Applied first configuration

src/main.rs

@@ -88,8 +88,22 @@ async fn apply_bucket(b: &MinioBucket, client: &Client) -> anyhow::Result<()> {
         password: read_secret_str(&user_secret, SECRET_MINIO_BUCKET_SECRET_KEY)?,
     };
 
-    println!("{:?}", service);
+    log::debug!("Create or update bucket...");
-    println!("{:?}", user);
+    service.bucket_apply(&b.spec).await?;
+
+    let policy_name = format!("bucket-{}", b.spec.name);
+    log::debug!("Create or update policy '{policy_name}'...");
+    let policy_content =
+        include_str!("policy_template.json").replace("{{ bucket }}", b.spec.name.as_str());
+    service.policy_apply(&policy_name, &policy_content).await?;
+
+    log::debug!("Create or update user '{}'...", user.username);
+    service.user_apply(&user).await?;
+
+    log::debug!("Attach policy '{policy_name}' to user...");
+    service.policy_attach_user(&user, &policy_name).await?;
+
+    log::debug!("Successfully applied desired configuration!");
 
     Ok(())
 }

src/minio.rs

@@ -251,7 +251,7 @@ impl MinioService {
     }
 
     /// Apply bucket desired configuration. If bucket already exists, it is not dropped
-    pub async fn apply_bucket(&self, b: &MinioBucketSpec) -> anyhow::Result<()> {
+    pub async fn bucket_apply(&self, b: &MinioBucketSpec) -> anyhow::Result<()> {
         // Set base parameters
         let bucket_name = format!("{}/{}", MC_ALIAS_NAME, b.name);
         let mut args = ["mb", bucket_name.as_str(), "-p"].to_vec();
@@ -608,7 +608,7 @@ mod test {
         let srv = MinioTestServer::start().await.unwrap();
         let service = srv.as_service();
         service
-            .apply_bucket(&MinioBucketSpec {
+            .bucket_apply(&MinioBucketSpec {
                 instance: "".to_string(),
                 name: TEST_BUCKET_NAME.to_string(),
                 secret: "".to_string(),
@@ -630,7 +630,7 @@ mod test {
         let srv = MinioTestServer::start().await.unwrap();
         let service = srv.as_service();
         service
-            .apply_bucket(&MinioBucketSpec {
+            .bucket_apply(&MinioBucketSpec {
                 instance: "".to_string(),
                 name: TEST_BUCKET_NAME.to_string(),
                 secret: "".to_string(),
@@ -665,7 +665,7 @@ mod test {
         let srv = MinioTestServer::start().await.unwrap();
         let service = srv.as_service();
         service
-            .apply_bucket(&MinioBucketSpec {
+            .bucket_apply(&MinioBucketSpec {
                 instance: "".to_string(),
                 name: TEST_BUCKET_NAME.to_string(),
                 secret: "".to_string(),
@@ -696,7 +696,7 @@ mod test {
         let srv = MinioTestServer::start().await.unwrap();
         let service = srv.as_service();
         service
-            .apply_bucket(&MinioBucketSpec {
+            .bucket_apply(&MinioBucketSpec {
                 instance: "".to_string(),
                 name: TEST_BUCKET_NAME.to_string(),
                 secret: "".to_string(),
@@ -749,7 +749,7 @@ mod test {
         let srv = MinioTestServer::start().await.unwrap();
         let service = srv.as_service();
         service
-            .apply_bucket(&MinioBucketSpec {
+            .bucket_apply(&MinioBucketSpec {
                 instance: "".to_string(),
                 name: TEST_BUCKET_NAME.to_string(),
                 secret: "".to_string(),
@@ -776,7 +776,7 @@ mod test {
         let srv = MinioTestServer::start().await.unwrap();
         let service = srv.as_service();
         service
-            .apply_bucket(&MinioBucketSpec {
+            .bucket_apply(&MinioBucketSpec {
                 instance: "".to_string(),
                 name: TEST_BUCKET_NAME.to_string(),
                 secret: "".to_string(),
@@ -803,7 +803,7 @@ mod test {
         let srv = MinioTestServer::start().await.unwrap();
         let service = srv.as_service();
         service
-            .apply_bucket(&MinioBucketSpec {
+            .bucket_apply(&MinioBucketSpec {
                 instance: "".to_string(),
                 name: TEST_BUCKET_NAME.to_string(),
                 secret: "".to_string(),
@@ -846,7 +846,7 @@ mod test {
         let srv = MinioTestServer::start().await.unwrap();
         let service = srv.as_service();
         service
-            .apply_bucket(&MinioBucketSpec {
+            .bucket_apply(&MinioBucketSpec {
                 instance: "".to_string(),
                 name: TEST_BUCKET_NAME.to_string(),
                 secret: "".to_string(),
@@ -891,7 +891,7 @@ mod test {
         let srv = MinioTestServer::start().await.unwrap();
         let service = srv.as_service();
         service
-            .apply_bucket(&MinioBucketSpec {
+            .bucket_apply(&MinioBucketSpec {
                 instance: "".to_string(),
                 name: TEST_BUCKET_NAME.to_string(),
                 secret: "".to_string(),
@@ -918,7 +918,7 @@ mod test {
         let srv = MinioTestServer::start().await.unwrap();
         let service = srv.as_service();
         service
-            .apply_bucket(&MinioBucketSpec {
+            .bucket_apply(&MinioBucketSpec {
                 instance: "".to_string(),
                 name: TEST_BUCKET_NAME.to_string(),
                 secret: "".to_string(),
@@ -1008,7 +1008,7 @@ mod test {
         let srv = MinioTestServer::start().await.unwrap();
         let service = srv.as_service();
         service
-            .apply_bucket(&MinioBucketSpec {
+            .bucket_apply(&MinioBucketSpec {
                 instance: "".to_string(),
                 name: TEST_BUCKET_NAME.to_string(),
                 secret: "".to_string(),

