From 35d620b7225439da01040b2c1b930fdab12df015 Mon Sep 17 00:00:00 2001
From: Nikolai Rodionov <allanger@zohomail.com>
Date: Thu, 9 Mar 2023 22:24:52 +0100
Subject: [PATCH] WIP: It doesn't work yet

---
 badhouseplants/values/secrets.minio.yaml | 14 ++++++--
 badhouseplants/values/values.minio.yaml  | 43 +++++++++++++++++++++---
 releases.yaml                            |  2 +-
 3 files changed, 52 insertions(+), 7 deletions(-)

diff --git a/badhouseplants/values/secrets.minio.yaml b/badhouseplants/values/secrets.minio.yaml
index c47026c..9b7ed68 100644
--- a/badhouseplants/values/secrets.minio.yaml
+++ b/badhouseplants/values/secrets.minio.yaml
@@ -3,6 +3,16 @@ users:
     - accessKey: ENC[AES256_GCM,data:9ZhHOes+vQM=,iv:ltKbQ0KW8/Jmn7kmTaGaDcerlkquTXhGr0wbMMwxNgA=,tag:X6n+44dvPAm4v2rcxYkPEQ==,type:str]
       secretKey: ENC[AES256_GCM,data:mzWBQcPitrpwIMqBrbtBs3RBDg==,iv:cLA6Wvmf5il54DFkNbwQ27wPxAm/eqSrxAc3MVELero=,tag:nUc83Ctqw4PTwirkUr803A==,type:str]
       policy: ENC[AES256_GCM,data:B7CQsSUaq3B/gO/X,iv:Z4DTTXk5TO288lIrjbvXQXsUt44WjvGLMGxXmnEnHGU=,tag:pvK4zoZGBbpithTBYVDKfQ==,type:str]
+oidc:
+    enabled: ENC[AES256_GCM,data:UOSkfmM=,iv:z81dZ004oQjIw9VDXV8okSyEbb6Z++MgVSn5nkAoXVM=,tag:rhX5nm3e5AD1aPQNRUm0Qw==,type:bool]
+    configUrl: ENC[AES256_GCM,data:ZNVvWPlFPA1xgfysavsEusfxE2ySIM9FYatYqfWPnUrHKMtCxYlrn1ip3nTYL2JHvjM3yltLBNbqWMCGlgtw,iv:p1F2DqCFaKvjYKhMieFytnMuggrec8DmBzDATLTVe+8=,tag:3EtpPSyRlGThov5OcZfV+g==,type:str]
+    clientId: ENC[AES256_GCM,data:kO7PkjN+5GqZCxChvtbTQb/5zo7nVxfh7MZqbDoJLIKMEfth,iv:ti3Xlc3sRVOVGtxGw/pT5iBy5rBqV2v+MhiNF3Krb9U=,tag:3LUDIkq08zGmvjJtSnE/jA==,type:str]
+    clientSecret: ENC[AES256_GCM,data:PVe+8SlNrznBiFVNpuQXIcuPkUXyUJ7DObZpRvlgA8JjUHXTy3VY7soyJVBZEMfYbNjSLLcKcWM=,iv:fbh2RcQdPf3jUt2AOI3xp09SSEaWzI4rLGZmlZY46uM=,tag:wvEBkkPsXoQXAP7fN1iDMA==,type:str]
+    claimName: null
+    redirectUri: ENC[AES256_GCM,data:+Q8cNCvslAcO4m7VJwNe/CpEntyHfuHOrHqqtlrDILkfc0IRAA8aSbZwbA2v+So=,iv:GwzNILyqLuAYUQFKbt5WE+VCdOzSTBmGCAHcCAnzxXk=,tag:p9/86/r2DfT1mkQu+aQJfQ==,type:str]
+    comment: ENC[AES256_GCM,data:TO3kA0i503ZA+EFhKa2AZw==,iv:Cl3NvvgXz71AaCgMl062urNtcBtgk832vtxTs9MJwik=,tag:JwerK2q1L7xMv/NIoWkESw==,type:str]
+    claimPrefix: ""
+    scopes: ENC[AES256_GCM,data:t1rW7taQ1fEm0qL4FA1Bib4xDoE=,iv:j3ASuhFoAWNDY2/Prqz83j9EijNYpc65xlwzH1Vh+9Y=,tag:RFdZ2ihDrlVYqcJLm2NRVg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -18,8 +28,8 @@ sops:
             NFd0WDBXRERZc2ZDbWhDTFhnZExjVmcKDKHKoouDK66AYXenznGjTMnahqIwbp1y
