apiVersion: apiextensions.crossplane.io/v1
kind: Composition
metadata:
  annotations:
  labels:
    implementation: terraform
    provider: minio
  name: tf-bucket.gnu.one
spec:
  compositeTypeRef:
    apiVersion: s3.gnu.one/v1alpha1
    kind: XBucket
  mode: Resources
  publishConnectionDetailsWithStoreConfigRef:
    name: default
  resources:
  - base:
      apiVersion: tf.upbound.io/v1beta1
      kind: Workspace
      spec:
        forProvider:
          module: |
            terraform {
              required_providers {
                minio = {
                  source = "aminueza/minio"
                  version = "1.17.2"
                }
              }
            }

            variable "access_key" {
              description = "S3 Access Key"
              type        = string
            }

            variable "secret_key" {
              description = "S2 Secret Key"
              type        = string
              sensitive   = true
            }

            variable "name" {
              description = "Name of Bucket & Service Account"
              type        = string
            }

            variable "endpoint" {
              description = "Minio Endpoint"
              type        = string
              default     = "s3-minio.s3.svc.cluster.local:9000"
            }

            provider "minio" {
              minio_server   = var.endpoint
              minio_user     = var.access_key
              minio_password = var.secret_key
            }

            resource "minio_s3_bucket" "bucket" {
              bucket        = var.name
              acl           = "private"
              force_destroy = false
            }

            resource "minio_iam_policy" "policy" {
              name = var.name
              policy= <<EOF
            {
             "Version": "2012-10-17",
             "Statement": [
              {
               "Effect": "Allow",
               "Action": [
                "s3:*"
               ],
               "Resource": [
                "arn:aws:s3:::${var.name}/*",
                "arn:aws:s3:::${var.name}"
               ]
              }
             ]
            }
            EOF
            }

            resource "minio_iam_user" "user" {
              name          = var.name
              force_destroy = true
            }

            resource "minio_iam_user_policy_attachment" "policy_to_user" {
              user_name   = minio_iam_user.user.id
              policy_name = minio_iam_policy.policy.id
            }

            resource "minio_iam_service_account" "service_account" {
              target_user = minio_iam_user.user.name
            }

            output "endpoint" {
              value = var.endpoint
            }

            output "access_key" {
              value = minio_iam_service_account.service_account.access_key
            }

            output "secret_key" {
              value     = minio_iam_service_account.service_account.secret_key
              sensitive = true
            }
          source: Inline
          varFiles:
          - format: JSON
            secretKeyRef:
              key: secret.json
              name: terraform
              namespace: crossplane-system
            source: SecretKey
          vars:
          - key: name
          - key: endpoint
            value: s3-minio.s3.svc.cluster.local:9000
        writeConnectionSecretToRef:
          name: s3-bucket
          namespace: default
    name: tf-bucket-and-user
    patches:
    - fromFieldPath: spec.name
      toFieldPath: spec.forProvider.vars[0].value
      type: FromCompositeFieldPath
    - fromFieldPath: spec.claimRef.namespace
      toFieldPath: spec.writeConnectionSecretToRef.namespace
      type: FromCompositeFieldPath
    - fromFieldPath: spec.secretName
      toFieldPath: spec.writeConnectionSecretToRef.name
      type: FromCompositeFieldPath