# Generated credentials for minio. Used only if minio is enabled.
{{- $oldkeys := (lookup "v1" "Secret" .Release.Namespace "minio-creds").data -}}
{{- $accessKey := empty $oldkeys | ternary (randAlphaNum 16) (b64dec (default "" $oldkeys.accesskey)) -}}
{{- $secretKey := empty $oldkeys | ternary (randAlphaNum 16) (b64dec (default "" $oldkeys.secretkey)) -}}

# Minio values if minio is enabled, otherwise the user provided values
{{- $s3Endpoint := include "epinio.minio-url" . -}}
{{- $s3AccessKey := .Values.minio.enabled | ternary $accessKey .Values.s3.accessKeyID -}}
{{- $s3SecretKey := .Values.minio.enabled | ternary $secretKey .Values.s3.secretAccessKey -}}
{{- $s3Bucket := .Values.minio.enabled | ternary "epinio" .Values.s3.bucket -}}
{{- $s3UseSSL := .Values.minio.enabled | ternary true .Values.s3.useSSL -}}
{{- $s3Region := .Values.minio.enabled | ternary "" .Values.s3.region -}}

---
# The S3 connection details as required by the staging Job (in "ini" format)
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: epinio-s3-connection-details
  namespace: {{ .Release.Namespace }}
stringData:
  bucket: {{ $s3Bucket }}
  config: |-
    [default]
    region={{ $s3Region }}
  credentials: |-
    [default]
    aws_access_key_id={{ $s3AccessKey }}
    aws_secret_access_key={{ $s3SecretKey }}
  endpoint: {{ $s3Endpoint | quote }}
  useSSL: {{ $s3UseSSL | quote }}

# The S3 connection details as required by minio deployment
# https://github.com/minio/minio/blob/8ae46bce937567e682d14f7fe845b8ff67e549d2/helm/minio/values.yaml#L81
# Secrets get created first so Minio should find it there when it needs it.
# https://github.com/helm/helm/blob/release-3.0/pkg/releaseutil/kind_sorter.go
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: minio-creds
  namespace: {{ .Release.Namespace }}
stringData:
  rootUser: {{ $s3AccessKey | quote }}
  rootPassword: {{ $s3SecretKey | quote }}
  accesskey: {{ $s3AccessKey | quote }}
  secretkey: {{ $s3SecretKey | quote }}