             zA+MZx0FPO7xm9UCGaxIFzdLXK6O2ctw9fDceR6oMj+YehLOKwEmoA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-02-19T20:48:11Z"
-    mac: ENC[AES256_GCM,data:MTcZ//5+uC+yFp+TmLhqdGIBpcaW96HpfUZeIUZijOffss401/XMOYprIILTPRq2B8kaCW2jp8hkL3oFDxSce0BGeqdRsFOlRL9vbtpyBPTUoGBnr6u/HK1G09zqtlsA/RZTvpBNoKrfdSvoWwoFIjs5oWPbi1f44gkgAl85ENM=,iv:07nSOo1F63sPgadSHtdI9JjtKjH/F9ThFW4sxWVGTxs=,tag:fFOO4sT6EFsAKje5llEUqg==,type:str]
+    lastmodified: "2023-03-09T18:51:00Z"
+    mac: ENC[AES256_GCM,data:wmUPV6hG+45Tm86xhKrAghmEDFBO72gLQHUEFjEwRdsB43Duvno43o2Gj5Tu6AZNaAR0DgfHJwduqOWnsnnR+b0Kc5P1SUXZIZ9oyk+WiI8Ae2sckFEeMgUG3sgbTYd4SQzcoP8eVbONuchKUAa38ilJuKcKIp9BhrwxDDGdViM=,iv:SQYWVIKnV7tbJlNNC3GMpgLs5rmqx2HutgoxEUYuoUE=,tag:McTYqkT5DtEw1J3qmY0e4g==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3
diff --git a/badhouseplants/values/values.minio.yaml b/badhouseplants/values/values.minio.yaml
index aaa04e3..0310bb8 100644
--- a/badhouseplants/values/values.minio.yaml
+++ b/badhouseplants/values/values.minio.yaml
@@ -1,3 +1,4 @@
+---
 rootUser: 'overlord'
 replicas: 1
 mode: standalone
@@ -24,13 +25,47 @@ resources:
   requests:
     memory: 2Gi
 buckets:
-  - name: allanger
-    policy: none
+  - name: badhouseplants-net
+    policy: download
     purge: false
-    versioning: true
+    versioning: false
 metrics:
   serviceMonitor:
     enabled: false
     public: true
     additionalLabels: {}
-
+policies:
+  - name: allanger
+    statements:
+      - resources:
+          - 'arn:aws:s3:::*'
+        actions:
+          - "s3:*"
+      - resources: []
+        actions:
+          - "admin:*"
+      - resources: []
+        actions:
+          - "kms:*"
+  - name: badhouseplants:owners
+    statements:
+      - resources:
+          - 'arn:aws:s3:::*'
+        actions:
+          - "s3:*"
+      - resources: []
+        actions:
+          - "admin:*"
+      - resources: []
+        actions:
+          - "kms:*"
+  - name: badhouseplants
+    statements:
+      - resources:
+          - 'arn:aws:s3:::badhouseplants'
+        actions:
+          - "s3:*"
+      - resources:
+          - 'arn:aws:s3:::badhouseplants/*'
+        actions:
+          - "s3:*"
diff --git a/releases.yaml b/releases.yaml
index eaff832..7647949 100644
--- a/releases.yaml
+++ b/releases.yaml
@@ -149,7 +149,7 @@ templates:
   minio: &minio
     name: minio
     chart: minio/minio
-    version: 5.0.4
+    version: 5.0.7
     inherit:
       - template: default-env-values
       - template: default-env-secrets