Support multiple backends and fix workflow command

.cursorrules

@@ -0,0 +1,29 @@
+# Cursor Rules for S3Proxy Helm Chart Project
+
+## Project Structure
+This is a Helm chart project for deploying S3Proxy to Kubernetes. The chart is located in `charts/s3proxy/`.
+
+## Important File Handling Rules
+
+### README.md Files - DO NOT EDIT DIRECTLY
+**CRITICAL:** The following README.md files are auto-generated and must NEVER be edited directly:
+- `/README.md` (root project README)
+- `/charts/s3proxy/README.md` (chart README, if it exists)
+
+These files are generated from their corresponding template files using helm-docs.
+
+**When asked to modify README content, you MUST:**
+1. ONLY edit the template file: `charts/s3proxy/README.md.gotmpl`
+2. NEVER directly edit any `README.md` files
+3. Inform the user that README.md is auto-generated and changes should be made to the template
+4. After editing the template, remind the user to regenerate README.md using helm-docs
+
+**Template file location:**
+- Template: `charts/s3proxy/README.md.gotmpl`
+- Generated: `README.md` (root) - auto-generated from the template
+
+## Helm Chart Best Practices
+- Always validate YAML syntax when editing chart files
+- Preserve the existing indentation style (spaces for YAML files as per YAML spec)
+- When modifying values.yaml, ensure documentation comments are kept in sync
+- Test template rendering with `helm template` after making changes

charts/s3proxy/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.3
+version: 0.0.4
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/s3proxy/README.md.gotmpl

@@ -53,11 +53,14 @@ The following section lists the configurable parameters of the {{ template "char
 ```yaml
 # values-filesystem.yaml
 config:
-  authorization: "aws-v4"
-  identity: "myaccesskey"
-  credential: "mysecretkey"
-  backend:
-    provider: "filesystem-nio2"
+  auth:
+    type: "aws-v4"
+    identity: "myaccesskey"
+    secret: "mysecretkey"
+  backends:
+    filesystem:
+      enabled: true
+      nio2: true
     filesystem:
       basedir: "/data/s3proxy"
 
@@ -76,9 +79,10 @@ helm install s3proxy-fs ./{{ template "chart.name" . }} -f values-filesystem.yam
 ```yaml
 # values-aws-s3.yaml
 config:
-  authorization: "aws-v4"
-  identity: "proxy-access-key"  # For clients connecting to s3proxy
-  credential: "proxy-secret-key"
+  auth:
+    type: "aws-v4"
+    identity: "proxy-access-key"  # For clients connecting to s3proxy
+    secret: "proxy-secret-key"
   backend:
     provider: "aws-s3"
     awsS3:
@@ -100,9 +104,10 @@ helm install s3proxy-s3 ./{{ template "chart.name" . }} -f values-aws-s3.yaml
 ```yaml
 # values-azure.yaml
 config:
-  authorization: "aws-v4"
-  identity: "myaccesskey"
-  credential: "mysecretkey"
+  auth:
+    type: "aws-v4"
+    identity: "myaccesskey"
+    secret: "mysecretkey"
   backend:
     provider: "azureblob"
     azureblob:
@@ -123,9 +128,10 @@ helm install s3proxy-azure ./{{ template "chart.name" . }} -f values-azure.yaml
 ```yaml
 # values-gcs.yaml
 config:
-  authorization: "aws-v4"
-  identity: "myaccesskey"
-  credential: "mysecretkey"
+  auth:
+    type: "aws-v4"
+    identity: "myaccesskey"
+    secret: "mysecretkey"
   backend:
     provider: "google-cloud-storage"
     googleCloudStorage:
@@ -145,9 +151,12 @@ persistence:
 ```yaml
 # values-anonymous.yaml
 config:
-  authorization: "none"
-  backend:
-    provider: "transient-nio2"  # In-memory storage
+  auth:
+    type: "none"
+  backends:
+    transient:
+      enabled: true
+      nio2: true  # In-memory storage
 
 persistence:
   enabled: false
@@ -263,7 +272,7 @@ This will remove all resources created by the chart. If using persistence, the P
 
 ### Common Issues
 
-1. **Authentication failures**: Ensure `config.identity` and `config.credential` are set correctly for client authentication.
