From fe02904fd549682b7f7c87a12558b33a850d391b Mon Sep 17 00:00:00 2001
From: Yury Kovalev <ykovalev@redhat.com>
Date: Tue, 13 Jun 2023 11:39:29 +0200
Subject: [PATCH] Change dp-terraform chart

---
 .../templates/fleetshard-sync-secret.yaml         |  4 ++++
 .../templates/fleetshard-sync.yaml                | 15 +++++++++++++++
 dp-terraform/helm/rhacs-terraform/values.yaml     |  3 +++
 3 files changed, 22 insertions(+)

diff --git a/dp-terraform/helm/rhacs-terraform/templates/fleetshard-sync-secret.yaml b/dp-terraform/helm/rhacs-terraform/templates/fleetshard-sync-secret.yaml
index 716016cf78..88b76b390e 100644
--- a/dp-terraform/helm/rhacs-terraform/templates/fleetshard-sync-secret.yaml
+++ b/dp-terraform/helm/rhacs-terraform/templates/fleetshard-sync-secret.yaml
@@ -8,3 +8,7 @@ metadata:
 stringData:
   rhsso-service-account-client-id: {{ .Values.fleetshardSync.redHatSSO.clientId | quote }}
   rhsso-service-account-client-secret: {{ .Values.fleetshardSync.redHatSSO.clientSecret | quote }}
+  {{- if eq .Values.fleetshardSync.aws.enableTokenAuth false }}
+  aws-access-key-id: {{ required "fleetshardSync.aws.accessKeyId is required when fleetshardSync.aws.enableTokenAuth = false" .Values.fleetshardSync.aws.accessKeyId | quote }}
+  aws-secret-access-key: {{ required "fleetshardSync.aws.secretAccessKey is required when fleetshardSync.aws.enableTokenAuth = false" .Values.fleetshardSync.aws.secretAccessKey | quote }}
+  {{- end }}
diff --git a/dp-terraform/helm/rhacs-terraform/templates/fleetshard-sync.yaml b/dp-terraform/helm/rhacs-terraform/templates/fleetshard-sync.yaml
index 740214b525..7482232962 100644
--- a/dp-terraform/helm/rhacs-terraform/templates/fleetshard-sync.yaml
+++ b/dp-terraform/helm/rhacs-terraform/templates/fleetshard-sync.yaml
@@ -80,6 +80,21 @@ spec:
           value: {{ .Values.fleetshardSync.telemetry.storage.endpoint | quote }}
         - name: TELEMETRY_STORAGE_KEY
           value: {{ .Values.fleetshardSync.telemetry.storage.key | quote }}
+        {{- if .Values.fleetshardSync.aws.enableTokenAuth }}
+        - name: AWS_WEB_IDENTITY_TOKEN_FILE
+          value: "/var/run/secrets/tokens/aws-token"
+        {{- else }}
+        - name: AWS_ACCESS_KEY_ID
+          valueFrom:
+            secretKeyRef:
+              name: fleetshard-sync
+              key: "aws-access-key-id"
+        - name: AWS_SECRET_ACCESS_KEY
+          valueFrom:
+            secretKeyRef:
+              name: fleetshard-sync
+              key: "aws-secret-access-key"
+        {{- end }}
         volumeMounts:
           - mountPath: /var/run/secrets/tokens
             name: aws-token
diff --git a/dp-terraform/helm/rhacs-terraform/values.yaml b/dp-terraform/helm/rhacs-terraform/values.yaml
index 07b21ac924..22cd96ec1d 100644
--- a/dp-terraform/helm/rhacs-terraform/values.yaml
+++ b/dp-terraform/helm/rhacs-terraform/values.yaml
@@ -35,6 +35,9 @@ fleetshardSync:
   aws:
     region: "us-east-1"  # TODO(2023-05-01): Remove the default value here as we now set it explicitly
     roleARN: ""
+    enableTokenAuth: true
+    accessKeyId: ""
+    secretAccessKey: ""
   telemetry:
     storage:
       endpoint: ""