apiVersion: tf.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: minio
spec:
  configuration: |
    provider minio {
      // required
      minio_server   = "s3-new.badhouseplants.net:443"
      minio_region   = "us-east-1"
      minio_ssl      = "true"
    }

    terraform {
      backend "kubernetes" {
        secret_suffix     = "minio-tf-state"
        namespace         = "platform"
        in_cluster_config = true
      }
      required_providers {
         minio = {
           source = "aminueza/minio"
           version = "2.4.3"
         }
      }
    }
---
apiVersion: tf.upbound.io/v1beta1
kind: Workspace
metadata:
  name: example-bucket-creation
spec:
  providerConfigRef:
    name: minio
  writeConnectionSecretToRef:
    namespace: platform
    name: tf-minio-state-output
  forProvider:
    source: Inline
    env:
      - name: MINIO_PASSWORD
        secretKeyRef:
          namespace: platform
          name: minio-secret
          key: AWS_SECRET_ACCESS_KEY
      - name: MINIO_USER
        secretKeyRef:
          namespace: platform
          name: minio-secret
          key: AWS_ACCESS_KEY_ID
    module: |
      resource "minio_s3_bucket" "states" {
        bucket = "states"
      }

      resource "minio_iam_user" "terraform" {
         name = "terraform"
         force_destroy = true
         tags = {
          service = "terraform"
        }
      }
      resource "minio_iam_policy" "terraform" {
        name = "state-terraform"
        policy= <<EOF
      {
        "Version":"2012-10-17",
        "Statement": [
          {
            "Sid":"terraform",
            "Effect": "Allow",
            "Action": ["s3:PutObject"],
            "Resource": "arn:aws:s3:::state-terraform-s3/*"
          }
        ]
      }
      EOF
      }
      
      resource "minio_iam_user_policy_attachment" "terraform" {
        user_name   = minio_iam_user.terraform.id
        policy_name = minio_iam_policy.terraform.id
      }
    
      output "MINIO_USERNAME" {
        value       = minio_iam_user.terraform.id
      }

      output "MINIO_PASSWORD" {
        value       = minio_iam_user.terraform.secret
        sensitive   = true
      }
---
apiVersion: tf.upbound.io/v1beta1
kind: ProviderConfig
metadata:
  name: minio-backend
spec:
  configuration: |
    provider minio {
      // required
      minio_server   = "s3-new.badhouseplants.net:443"
      minio_region   = "us-east-1"
      minio_ssl      = "true"
    }

    terraform {
      backend "s3" {
        bucket = "states"
        key    = "test"
        region = "us-east-1"
        endpoint = "https://s3-new.badhouseplants.net"
        use_path_style = true

        skip_credentials_validation = true

        skip_metadata_api_check     = true
        skip_region_validation      = true
      }

      required_providers {
         minio = {
           source = "aminueza/minio"
           version = "2.4.3"
         }
      }
    }
---
apiVersion: tf.upbound.io/v1beta1
kind: Workspace
metadata:
  name: try-backend
spec:
  providerConfigRef:
    name: minio-backend
  writeConnectionSecretToRef:
    namespace: platform
    name: tf-minio-state-output
  forProvider:
    source: Inline
    env:
      - name: MINIO_PASSWORD
        secretKeyRef:
          namespace: platform
          name: tf-minio-state-output
          key: MINIO_PASSWORD
      - name: MINIO_USER
        secretKeyRef:
          namespace: platform
          name: tf-minio-state-output
          key: MINIO_USERNAME
      - name: AWS_ACCESS_KEY_ID
        secretKeyRef:
          namespace: platform
          name: minio-secret
          key: AWS_ACCESS_KEY_ID
      - name: AWS_SECRET_ACCESS_KEY
        secretKeyRef:
          namespace: platform
          name: minio-secret
          key: AWS_SECRET_ACCESS_KEY
    module: |
      resource "minio_s3_bucket" "states" {
        bucket = "states-test"
      }