my minio config script

minio-config.sh

#!/usr/bin/env bash

set -Eeuo pipefail

# =========================
# Prompt Input
# =========================
read -rp "MinIO Endpoint (default: http://localhost:9000): " MINIO_ENDPOINT
MINIO_ENDPOINT=${MINIO_ENDPOINT:-http://localhost:9000}

read -rp "Root User (default: minioadmin): " MINIO_ROOT_USER
MINIO_ROOT_USER=${MINIO_ROOT_USER:-minioadmin}

read -srp "Root Password (default: minioadmin123): " MINIO_ROOT_PASSWORD
echo ""
MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-minioadmin123}

read -rp "Bucket name (default: attachments): " BUCKET
BUCKET=${BUCKET:-attachments}

read -rp "Service user (default: svc-minio): " SERVICE_USER
SERVICE_USER=${SERVICE_USER:-svc-minio}

read -srp "Service password (default: svc-minio-123): " SERVICE_PASSWORD
echo ""
SERVICE_PASSWORD=${SERVICE_PASSWORD:-svc-minio-123}

read -rp "Make bucket public? (y/n, default: n): " PUBLIC
PUBLIC=${PUBLIC:-n}

# =========================
# Constants
# =========================
MINIO_ALIAS="local"

# Policy name ต้อง unique ต่อ user/bucket
SAFE_BUCKET=$(echo "$BUCKET" | tr -c 'A-Za-z0-9-' '-')
SAFE_USER=$(echo "$SERVICE_USER" | tr -c 'A-Za-z0-9-' '-')
POLICY_NAME="policy-${SAFE_USER}-${SAFE_BUCKET}"

POLICY_FILE="/tmp/${POLICY_NAME}.json"

log() {
  echo "[$(date '+%H:%M:%S')] $1"
}

# =========================
# Wait MinIO
# =========================
log "⏳ Waiting for MinIO..."

until mc alias set "$MINIO_ALIAS" "$MINIO_ENDPOINT" "$MINIO_ROOT_USER" "$MINIO_ROOT_PASSWORD" >/dev/null 2>&1; do
  sleep 2
done

log "✅ Connected to MinIO"

# =========================
# Create Bucket
# =========================
log "📦 Creating bucket: $BUCKET"
mc mb "${MINIO_ALIAS}/${BUCKET}" || log "⚠️ Bucket already exists"

# =========================
# Create Unique Policy
# =========================
cat >"$POLICY_FILE" <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads"
      ],
      "Resource": [
        "arn:aws:s3:::${BUCKET}"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject",
        "s3:AbortMultipartUpload",
        "s3:ListMultipartUploadParts"
      ],
      "Resource": [
        "arn:aws:s3:::${BUCKET}/*"
      ]
    }
  ]
}
EOF

log "🔑 Creating/updating policy: $POLICY_NAME"
mc admin policy create "$MINIO_ALIAS" "$POLICY_NAME" "$POLICY_FILE"

# =========================
# Create User
# =========================
log "👤 Creating/updating service user: $SERVICE_USER"
mc admin user add "$MINIO_ALIAS" "$SERVICE_USER" "$SERVICE_PASSWORD"

# =========================
# Attach Policy
# =========================
log "🔗 Attaching policy: $POLICY_NAME -> $SERVICE_USER"
mc admin policy attach "$MINIO_ALIAS" "$POLICY_NAME" --user "$SERVICE_USER"

# =========================
# Public Access
# =========================
if [ "$PUBLIC" = "y" ]; then
  log "🌍 Setting public read access: $BUCKET"
  mc anonymous set download "${MINIO_ALIAS}/${BUCKET}"
else
  log "🔒 Keeping bucket private: $BUCKET"
  mc anonymous set none "${MINIO_ALIAS}/${BUCKET}" || true
fi

# =========================
# Verify
# =========================
log "🔍 Policy info"
mc admin policy info "$MINIO_ALIAS" "$POLICY_NAME"

log "🔍 User info"
mc admin user info "$MINIO_ALIAS" "$SERVICE_USER"

# =========================
# Summary
# =========================
echo ""
echo "=============================="
echo "✅ MinIO Setup Completed"
echo "=============================="
echo "Endpoint : $MINIO_ENDPOINT"
echo "Bucket   : $BUCKET"
echo "User     : $SERVICE_USER"
echo "Password : $SERVICE_PASSWORD"
echo "Policy   : $POLICY_NAME"
echo "Public   : $PUBLIC"
echo "=============================="