Merge pull request #9 from oxyno-zeta/upgrade-s3-proxy

oxyno-zeta · Mar 30, 2022 · a6e3304 · a6e3304
2 parents 2c41f29 + 552d37f
commit a6e3304
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 7 deletions.
diff --git a/charts/s3-proxy/Chart.yaml b/charts/s3-proxy/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: 4.4.0
+appVersion: 4.5.0
 description: A Helm chart for Kubernetes to deploy S3-Proxy
 home: https://github.com/oxyno-zeta/s3-proxy
 icon: https://raw.githubusercontent.com/oxyno-zeta/s3-proxy/master/docs/logo/logo.png
@@ -18,4 +18,4 @@ maintainers:
 name: s3-proxy
 sources:
   - https://github.com/oxyno-zeta/s3-proxy
-version: 2.10.0
+version: 2.11.0
diff --git a/charts/s3-proxy/templates/service.yaml b/charts/s3-proxy/templates/service.yaml
@@ -15,7 +15,7 @@ spec:
   type: {{ .Values.service.type }}
   ports:
     - port: {{ .Values.service.port }}
-      targetPort: http
+      targetPort: {{ .Values.service.targetPort }}
       protocol: TCP
       name: http
 {{- if hasKey .Values.service "nodePort" }}

diff --git a/charts/s3-proxy/values.yaml b/charts/s3-proxy/values.yaml
@@ -6,7 +6,7 @@ replicaCount: 1
 
 image:
   repository: oxynozeta/s3-proxy
-  tag: 4.4.0
+  tag: 4.5.0
   pullPolicy: IfNotPresent
 
 imagePullSecrets: []
@@ -26,6 +26,7 @@ serviceAccount:
 service:
   type: ClusterIP
   port: 80
+  targetPort: "http"
   # nodePort: 8888
   # clusterIP:
   # externalIPs: []
@@ -286,6 +287,15 @@ configFiles:
 
     # Authentication Providers
     # authProviders:
+    #   # Header providers
+    #   # This authentication method should be used only with a software like [Oauth2-proxy](https://github.com/oauth2-proxy/oauth2-proxy) or an authentication gateway that put headers with user information inside.
+    #   # Warning: S3-proxy won't validate headers value or anything else. It will take values as they are coming.
+    #   header:
+    #     oauth2-proxy:
+    #       usernameHeader: x-forwarded-preferred-username
+    #       emailHeader: x-forwarded-email
+    #       groupsHeader: x-forwarded-groups
+    #   # OIDC providers
     #   oidc:
     #     provider1:
     #       clientID: client-id
@@ -305,6 +315,7 @@ configFiles:
     #       emailVerified: true # check email verified field from token
     #       # loginPath: /auth/provider1 # Override login path dynamically generated from provider key
     #       # callbackPath: /auth/provider1/callback # Override callback path dynamically generated from provider key
+    #   # Basic auth providers
     #   basic:
     #     provider2:
     #       realm: My Basic Auth Realm
@@ -338,6 +349,11 @@ configFiles:
     #       # NOTE: This list can be empty ([]) for authentication only and no group filter
     #       authorizationAccesses: # Authorization accesses : groups or email or regexp
     #         - group: devops_users
+    #     # Header section for access filter
+    #     header:
+    #       # NOTE: This list can be empty ([]) for authentication only and no group filter
+    #       authorizationAccesses: # Authorization accesses : groups or email or regexp
+    #         - group: devops_users
     #     # Basic authentication section
     #     basic:
     #       credentials:
@@ -361,7 +377,7 @@ configFiles:
         #   - path: /
         #     # Whitelist
         #     whiteList: true
-        #     # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path)
+        #   # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path)
         #   - path: /specific_doc/*
         #     # HTTP Methods authorized (Must be in GET, PUT or DELETE)
         #     methods:
@@ -375,7 +391,7 @@ configFiles:
         #       # NOTE: This list can be empty ([]) for authentication only and no group filter
         #       authorizationAccesses: # Authorization accesses : groups or email or regexp
         #         - group: specific_users
-        #     # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path)
+        #   # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path)
         #   - path: /directory1/*
         #     # HTTP Methods authorized (Must be in GET, PUT or DELETE)
         #     methods:
@@ -390,14 +406,36 @@ configFiles:
         #         - user: user1
         #           password:
         #             path: password1-in-file
-        #     # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path)
+        #   # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path)
         #   - path: /opa-protected/*
         #     # OIDC section for access filter
         #     oidc:
         #       # Authorization through OPA server configuration
         #       authorizationOPAServer:
         #         # OPA server url with data path
         #         url: http://localhost:8181/v1/data/example/authz/allowed
+        #   # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path)
+        #   - path: /specific_doc/*
+        #     # HTTP Methods authorized (Must be in GET, PUT or DELETE)
+        #     methods:
+        #       - GET
+        #       - PUT
+        #       - DELETE
+        #     # A authentication provider declared in section before, here is the key name
+        #     provider: provider1
+        #     # Header section for access filter
+        #     header:
+        #       # NOTE: This list can be empty ([]) for authentication only and no group filter
+        #       authorizationAccesses: # Authorization accesses : groups or email or regexp
+        #         - group: specific_users
+        #   # A Path must be declared for a resource filtering (a wildcard can be added to match every sub path)
+        #   - path: /opa-protected/*
+        #     # Header section for access filter
+        #     header:
+        #       # Authorization through OPA server configuration
+        #       authorizationOPAServer:
+        #         # OPA server url with data path
+        #         url: http://localhost:8181/v1/data/example/authz/allowed
         # ## Actions
         # actions:
         #   # Action for GET requests on target
@@ -446,6 +484,10 @@ configFiles:
         # keyRewriteList:
         #   - # Source represents a Regexp (golang format with group naming support)
         #     source: ^/(?P<one>\w+)/(?P<two>\w+)/(?P<three>\w+)?$
+        #     # Target type: Regex or Template
+        #     # Regex will allow to do a simple regex replace/update, like in the example
+        #     # Template will allow to do golang template replace, like this example as "target" value: {{ regexReplaceAll "/input1(/.*)" .Key (printf "/input1/%s${1}" .User.Username) }}
+        #     # targetType: REGEX # TEMPLATE
         #     # Target represents the template of the new key that will be used
         #     target: /$two/$one/$three/$one/
         ## Target custom templates