---
# yaml-language-server: $schema=https://ks.hsn.dev/external-secrets.io/clusterexternalsecret_v1beta1.json
apiVersion: external-secrets.io/v1beta1
kind: ClusterExternalSecret
metadata:
  name: pgo-s3-creds
spec:
  externalSecretName: pgo-s3-creds

  namespaceSelector:
    matchLabels:
      pgo-enabled-hsn.dev: "true"

  refreshTime: "1m"

  externalSecretSpec:
    secretStoreRef:
      kind: ClusterSecretStore
      name: onepassword-connect

    target:
      name: pgo-s3-creds
      creationPolicy: Owner
      template:
        engineVersion: v2
        data:
          s3.conf: |
            [global]
            repo1-s3-key={{ .pgo_crunchy_postgres_access_key }}
            repo1-s3-key-secret={{ .pgo_crunchy_postgres_secret_key }}

    dataFrom:
      - extract:
          key: pgo-s3-creds
        rewrite:
          - regexp:
              source: "[-]"
              target: "_"
          - regexp:
              source: "(.*)"
              target: "pgo_$1"