{{- if not (or .Values.filer.s3.skipAuthSecretCreation .Values.s3.skipAuthSecretCreation) }}
{{- $access_key_admin := randAlphaNum 16 -}}
{{- $secret_key_admin := randAlphaNum 32 -}}
{{- $access_key_read := randAlphaNum 16 -}}
{{- $secret_key_read := randAlphaNum 32 -}}
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: seaweedfs-s3-secret
  namespace: {{ .Release.Namespace }}
  annotations:
    "helm.sh/resource-policy": keep
    "helm.sh/hook": "pre-install"
stringData:
  admin_access_key_id: {{ $access_key_admin }}
  admin_secret_access_key: {{ $secret_key_admin }}
  read_access_key_id: {{ $access_key_read }}
  read_secret_access_key: {{ $secret_key_read }}
  seaweedfs_s3_config: '{"identities":[{"name":"anvAdmin","credentials":[{"accessKey":"{{ $access_key_admin }}","secretKey":"{{ $secret_key_admin }}"}],"actions":["Admin","Read","Write"]},{"name":"anvReadOnly","credentials":[{"accessKey":"{{ $access_key_read }}","secretKey":"{{ $secret_key_read }}"}],"actions":["Read"]}]}'
  {{- if .Values.filer.s3.auditLogConfig }}
  filer_s3_auditLogConfig.json: |
    {{ toJson .Values.filer.s3.auditLogConfig | nindent 4 }}
  {{- end }}
  {{- if .Values.s3.auditLogConfig }}
  s3_auditLogConfig.json: |
    {{ toJson .Values.s3.auditLogConfig | nindent 4 }}
  {{- end }}
{{- end }}