====== Simple MINIO ======
Download and install the minio server rpm and the mcli tool (mc). 
[[https://www.min.io/open-source/download?platform=linux&arch=amd64]]


==== Create the config ====
/etc/default/minio
<code>
MINIO_VOLUMES="/opt/minio/data"
MINIO_ROOT_USER="myAdminUser"
MINIO_ROOT_PASSWORD="myAdminPW"
</code>

Create the configured directory. 
And also add the minio user and set the user rights.
<code>
useradd -r -d /opt/minio
chown -R minio-user:minio-user /opt/minio
</code>
<code>
systemctl start minio
systemctl status minio
</code> -> shows the listen address (http://10.20.30.40:37757)

Docs fot the CLI tool: https://docs.min.io/enterprise/aistor-object-store/reference/cli/admin/

To work proper with the mcli tool, it is best to set an alias:
<code>
mcli alias set <AliasName> <ServerAddress> <MINIO_ROOT_USER> <MINIO_ROOT_PASSWORD>
mcli alias set myminio http://127.0.0.1:9000 myAdminUser myAdminPW
</code>
From now you can use the alias in the commands

==== Add a new User: ====
<code>
mcli admin user add <AliasName> <newUser> <newPassword>
mcli admin user add myminio test test1234
</code>

==== Create/Make a new bucket: ====
<code>
mcli mb <AliasName>/<BucketName>
mcli mb myminio/test
</code>

==== Delete/Remove a new bucket: ====
<code>
mcli rb <AliasName>/<BucketName>
mcli rb myminio/test
</code>

That the right user get access to this bucket, we need a policy. The policy is also needed for the access keys.
<code> 
{
   "Version": "2012-10-17",
   "Statement": [
    {
     "Effect": "Allow",
     "Action": [
      "s3:*"
     ],
     "Resource": [
      "arn:aws:s3:::test",
      "arn:aws:s3:::test/*"
     ]
    }
   ]
  }
</code>
This policy allows everything on the test bucket. You need to safe this in a file test.json
<code>
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListBucket",
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject"
      ],
      "Effect": "Allow",
      "Resource": [
        "arn:aws:s3:::test",
        "arn:aws:s3:::test/*"
      ]
    }
  ]
}
</code>
This JSON allows also everything, but with all options listed. 
==== Create a policy ====
<code>
mcli admin policy create <AliasName> <PolicyName> </path/to/file.json>
mcli admin policy create myminio rw-test test.json
</code>

==== List policies: ====
<code>
mcli admin policy list <AliasName>
mcli admin policy list myminio
</code>

==== Policy info/details ====
<code>
mcli admin policy info <AliasName> <PolicyName>
mcli admin policy info myminio rw-test
</code>

==== The policy also has to be attached to the user (or the other way round) ====
<code>
mcli admin policy attach <AliasName> <PolicyName> --user <newUser>
mcli admin policy attach myminio rw-test --user test
</code>

==== A detach is also possible ====
<code>
mcli admin policy detach <AliasName> <PolicyName> --user <newUser>
mcli admin policy detach myminio readwrite --user test
</code>

==== With the policy and the user you can also create token and key ====
<code>
mcli admin accesskey create <AliasName>/ test --policy </path/to/file.json>
mcli admin accesskey create myminio/ test --policy test.json
</code>