src/policy_template.json

@@ -0,0 +1,17 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Sid": "ListObjectsInBucket",
+      "Effect": "Allow",
+      "Action": ["s3:ListBucket"],
+      "Resource": ["arn:aws:s3:::{{ bucket }}"]
+    },
+    {
+      "Sid": "AllObjectActions",
+      "Effect": "Allow",
+      "Action": ["s3:DeleteObject", "s3:Get*", "s3:PutObject", "s3:*Object"],
+      "Resource": ["arn:aws:s3:::{{ bucket }}/*"]
+    }
+  ]
+}

test/bucket-policy.json

@@ -1,28 +0,0 @@
-{
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Sid": "ListObjectsInBucket",
-            "Effect": "Allow",
-            "Action": [
-                "s3:ListBucket"
-            ],
-            "Resource": [
-                "arn:aws:s3:::bucket"
-            ]
-        },
-        {
-            "Sid": "AllObjectActions",
-            "Effect": "Allow",
-            "Action": [
-                "s3:DeleteObject",
-                "s3:Get*",
-                "s3:PutObject",
-                "s3:*Object"
-            ],
-            "Resource": [
-                "arn:aws:s3:::bucket/*"
-            ]
-        }
-    ]
-}

test/test-outside-cluster.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: minio-root
+type: Opaque
+data:
+  accessKey: bWluaW9hZG1pbg==
+  secretKey: bWluaW9hZG1pbg==
+---
+apiVersion: "communiquons.org/v1"
+kind: MinioInstance
+metadata:
+  name: my-minio-instance
+spec:
+  endpoint: http://localhost:9000/
+  credentials: minio-root
+---
+apiVersion: "communiquons.org/v1"
+kind: MinioBucket
+metadata:
+  name: first-bucket
+spec:
+  instance: my-minio-instance
+  name: first-bucket
+  secret: first-bucket-secret