# defaulting s3 config with the user provided values
{{- $s3Endpoint := .Values.s3.endpoint }}
{{- $s3AccessKey := .Values.s3.accessKeyID }}
{{- $s3SecretKey := .Values.s3.secretAccessKey }}
{{- $s3Bucket := .Values.s3.bucket }}
{{- $s3UseSSL := .Values.s3.useSSL }}
{{- $s3Region := .Values.s3.region }}
# minio values if minio is enabled
{{- if .Values.minio.enabled }}
# Generated credentials for minio. Used only if minio is enabled.
{{- $oldkeys := (lookup "v1" "Secret" .Release.Namespace "minio-creds").data -}}
{{- $accessKey := empty $oldkeys | ternary (randAlphaNum 16) (b64dec (default "" $oldkeys.accesskey)) -}}
{{- $secretKey := empty $oldkeys | ternary (randAlphaNum 16) (b64dec (default "" $oldkeys.secretkey)) -}}
{{- $s3Endpoint = include "epinio.minio-url" . -}}
{{- $s3AccessKey = $accessKey }}
{{- $s3SecretKey = $secretKey }}
{{- $s3UseSSL = true }}
# s3gw values if s3gw is enabled
{{- else if .Values.s3gw.enabled }}
# Generated credentials for s3gw. Used only if s3gw is enabled.
{{- $oldkeys := (lookup "v1" "Secret" .Release.Namespace .Values.s3gw.defaultUserCredentialsSecret).data -}}
{{- $accessKey := empty $oldkeys | ternary (randAlphaNum 32) (b64dec (default "" $oldkeys.RGW_DEFAULT_USER_ACCESS_KEY)) -}}
{{- $secretKey := empty $oldkeys | ternary (randAlphaNum 32) (b64dec (default "" $oldkeys.RGW_DEFAULT_USER_SECRET_KEY)) -}}
{{- $s3Endpoint = include "epinio.s3gw-url" . -}}
{{- $s3AccessKey = $accessKey }}
{{- $s3SecretKey = $secretKey }}
{{- $s3UseSSL = true }}
{{- end }}

---
# The S3 connection details as required by the staging Job (in "ini" format)
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: epinio-s3-connection-details
  namespace: {{ .Release.Namespace }}
stringData:
  bucket: {{ $s3Bucket }}
  config: |-
    [default]
    region={{ $s3Region }}
  credentials: |-
    [default]
    aws_access_key_id={{ $s3AccessKey }}
    aws_secret_access_key={{ $s3SecretKey }}
  endpoint: {{ $s3Endpoint | quote }}
  useSSL: {{ $s3UseSSL | quote }}

# Secrets get created first so Minio and s3gw should find them there when they needs them.
# https://github.com/helm/helm/blob/release-3.0/pkg/releaseutil/kind_sorter.go

{{- if .Values.minio.enabled }}
# The S3 connection details as required by Minio deployment
# https://github.com/minio/minio/blob/8ae46bce937567e682d14f7fe845b8ff67e549d2/helm/minio/values.yaml#L81
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: minio-creds
  namespace: {{ .Release.Namespace }}
stringData:
  rootUser: {{ $s3AccessKey | quote }}
  rootPassword: {{ $s3SecretKey | quote }}
  accesskey: {{ $s3AccessKey | quote }}
  secretkey: {{ $s3SecretKey | quote }}
{{- else if .Values.s3gw.enabled }}
---
apiVersion: v1
kind: Secret
metadata:
  name: '{{ .Values.s3gw.defaultUserCredentialsSecret }}'
  namespace: {{ .Release.Namespace }}
  labels:
type: Opaque
stringData:
  RGW_DEFAULT_USER_ACCESS_KEY: {{ $s3AccessKey | quote }}
  RGW_DEFAULT_USER_SECRET_KEY: {{ $s3SecretKey | quote }}
{{- end }}