---
apiVersion: s3.onyxia.sh/v1alpha1
kind: Policy
metadata:
  name: {{ .Release.Name }}-policy
spec:
  name: {{ .Release.Name }}-policy
  s3InstanceRef: minio/default
  policyContent: >-
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "s3:ListBucket",
            "s3:GetObject",
            "s3:PutObject"
          ],
          "Resource": [
            "arn:aws:s3:::{{ .Release.Name }}",
            "arn:aws:s3:::{{ .Release.Name }}/*"
          ]
        }
      ]
    }
---
apiVersion: s3.onyxia.sh/v1alpha1
kind: S3User
metadata:
  name: {{ .Release.Name }}-bucket
spec:
  accessKey: {{ .Release.Name }}-bucket # This is automatically created
  policies:
    - {{ .Release.Name }}-policy
  s3InstanceRef: minio/default
---
apiVersion: s3.onyxia.sh/v1alpha1
kind: Bucket
metadata:
  name: {{ .Release.Name }}
spec:
  name: {{ .Release.Name }}
  s3InstanceRef: minio/default
  quota:
    default: 100000000