From cc81d3211ded5cc67e2d969393e0256089cb2749 Mon Sep 17 00:00:00 2001
From: Victor Perron <victor@iso3103.net>
Date: Mon, 12 Aug 2024 18:29:44 +0200
Subject: [PATCH] chore(deployment) : Fix sources object access

It seems reasonable that the Airflow DAGs would access the sources
folder and can get object properties in it.
---
 deployment/main.tf | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/deployment/main.tf b/deployment/main.tf
index f475f720..4f0d6096 100644
--- a/deployment/main.tf
+++ b/deployment/main.tf
@@ -103,6 +103,21 @@ resource "scaleway_object_bucket_policy" "main" {
             "${scaleway_object_bucket.main.name}/data/*",
           ]
         },
+        {
+          Effect = "Allow",
+          Sid    = "Grant list & read in sources/* to airflow",
+          Principal = {
+            SCW = ["application_id:${var.airflow_application_id}"]
+          },
+          Action = [
+            "s3:ListBucket",
+            "s3:GetObject"
+          ],
+          Resource = [
+            "${scaleway_object_bucket.main.name}",
+            "${scaleway_object_bucket.main.name}/sources/*",
+          ]
+        },
         {
           Effect = "Allow",
           Sid    = "Grant list & read in data/marts/* to the api",