: + # # # Will allow DELETE requests + # # enabled: true + # # # Configuration for DELETE requests + # # config: + # # # Webhooks + # # webhooks: [] + # # # Key rewrite list + # # # This will allow to rewrite keys before doing any requests to S3 + # # # For more information about how this works, see in the documentation. + # # keyRewriteList: + # # - # Source represents a Regexp (golang format with group naming support) + # # source: ^/(?P\w+)/(?P\w+)/(?P\w+)?$ + # # # Target type: Regex or Template + # # # Regex will allow to do a simple regex replace/update, like in the example + # # # Template will allow to do golang template replace, like this example as "target" value: {{ regexReplaceAll "/input1(/.*)" .Key (printf "/input1/%s${1}" .User.Username) }} + # # # targetType: REGEX # TEMPLATE + # # # Target represents the template of the new key that will be used + # # target: /$two/$one/$three/$one/ + # ## Target custom templates + # # templates: + # # # Helpers + # # helpers: + # # - inBucket: false + # # path: "" + # # # Folder list template + # # folderList: + # # inBucket: false + # # path: "" + # # headers: {} + # # status: "200" + # # # Not found error template + # # notFoundError: + # # inBucket: false + # # path: "" + # # headers: {} + # # status: "404" + # # # Internal server error template + # # internalServerError: + # # inBucket: false + # # path: "" + # # headers: {} + # # status: "500" + # # # Forbidden error template + # # forbiddenError: + # # inBucket: false + # # path: "" + # # headers: {} + # # status: "403" + # # # Unauthorized error template + # # unauthorizedError: + # # inBucket: false + # # path: "" + # # headers: {} + # # status: "401" + # # # Bad Request error template + # # badRequestError: + # # inBucket: false + # # path: "" + # # headers: {} + # # status: "400" + # # # PUT template + # # put: + # # inBucket: false + # # path: "" + # # headers: {} + # # status: "204" + # # # DELETE template + # # delete: + # # inBucket: false + # # path: "" + # # headers: {} + # # status: "204" + # ## Bucket configuration + # bucket: + # name: super-bucket + # prefix: + # region: eu-west-1 + # s3Endpoint: + # disableSSL: false + # # s3ListMaxKeys: 1000 + # # credentials: + # # accessKey: + # # env: AWS_ACCESS_KEY_ID + # # secretKey: + # # path: secret_key_file + # # requestConfig: + # # listHeaders: + # # Accept-Encoding: gzip + # # getHeaders: + # # Accept-Encoding: gzip + # # putHeaders: + # # Accept-Encoding: gzip + # # deleteHeaders: + # # Accept-Encoding: gzip # Sidecars # The full container definition is available here.