From 1a26b39f624f059da5397a5c72c21a7e30b1c427 Mon Sep 17 00:00:00 2001
From: Pierre Ozoux <pierre@ozoux.net>
Date: Mon, 22 Nov 2021 18:39:19 +0100
Subject: [PATCH] Updates createLiiibre script for new objects

---
 createLiiibre           | 22 +++++++++++++++++++++-
 policy/README.md        |  5 +++++
 policy/username-rw.json | 16 ++++++++++++++++
 3 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 policy/README.md
 create mode 100644 policy/username-rw.json

diff --git a/createLiiibre b/createLiiibre
index 85ae4d5..cf27b4f 100755
--- a/createLiiibre
+++ b/createLiiibre
@@ -67,7 +67,27 @@ kubectl -n ${tld} create secret generic forum-${tld}-smtp --from-literal=host=ma
 kubectl -n ${tld} create secret generic ${CHAT_SUBDOMAIN}-${tld}-smtp --from-literal=host=mail.indie.host --from-literal=port=587 --from-literal=from_email=${chat_email} --from-literal=username=${chat_email} --from-literal=password=${chat_email_password} --from-literal=mail_from_address=${chat_local_part}
 
 # Create Buckets
-echo "Execute on sm1 export CHAT_SUBDOMAIN=${CHAT_SUBDOMAIN};export NUAGE_SUBDOMAIN=${NUAGE_SUBDOMAIN}; ~/pierre/scripts/createLiiibreBuckets ${1}"
+## Create dumps bucket
+export AWS_ACCESS_KEY_ID=${NS}-dumps
+export AWS_SECRET_ACCESS_KEY=`openssl rand -base64 18`
+mc admin user add cold ${AWS_ACCESS_KEY_ID} ${AWS_SECRET_ACCESS_KEY}
+kubectl -n ${NS} create secret generic ${AWS_ACCESS_KEY_ID} --from-literal=AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} --from-literal=AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
+mc admin policy set minio username-rw user=${AWS_ACCESS_KEY_ID}
+
+## Create data buckets
+### For chats
+export AWS_ACCESS_KEY_ID=${CHAT_SUBDOMAIN}-${NS}
+export AWS_SECRET_ACCESS_KEY=`openssl rand -base64 18`
+mc admin user add hot ${AWS_ACCESS_KEY_ID} ${AWS_SECRET_ACCESS_KEY}
+kubectl -n ${NS} create secret generic ${AWS_ACCESS_KEY_ID} --from-literal=AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} --from-literal=AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
+mc admin policy set minio username-rw user=${AWS_ACCESS_KEY_ID}
+
+### For Nuage
+export AWS_ACCESS_KEY_ID=${NUAGE_SUBDOMAIN}-${NS}
+export AWS_SECRET_ACCESS_KEY=`openssl rand -base64 18`
+mc admin user add hot ${AWS_ACCESS_KEY_ID} ${AWS_SECRET_ACCESS_KEY}
+kubectl -n ${NS} create secret generic ${AWS_ACCESS_KEY_ID} --from-literal=AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID} --from-literal=AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
+mc admin policy set minio username-rw user=${AWS_ACCESS_KEY_ID}
 
 # Create secrets
 mkdir /tmp/${NS}
diff --git a/policy/README.md b/policy/README.md
new file mode 100644
index 0000000..8803109
--- /dev/null
+++ b/policy/README.md
@@ -0,0 +1,5 @@
+# Deploy policies for hot and cold buckets
+
+mc admin policy add hot username-rw ./policy.json
+mc admin policy add cold username-rw /policy.json
+
diff --git a/policy/username-rw.json b/policy/username-rw.json
new file mode 100644
index 0000000..070d497
--- /dev/null
+++ b/policy/username-rw.json
@@ -0,0 +1,16 @@
+{
+  "Version":"2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "s3:*"
+      ],
+      "Effect": "Allow",
+      "Resource": [
+        "arn:aws:s3:::${aws:username}/*",
+        "arn:aws:s3:::${aws:username}"
+      ]
+     }
+  ]
+}
+
-- 
GitLab