From 858ab494c351502f319d4890fea2e6de22f46141 Mon Sep 17 00:00:00 2001
From: Jeremy Cline <jeremycline@linux.microsoft.com>
Date: Mon, 24 Jun 2024 15:10:59 -0400
Subject: [PATCH] Add AWS credentials to the cloud-image-uploader

For now, just re-use the fedimg credentials.

Note that currently the AWS support is not enabled so nothing makes use
of these credentials just yet.
---
 playbooks/openshift-apps/cloud-image-uploader.yml  |  5 +++++
 .../cloud-image-uploader/templates/aws-secrets.yml | 14 ++++++++++++++
 .../cloud-image-uploader/templates/deployment.yml  | 10 ++++++++++
 3 files changed, 29 insertions(+)
 create mode 100644 roles/openshift-apps/cloud-image-uploader/templates/aws-secrets.yml

diff --git a/playbooks/openshift-apps/cloud-image-uploader.yml b/playbooks/openshift-apps/cloud-image-uploader.yml
index 0c39705abd..25bc062411 100644
--- a/playbooks/openshift-apps/cloud-image-uploader.yml
+++ b/playbooks/openshift-apps/cloud-image-uploader.yml
@@ -98,6 +98,11 @@
     template: secret.yml
     objectname: secret.yml
 
+  - role: openshift/object
+    app: cloud-image-uploader
+    template: aws-secrets.yml
+    objectname: aws-secrets.yml
+
   - role: openshift/start-build
     app: cloud-image-uploader
     buildname: cloud-image-uploader-build
diff --git a/roles/openshift-apps/cloud-image-uploader/templates/aws-secrets.yml b/roles/openshift-apps/cloud-image-uploader/templates/aws-secrets.yml
new file mode 100644
index 0000000000..b28fb0323d
--- /dev/null
+++ b/roles/openshift-apps/cloud-image-uploader/templates/aws-secrets.yml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: "aws-credentials"
+  labels:
+    app: "cloud-image-uploader"
+stringData:
+{% if env == 'staging' %}
+  access_key_id: "{{fedimg_aws_stg_access_id}}"
+  secret_access_key: "{{fedimg_aws_stg_secret_key}}"
+{% else %}
+  access_key_id: "{{fedimg_aws_prod_access_id}}"
+  secret_access_key: "{{fedimg_aws_prod_secret_key}}"
+{% endif %}
diff --git a/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml b/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml
index 589ee43445..a7fc76343a 100644
--- a/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml
+++ b/roles/openshift-apps/cloud-image-uploader/templates/deployment.yml
@@ -55,6 +55,16 @@ spec:
                 secretKeyRef:
                   name: azure-credentials
                   key: subscription_id
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: aws-credentials
+                  key: access_key_id
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: aws-credentials
+                  key: secret_access_key
           volumeMounts:
             - name: config-volume
               mountPath: /etc/fedora-messaging