feat(offsite-backup): olsitec-foundation bucket + scoped creds on home MinIO
CONTRACT_004 offsite target (ADR-004 'second self-hosted location'). @pulumi/minio program (modeled on olsicloud4 modules/minio): bucket 'olsitec-foundation' + scoped IAM user/policy + service account on minio.wob.olsitec.de:19000. Verified: scoped SA can put/list/delete in its bucket, DENIED cross-bucket. Admin creds + scoped creds via ENV/state only (gitignored), never committed. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
42f0aec52a
commit
db47037bdc
8 changed files with 124 additions and 1 deletions
|
|
@ -29,3 +29,6 @@ EXIT: 0 — test VM foundation-test @ 91.98.117.152 (cx23, nbg1-dc3), SSH:222, D
|
|||
NOTE: docker-over-SSH provider path needs SSH_PRIVATE_KEY_PATH=~/.ssh/foundation-test_ed25519 + FOUNDATION_DOCKER_HOST=ssh://root@91.98.117.152:222. DESTROY: cd provision && pulumi destroy (stack foundation-test).
|
||||
---
|
||||
--- 2026-06-30T18:13:36Z --- CMD: pulumi up (cx33/hel1-dc2 replace) EXIT: RUNNING
|
||||
--- 2026-06-30T18:32:52Z --- HOST: mac->minio.wob.olsitec.de:19000 CMD: pulumi up (olsitec-foundation bucket + scoped SA) EXIT: RUNNING NOTE: offsite backup target setup
|
||||
--- 2026-06-30T18:32:54Z UPDATE --- EXIT: 0 — bucket+scoped SA created on home MinIO
|
||||
--- 2026-06-30T18:34:55Z UPDATE --- EXIT: 0 — olsitec-foundation bucket + scoped SA verified (put/list/delete OK, cross-bucket DENIED).
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue