Change dp-terraform chart

dp-terraform/helm/rhacs-terraform/templates/fleetshard-sync-secret.yaml

@@ -8,3 +8,7 @@ metadata:
 stringData:
   rhsso-service-account-client-id: {{ .Values.fleetshardSync.redHatSSO.clientId | quote }}
   rhsso-service-account-client-secret: {{ .Values.fleetshardSync.redHatSSO.clientSecret | quote }}
+  {{- if eq .Values.fleetshardSync.aws.enableTokenAuth false }}
+  aws-access-key-id: {{ required "fleetshardSync.aws.accessKeyId is required when fleetshardSync.aws.enableTokenAuth = false" .Values.fleetshardSync.aws.accessKeyId | quote }}
+  aws-secret-access-key: {{ required "fleetshardSync.aws.secretAccessKey is required when fleetshardSync.aws.enableTokenAuth = false" .Values.fleetshardSync.aws.secretAccessKey | quote }}
+  {{- end }}

dp-terraform/helm/rhacs-terraform/templates/fleetshard-sync.yaml

@@ -80,6 +80,21 @@ spec:
           value: {{ .Values.fleetshardSync.telemetry.storage.endpoint | quote }}
         - name: TELEMETRY_STORAGE_KEY
           value: {{ .Values.fleetshardSync.telemetry.storage.key | quote }}
+        {{- if .Values.fleetshardSync.aws.enableTokenAuth }}
+        - name: AWS_WEB_IDENTITY_TOKEN_FILE
+          value: "/var/run/secrets/tokens/aws-token"
+        {{- else }}
+        - name: AWS_ACCESS_KEY_ID
+          valueFrom:
+            secretKeyRef:
+              name: fleetshard-sync
+              key: "aws-access-key-id"
+        - name: AWS_SECRET_ACCESS_KEY
+          valueFrom:
+            secretKeyRef:
+              name: fleetshard-sync
+              key: "aws-secret-access-key"
+        {{- end }}
         volumeMounts:
           - mountPath: /var/run/secrets/tokens
             name: aws-token

dp-terraform/helm/rhacs-terraform/values.yaml

@@ -35,6 +35,9 @@ fleetshardSync:
   aws:
     region: "us-east-1"  # TODO(2023-05-01): Remove the default value here as we now set it explicitly
     roleARN: ""
+    enableTokenAuth: true
+    accessKeyId: ""
+    secretAccessKey: ""
   telemetry:
     storage:
       endpoint: ""