Refactor MinIO policy handling in scripts. Updated policy path to include bucket name in README and scripts. Introduced MINIO_POLICY_NAME variable for consistent policy naming across create-user and healthcheck scripts. Adjusted Dockerfile to remove hardcoded policy path.

Author: jaydrogers

README.md

@@ -61,7 +61,8 @@ The following environment variables can be used to customize the MinIO user init
 | `MINIO_ALIAS` | Alias for the MinIO server | `minio` |
 | `MINIO_USER_BUCKET_PERMISSIONS` | Comma-separated list of bucket permissions | `s3:ListBucket,s3:GetBucketLocation,s3:ListBucketMultipartUploads` |
 | `MINIO_USER_OBJECT_PERMISSIONS` | Comma-separated list of object permissions | `s3:PutObject,s3:GetObject,s3:DeleteObject,s3:ListMultipartUploadParts,s3:AbortMultipartUpload` |
-| `MINIO_POLICY_PATH` | Path to the policy file. This file will be created if it doesn't exist or you can provide your own JSON by mounting to the `/policies` directory. | `/policies/readwrite-bucket.json` |
+| `MINIO_POLICY_PATH` | Path to the policy file. This file will be created if it doesn't exist or you can provide your own JSON by mounting to the `/policies` directory. | `/policies/readwrite-bucket-${MINIO_USER_BUCKET_NAME}.json` |
+| `MINIO_POLICY_NAME` | Name of the policy you want to create/update/overwrite in MinIO. If you don't provide this, we just use the file name of your policy (without the `.json`). | `basename "$MINIO_POLICY_PATH" .json` (and trimmed of any special characters) |
 | `DEBUG` | Enable debug mode | `false` |
 | `SLEEP` | Keep container running after initialization | `true` |
 

src/Dockerfile

@@ -7,7 +7,6 @@ ENV DEBUG=false \
     MINIO_ADMIN_PASSWORD='' \
     MINIO_ALIAS=minio \
     MINIO_HOST='' \
-    MINIO_POLICY_PATH='/policies/readwrite-bucket.json' \
     MINIO_USER_ACCESS_KEY='' \
     MINIO_USER_BUCKET_NAME='' \
     MINIO_USER_BUCKET_PERMISSIONS='s3:ListBucket,s3:GetBucketLocation,s3:ListBucketMultipartUploads' \

src/create-user.sh

@@ -10,7 +10,6 @@ if [ "$DEBUG" = "true" ]; then
 fi
 
 mc_cmd="mc $debug_flag"
-minio_policy_name=$(basename "$MINIO_POLICY_PATH" .json | tr '[:upper:]' '[:lower:]' | tr -cd '[:alnum:]-_')
 ################################################################################
 # Functions
 ################################################################################
@@ -52,7 +51,7 @@ check_policy_exists() {
     local policy_list
     policy_list=$($mc_cmd admin policy list)
     case "$policy_list" in
-        *"$minio_policy_name"*) return 0 ;;
+        *"$MINIO_POLICY_NAME"*) return 0 ;;
         *) return 1 ;;
     esac
 }
@@ -80,13 +79,13 @@ $mc_cmd mb "$MINIO_ALIAS/$MINIO_USER_BUCKET_NAME" --ignore-existing
 
 # Create policy if it doesn't exist
 if ! check_policy_exists; then
-    echo "NOTICE: Policy $minio_policy_name not found. Creating..."
-    $mc_cmd admin policy create "$MINIO_ALIAS" "$minio_policy_name" "$MINIO_POLICY_PATH"
+    echo "NOTICE: Policy $MINIO_POLICY_NAME not found. Creating..."
+    $mc_cmd admin policy create "$MINIO_ALIAS" "$MINIO_POLICY_NAME" "$MINIO_POLICY_PATH"
 fi
 
 # Create user and apply policy
-$mc_cmd admin user add "$MINIO_ALIAS" "$MINIO_USER_ACCESS_KEY" "$minio_policy_name"
-$mc_cmd admin policy attach "$MINIO_ALIAS" "$minio_policy_name" --user "$MINIO_USER_ACCESS_KEY"
+$mc_cmd admin user add "$MINIO_ALIAS" "$MINIO_USER_ACCESS_KEY" "$MINIO_USER_SECRET_KEY"
+$mc_cmd admin policy attach "$MINIO_ALIAS" "$MINIO_POLICY_NAME" --user "$MINIO_USER_ACCESS_KEY"
 
 # Sleep or exit
 sleep_or_exit

src/entrypoint.sh

@@ -1,6 +1,11 @@
 #!/bin/bash
 set -e
 MINIO_ACCESS_KEY_EXISTS=false
+MINIO_POLICY_PATH=${MINIO_POLICY_PATH:-"/policies/readwrite-bucket-${MINIO_USER_BUCKET_NAME}.json"}
+MINIO_POLICY_NAME=$(basename "$MINIO_POLICY_PATH" .json | tr '[:upper:]' '[:lower:]' | tr -cd '[:alnum:]-_')
+
+export MINIO_POLICY_PATH
+export MINIO_POLICY_NAME
 
 if [ "$DEBUG" = "true" ]; then
     set -x

src/healthcheck.sh

@@ -7,23 +7,7 @@ if [ "$DEBUG" = "true" ]; then
 fi
 
 echo "Starting health check..."
-
-# Get policy name from path
-minio_policy_name=$(basename "$MINIO_POLICY_PATH" .json | tr '[:upper:]' '[:lower:]' | tr -cd '[:alnum:]-_')
-echo "Checking for policy: $minio_policy_name"
-
-# Check if alias exists
-echo "Checking MinIO alias..."
-alias_list=$(mc alias list)
-case "$alias_list" in
-    *"$MINIO_ALIAS"*) 
-        echo "✅ MinIO alias found"
-        ;;
-    *)
-        echo "ERROR: MinIO alias $MINIO_ALIAS not found"
-        exit 1
-        ;;
-esac
+echo "Checking for policy: $MINIO_POLICY_NAME"
 
 # Check if user exists
 echo "Checking MinIO user..."
@@ -42,11 +26,11 @@ esac
 echo "Checking MinIO policy..."
 policy_list=$(mc admin policy list "$MINIO_ALIAS")
 case "$policy_list" in
-    *"$minio_policy_name"*)
+    *"$MINIO_POLICY_NAME"*)
         echo "✅ MinIO policy found"
         ;;
     *)
-        echo "ERROR: MinIO policy $minio_policy_name not found"
+        echo "ERROR: MinIO policy $MINIO_POLICY_NAME not found"
         exit 1
         ;;
 esac