+1. **Authentication failures**: Ensure `config.auth.identity` and `config.auth.secret` are set correctly for client authentication.
 
 2. **Backend connection issues**: Verify backend credentials are correctly configured in the appropriate section (e.g., `config.backend.awsS3.*`).
 

charts/s3proxy/override-values.example.yaml

@@ -1,16 +1,31 @@
 # Example values for s3proxy Helm chart
 # This demonstrates a typical configuration using filesystem backend with authentication
 
+# Custom image configuration (optional)
+# image:
+#   repository: andrewgaul/s3proxy
+#   tag: "latest"
+#   pullPolicy: Always
+
+# Custom config merge container image configuration (optional)
+# configMergeImage:
+#   repository: busybox
+#   tag: "1.36"
+#   pullPolicy: IfNotPresent
+
 # S3Proxy configuration
 config:
-  # Authentication type for clients connecting to S3Proxy
-  # Options: none, aws-v2, aws-v4, aws-v2-or-v4
-  authorization: "aws-v4"
-
-  # Credentials for clients to authenticate to S3Proxy
-  # These should be changed to secure values
-  identity: "admin"
-  credential: "changeme123"
+  # Log level for S3Proxy (DEBUG, INFO, WARN, ERROR)
+  logLevel: "INFO"
+
+  auth:
+    # Authentication type for clients connecting to S3Proxy
+    # Options: none, aws-v2, aws-v4, aws-v2-or-v4
+    type: "aws-v4"
+    # Credentials for clients to authenticate to S3Proxy
+    # These should be changed to secure values
+    identity: "admin"
+    secret: "changeme123"
 
   # Enable CORS for web applications
   cors:
@@ -30,24 +45,95 @@ config:
     allowCredential: true
 
   # Storage backend configuration
-  backend:
-    # Use filesystem backend for local storage
-    provider: "filesystem-nio2"
+  # Multiple backends can be enabled simultaneously
+  # Properties files will be loaded in order: main properties first, then each backend's properties
+  # Later properties can override earlier ones if there are conflicts
+  backends:
+    # Filesystem backend for local storage
     filesystem:
+      enabled: true  # Set to true to use filesystem backend
+      nio2: true  # Set to true for NIO2 implementation (filesystem-nio2), false for standard (filesystem)
       basedir: "/data/s3proxy"
 
-    # Example: AWS S3 backend (uncomment to use)
-    # provider: "aws-s3"
-    # awsS3:
-    #   region: "us-west-2"
-    #   accessKeyId: "AKIAIOSFODNN7EXAMPLE"
-    #   secretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
-
-    # Example: Azure Blob backend (uncomment to use)
-    # provider: "azureblob"
-    # azureblob:
-    #   account: "mystorageaccount"
-    #   key: "base64encodedkey=="
+    # Transient (in-memory) backend - useful for testing
+    transient:
+      enabled: false  # Set to true to use transient backend
+      nio2: true  # Set to true for NIO2 implementation (transient-nio2), false for standard (transient)
+
+    # S3 backend (AWS S3 or S3-compatible storage)
+    s3:
+      enabled: false  # Set to true to use S3 backend
+      aws: true  # Set to true for AWS S3 (aws-s3 provider), false for generic S3
+      region: "us-west-2"
+      # endpoint: "https://s3.amazonaws.com"  # Optional custom endpoint (e.g., MinIO, Ceph)
+      accessKeyId: "AKIAIOSFODNN7EXAMPLE"
+      secretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
+
+    # Azure Blob Storage backend
+    azureblob:
+      enabled: false  # Set to true to use Azure Blob backend
+      provider: "azureblob"  # Can be "azureblob" or "azureblob-sdk"
+      account: "mystorageaccount"
+      key: "base64encodedkey=="
+      # endpoint: "https://mystorageaccount.blob.core.windows.net"  # Optional
+      # sasToken: ""  # Optional SAS token
+
+    # Google Cloud Storage backend
+    googleCloudStorage:
+      enabled: false  # Set to true to use GCS backend
+      projectId: "my-project"
+
+      # Service account email or user email (required for both authentication methods)
+      clientEmail: "service-account@my-project.iam.gserviceaccount.com"
+
+      # Option 1: Using privateKey directly
+      privateKey: "-----BEGIN RSA PRIVATE KEY-----\n..."
