From bb8b47d7c5ec8bcf6efffd4eb1c289aacc5b62e1 Mon Sep 17 00:00:00 2001
From: Sarah Gibson <drsarahlgibson@gmail.com>
Date: Thu, 13 Jun 2024 16:54:56 +0100
Subject: [PATCH 1/2] Provide AWS role ARN to BHKI hub to access persistent
 bucket

---
 config/clusters/catalystproject-africa/bhki.values.yaml | 3 +++
 terraform/aws/projects/catalystproject-africa.tfvars    | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/config/clusters/catalystproject-africa/bhki.values.yaml b/config/clusters/catalystproject-africa/bhki.values.yaml
index 09ef4c3a88..6cda044abc 100644
--- a/config/clusters/catalystproject-africa/bhki.values.yaml
+++ b/config/clusters/catalystproject-africa/bhki.values.yaml
@@ -1,3 +1,6 @@
+userServiceAccount:
+  annotations:
+    eks.amazonaws.com/role-arn: arn:aws:iam::495928966746:role/catalystproject-africa-bhki
 jupyterhub:
   ingress:
     hosts: [bhki.af.catalystproject.2i2c.cloud]
diff --git a/terraform/aws/projects/catalystproject-africa.tfvars b/terraform/aws/projects/catalystproject-africa.tfvars
index c32dad8eb2..18c029b9f3 100644
--- a/terraform/aws/projects/catalystproject-africa.tfvars
+++ b/terraform/aws/projects/catalystproject-africa.tfvars
@@ -28,4 +28,9 @@ hub_cloud_permissions = {
       bucket_admin_access : ["scratch"],
     },
   },
+  "bhki" : {
+    "user-sa" : {
+      bucket_admin_access : ["persistent-bhki"],
+    },
+  },
 }

From 4e828135a3584c6f910f4e5190e9cce167639cae Mon Sep 17 00:00:00 2001
From: Sarah Gibson <drsarahlgibson@gmail.com>
Date: Thu, 13 Jun 2024 16:55:21 +0100
Subject: [PATCH 2/2] Provide hub cloud permissions for UNAM hub to access
 persistent storage bucket

---
 terraform/gcp/projects/catalystproject-latam.tfvars | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/terraform/gcp/projects/catalystproject-latam.tfvars b/terraform/gcp/projects/catalystproject-latam.tfvars
index 103d6d1b62..e80705a1dd 100644
--- a/terraform/gcp/projects/catalystproject-latam.tfvars
+++ b/terraform/gcp/projects/catalystproject-latam.tfvars
@@ -81,7 +81,7 @@ user_buckets = {
 
 hub_cloud_permissions = {
   "unam" : {
-    bucket_admin_access : ["scratch-unam"],
+    bucket_admin_access : ["scratch-unam", "persistent-unam"],
     hub_namespace : "unam",
   },
 }