From 400ad8cc1e98051b75cff4a4a72cf4491613eff8 Mon Sep 17 00:00:00 2001 From: Pauline Ribeyre <4224001+paulineribeyre@users.noreply.github.com> Date: Fri, 13 Sep 2024 15:52:25 -0500 Subject: [PATCH] set up s3 access --- gen3/bin/kube-setup-funnel.sh | 23 +++++++++++++++++++++++ gen3/bin/s3.sh | 2 +- 2 files changed, 24 insertions(+), 1 deletion(-) diff --git a/gen3/bin/kube-setup-funnel.sh b/gen3/bin/kube-setup-funnel.sh index 529f5a33bc..5b85d4ae0e 100644 --- a/gen3/bin/kube-setup-funnel.sh +++ b/gen3/bin/kube-setup-funnel.sh @@ -55,6 +55,29 @@ setup_funnel_infra() { fi g3kubectl create -f "${GEN3_HOME}/kube/services/funnel/funnel-role-binding.yml" -n $namespace + gen3_log_info "Setting up funnel SA with access to S3" + # mkdir -p $(gen3_secrets_folder)/g3auto/manifestservice + # credsFile="$(gen3_secrets_folder)/g3auto/manifestservice/config.json" + hostname="$(gen3 api hostname)" + bucketname="funnel-${hostname//./-}" # TODO rename since it will be user-facing + username="funnel-bot-${hostname//./-}" + gen3 s3 create "$bucketname" || true + gen3 awsrole create ${username} $sa_name || true + gen3 s3 attach-bucket-policy "$bucketname" --read-write --role-name ${username} || true +# if (! (g3kubectl describe secret manifestservice-g3auto 2> /dev/null | grep config.js > /dev/null 2>&1)) \ +# && [[ (! -f "$credsFile") && -z "$JENKINS_HOME" ]]; +# then +# gen3_log_info "initializing manifestservice config.json" +# cat - > "$credsFile" < /dev/null 2>&1; then # gen3_log_info "orthanc-g3auto secret already configured" diff --git a/gen3/bin/s3.sh b/gen3/bin/s3.sh index e89d3ca7b0..7925844096 100644 --- a/gen3/bin/s3.sh +++ b/gen3/bin/s3.sh @@ -174,7 +174,7 @@ gen3_s3_info() { return 1 fi if [[ ! -z "$(gen3_aws_run aws s3api head-bucket --bucket $1 2>&1)" ]]; then - gen3_log_err "Bucket does not exist" + gen3_log_err "Bucket '$1' does not exist" return 1 fi local rootPolicyArn="arn:aws:iam::${AWS_ACCOUNT_ID}:policy"