+
+      # Option 2: Using JSON credentials file (preferred for GCP)
+      # This provides the credential (privateKey) via a mounted file
+      jsonCredentials:
+        enabled: false  # Set to true to use JSON credentials
+
+        # Either provide the JSON content directly:
+        # jsonContent: |
+        #   {
+        #     "type": "service_account",
+        #     "project_id": "my-project",
+        #     "private_key_id": "key-id",
+        #     "private_key": "-----BEGIN RSA PRIVATE KEY-----\n...",
+        #     "client_email": "service-account@my-project.iam.gserviceaccount.com",
+        #     "client_id": "...",
+        #     "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+        #     "token_uri": "https://oauth2.googleapis.com/token",
+        #     "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+        #     "client_x509_cert_url": "..."
+        #   }
+
+        # Or reference an existing secret containing the JSON:
+        # existingSecret: "my-gcp-credentials-secret"
+        # secretKey: "credentials.json"  # Key in the secret containing the JSON (default: credentials.json)
+
+    # Backblaze B2 backend
+    b2:
+      enabled: false  # Set to true to use B2 backend
+      account: "account-id"
+      applicationKey: "application-key"
+
+    # OpenStack Swift backend
+    openstackSwift:
+      enabled: false  # Set to true to use Swift backend
+      authUrl: "https://auth.cloud.com/v2.0"
+      tenantName: "my-tenant"
+      userName: "my-user"
+      password: "my-password"
+      region: "RegionOne"
+
+    # Rackspace Cloud Files backend
+    rackspaceCloudfiles:
+      enabled: false  # Set to true to use Rackspace Cloud Files backend
+      region: "us"  # Region: "us" or "uk"
+      userName: "my-user"
+      apiKey: "my-api-key"
 
 # Persistence settings for filesystem backend
 persistence:

charts/s3proxy/templates/NOTES.txt

@@ -22,8 +22,41 @@
 {{- end }}
 
 2. S3Proxy Configuration:
-   - Backend Provider: {{ .Values.config.backend.provider }}
-   - Authorization: {{ .Values.config.authorization }}
+   - Backend Provider: 
+{{- if .Values.config.backends.filesystem.enabled }}
+  {{- if .Values.config.backends.filesystem.nio2 }}
+     filesystem (filesystem-nio2)
+  {{- else }}
+     filesystem (filesystem)
+  {{- end }}
+{{- else if .Values.config.backends.transient.enabled }}
+  {{- if .Values.config.backends.transient.nio2 }}
+     transient (transient-nio2)
+  {{- else }}
+     transient (transient)
+  {{- end }}
+{{- else if .Values.config.backends.s3.enabled }}
+  {{- if .Values.config.backends.s3.aws }}
+     AWS S3 (aws-s3)
+  {{- else }}
+     Generic S3 (s3)
+  {{- end }}
+{{- else if .Values.config.backends.azureblob.enabled }}
+     Azure Blob ({{ .Values.config.backends.azureblob.provider }})
+{{- else if .Values.config.backends.googleCloudStorage.enabled }}
+     Google Cloud Storage
+{{- else if .Values.config.backends.b2.enabled }}
+     Backblaze B2
+{{- else if .Values.config.backends.openstackSwift.enabled }}
+     OpenStack Swift
+{{- else if .Values.config.backends.rackspaceCloudfiles.enabled }}
+  {{- if eq .Values.config.backends.rackspaceCloudfiles.region "uk" }}
+     Rackspace Cloud Files UK
+  {{- else }}
+     Rackspace Cloud Files US
+  {{- end }}
+{{- end }}
+   - Authorization: {{ .Values.config.auth.type }}
 {{- if .Values.config.cors.enabled }}
    - CORS: Enabled
 {{- end }}
@@ -34,13 +67,13 @@
 3. Testing S3Proxy:
    Once the service is available, you can test it using AWS CLI or curl:
 
-{{- if eq .Values.config.authorization "none" }}
+{{- if eq .Values.config.auth.type "none" }}
    # Anonymous access (no authentication required)
    curl -X GET http://<SERVICE_URL>/
 {{- else }}
    # Set up AWS CLI credentials (if authentication is enabled)
    export AWS_ACCESS_KEY_ID=<your-s3proxy-identity>
-   export AWS_SECRET_ACCESS_KEY=<your-s3proxy-credential>
+   export AWS_SECRET_ACCESS_KEY=<your-s3proxy-secret>
 
    # List buckets
    aws --endpoint-url http://<SERVICE_URL> s3 ls
@@ -53,7 +86,7 @@
 
 
    # You can also use other AWS S3 API compatible clients like MinIO's mc.
-   mc alias set s3proxy http://<SERVICE_URL> <your-s3proxy-identity> <your-s3proxy-credential>
+   mc alias set s3proxy http://<SERVICE_URL> <your-s3proxy-identity> <your-s3proxy-secret>
 
    # List buckets
    mc ls s3proxy
@@ -70,12 +103,22 @@
    kubectl logs -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "s3proxy.name" . }},app.kubernetes.io/instance={{ .Release.Name }}"
 
 5. Important Notes:
-{{- if or (eq .Values.config.backend.provider "filesystem") (eq .Values.config.backend.provider "filesystem-nio2") }}
-   - Using filesystem backend at: {{ .Values.config.backend.filesystem.basedir }}
+{{- if .Values.config.backends.filesystem.enabled }}
+   - Using filesystem backend at: {{ .Values.config.backends.filesystem.basedir }}
 {{- end }}
-{{- if not .Values.config.identity }}
-   - WARNING: S3Proxy identity not configured. Remember to set s3proxy.identity and s3proxy.credential for authentication.
+{{- if not .Values.config.auth.identity }}
+   - WARNING: S3Proxy identity not configured. Remember to set config.auth.identity and config.auth.secret for authentication.
 {{- end }}
-{{- if and (ne .Values.config.backend.provider "filesystem") (ne .Values.config.backend.provider "filesystem-nio2") (ne .Values.config.backend.provider "transient") (ne .Values.config.backend.provider "transient-nio2") }}
-   - Make sure to configure backend credentials for {{ .Values.config.backend.provider }}
+{{- if .Values.config.backends.s3.enabled }}
+   - Make sure to configure S3 backend credentials
+{{- else if .Values.config.backends.azureblob.enabled }}
+   - Make sure to configure Azure Blob backend credentials
+{{- else if .Values.config.backends.googleCloudStorage.enabled }}
+   - Make sure to configure Google Cloud Storage backend credentials
+{{- else if .Values.config.backends.b2.enabled }}
+   - Make sure to configure Backblaze B2 backend credentials
+{{- else if .Values.config.backends.openstackSwift.enabled }}
+   - Make sure to configure OpenStack Swift backend credentials
+{{- else if .Values.config.backends.rackspaceCloudfiles.enabled }}
+   - Make sure to configure Rackspace Cloud Files backend credentials
 {{- end }}