# Create a user first
resource "minio_iam_user" "service_users" {
  for_each = local.services_s3
  name = each.key
}

resource "minio_accesskey" "service_access_keys" {
  for_each = local.services_s3
  user = minio_iam_user.service_users[each.key].name
}

resource "minio_s3_bucket" "service_buckets" {
  for_each = local.buckets_s3
  bucket = replace("${each.key}.serguzim.me", "_", "-")
  lifecycle {
    prevent_destroy = true
  }
}

resource "minio_iam_policy" "service_bucket_policies" {
  for_each = local.buckets_s3
  name     = each.key
  policy   = jsonencode({
    Version = "2012-10-17",
    Statement = [
      {
        Sid = "${each.key} statement"
        Effect = "Allow",
        Action = ["s3:*"],
        Principal = "*",
        Resource = "${minio_s3_bucket.service_buckets[each.key].arn}/*"
      }
    ]
  })
}

resource "minio_iam_user_policy_attachment" "service_bucket_policy_attachments" {
  for_each    = local.buckets_s3
  user_name   = minio_iam_user.service_users[each.value].id
  policy_name = minio_iam_policy.service_bucket_policies[each.key].id
}

//resource "minio_iam_service_account" "service_accounts" {
//  for_each = minio_iam_user.service_users
//  target_user = each.value.name
//  policy = jsonencode({
//    Version = "2012-10-17",
//    Statement = [{
//      Action = [
//        "s3:*",
//      ],
//      "Effect": "Allow",
//      "Resource": []
//    }]
//  })
//}