From 844afb6611224b0a1b1d11abb61eef1970ed76b6 Mon Sep 17 00:00:00 2001
From: Bart Versteeg <8367621+bmjhversteeg@users.noreply.github.com>
Date: Fri, 3 Jan 2025 16:15:59 +0100
Subject: [PATCH] feat(argo-workflows): Support ephemeral credentials for s3
 (#3101)

feat(argo-workflows) Support ephemeral credentials for s3

Signed-off-by: Bart Versteeg <8367621+bmjhversteeg@users.noreply.github.com>
---
 charts/argo-workflows/Chart.yaml                            | 6 +++---
 .../controller/workflow-controller-config-map.yaml          | 5 +++++
 charts/argo-workflows/values.yaml                           | 3 +++
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/charts/argo-workflows/Chart.yaml b/charts/argo-workflows/Chart.yaml
index 86f35660..658d613f 100644
--- a/charts/argo-workflows/Chart.yaml
+++ b/charts/argo-workflows/Chart.yaml
@@ -3,7 +3,7 @@ appVersion: v3.6.2
 name: argo-workflows
 description: A Helm chart for Argo Workflows
 type: application
-version: 0.45.2
+version: 0.45.3
 icon: https://argo-workflows.readthedocs.io/en/stable/assets/logo.png
 home: https://github.com/argoproj/argo-helm
 sources:
@@ -16,5 +16,5 @@ annotations:
     fingerprint: 2B8F22F57260EFA67BE1C5824B11F800CD9D2252
     url: https://argoproj.github.io/argo-helm/pgp_keys.asc
   artifacthub.io/changes: |
-    - kind: fixed
-      description: Reference to ingress link was fixed
+    - kind: added
+      description: Support ephemeral credentials for s3 artifact repository
diff --git a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
index d93a910e..a269f6e5 100644
--- a/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
+++ b/charts/argo-workflows/templates/controller/workflow-controller-config-map.yaml
@@ -83,6 +83,11 @@ data:
         secretKeySecret:
           key: {{ tpl .Values.artifactRepository.s3.secretKeySecret.key . }}
           name: {{ tpl .Values.artifactRepository.s3.secretKeySecret.name . }}
+        {{- if .Values.artifactRepository.s3.sessionTokenSecret }}
+        sessionTokenSecret:
+          key: {{ tpl .Values.artifactRepository.s3.sessionTokenSecret.key . }}
+          name: {{ tpl .Values.artifactRepository.s3.sessionTokenSecret.name . }}
+        {{- end }}
         {{- end }}
         bucket: {{ tpl (.Values.artifactRepository.s3.bucket | default "") . }}
         endpoint: {{ tpl (.Values.artifactRepository.s3.endpoint | default "") . }}
diff --git a/charts/argo-workflows/values.yaml b/charts/argo-workflows/values.yaml
index 3de0ad8d..035945d2 100644
--- a/charts/argo-workflows/values.yaml
+++ b/charts/argo-workflows/values.yaml
@@ -812,6 +812,9 @@ artifactRepository:
     # secretKeySecret:
     #   name: "{{ .Release.Name }}-minio"
     #   key: secretkey
+    # sessionTokenSecret:
+    #   name: "{{ .Release.Name }}-minio"
+    #   key: sessionToken
     # # insecure will disable TLS. Primarily used for minio installs not configured with TLS
     # insecure: false
     # caSecret: