Enhance MinIO user and policy management in scripts. Added user existence checks and improved error handling. Introduced a healthcheck script for verifying MinIO setup. Updated Dockerfile to include healthcheck and adjusted sleep behavior in create-user script.

Author: jaydrogers

src/Dockerfile

@@ -1,4 +1,5 @@
 # syntax=docker/dockerfile:1
+# check=skip=SecretsUsedInArgOrEnv
 FROM minio/mc:latest
 
 ENV DEBUG=false \
@@ -19,10 +20,10 @@ ENV DEBUG=false \
 RUN mkdir -p /policies
 COPY --chmod=700 entrypoint.sh /entrypoint.sh
 COPY --chmod=700 create-user.sh /create-user.sh
-
+COPY --chmod=700 healthcheck.sh /healthcheck.sh
 ENTRYPOINT ["/entrypoint.sh"]
 
 CMD ["/create-user.sh"]
 
-HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
-    CMD [ -f "/etc/letsencrypt/live/$(echo "$CERTBOT_DOMAINS" | cut -d',' -f1)/fullchain.pem" ]
+HEALTHCHECK --interval=168h --timeout=10s --start-period=5s --retries=3 \
+    CMD ["/healthcheck.sh"]

src/create-user.sh

@@ -28,14 +28,35 @@ debug_print() {
 
 sleep_or_exit() {
     if [ "$SLEEP" = "true" ]; then
-        echo "NOTICE: Sleeping indefinitely..."
-        sleep infinity
+        echo "✅ MinIO user, bucket, and policy created successfully. Sleeping indefinitely..."
+        # Start a background process and wait for it
+        # This will sleep until a signal is received
+        sleep infinity &
+        wait $!
     else
-        echo "NOTICE: Exiting..."
+        echo "✅ MinIO user, bucket, and policy created successfully. Exiting..."
         exit 0
     fi
 }
 
+check_alias_exists() {
+    local alias_list
+    alias_list=$($mc_cmd alias list)
+    case "$alias_list" in
+        *"$MINIO_ALIAS"*) return 0 ;;
+        *) return 1 ;;
+    esac
+}
+
+check_policy_exists() {
+    local policy_list
+    policy_list=$($mc_cmd admin policy list)
+    case "$policy_list" in
+        *"$minio_policy_name"*) return 0 ;;
+        *) return 1 ;;
+    esac
+}
+
 ################################################################################
 # Main
 ################################################################################
@@ -49,23 +70,23 @@ if [ "$MINIO_ACCESS_KEY_EXISTS" = "true" ]; then
 fi
 
 # Ensure alias is set
-if ! $mc_cmd alias list | grep -q "$MINIO_ALIAS"; then
+if ! check_alias_exists; then
     echo "ERROR: Alias $MINIO_ALIAS not found"
     exit 1
 fi
 
 # Ensure bucket exists
-$mc_cmd mb "$MINIO_ALIAS/$MINIO_BUCKET_NAME" --ignore-existing
+$mc_cmd mb "$MINIO_ALIAS/$MINIO_USER_BUCKET_NAME" --ignore-existing
 
 # Create policy if it doesn't exist
-if ! $mc_cmd admin policy list | grep -q "$minio_policy_name"; then
+if ! check_policy_exists; then
     echo "NOTICE: Policy $minio_policy_name not found. Creating..."
     $mc_cmd admin policy create "$MINIO_ALIAS" "$minio_policy_name" "$MINIO_POLICY_PATH"
 fi
 
 # Create user and apply policy
-$mc_cmd admin user create "$MINIO_ALIAS" "$MINIO_USER_ACCESS_KEY" "$minio_policy_name"
-$mc_cmd admin policy attach "$MINIO_ALIAS" "$minio_policy_name" "$MINIO_USER_ACCESS_KEY"
+$mc_cmd admin user add "$MINIO_ALIAS" "$MINIO_USER_ACCESS_KEY" "$minio_policy_name"
+$mc_cmd admin policy attach "$MINIO_ALIAS" "$minio_policy_name" --user "$MINIO_USER_ACCESS_KEY"
 
 # Sleep or exit
 sleep_or_exit

src/entrypoint.sh

@@ -85,6 +85,15 @@ debug_print() {
     fi
 }
 
+check_user_exists() {
+    local user_list
+    user_list=$(mc admin user ls "$MINIO_ALIAS")
+    case "$user_list" in
+        *"$MINIO_USER_ACCESS_KEY"*) return 0 ;;
+        *) return 1 ;;
+    esac
+}
+
 validate_environment_variables() {
     # Validate required environment variables
     required_vars="
@@ -98,7 +107,6 @@ validate_environment_variables() {
         MINIO_USER_BUCKET_PERMISSIONS
         MINIO_USER_OBJECT_PERMISSIONS
         MINIO_USER_SECRET_KEY
-        MINIO_USER_ACCESS_KEY
     "
 
     for var in $required_vars; do
@@ -138,7 +146,7 @@ cat <<"EOF"
                 ||     ||
 EOF
 echo "🌐 MinIO Host: $MINIO_HOST"
-echo "🔑 MinIO Access Key: $MINIO_ACCESS_KEY"
+echo "🔑 MinIO Access Key: $MINIO_USER_ACCESS_KEY"
 echo "📝 Policy Path: $MINIO_POLICY_PATH"
 echo "🛠️ MinIO Version:"
 mc --version
@@ -147,7 +155,7 @@ echo "-----------------------------------------------------------"
 set_mc_alias
 
 # Check to see if user exists
-if mc admin user ls "$MINIO_ALIAS" | grep -q "$MINIO_USER_ACCESS_KEY"; then
+if check_user_exists; then
     echo "NOTICE: Detected that user $MINIO_USER_ACCESS_KEY already exists."
     MINIO_ACCESS_KEY_EXISTS=true
     exit_and_execute_docker_command "$@"

src/healthcheck.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+set -e
+
+# Debug mode
+if [ "$DEBUG" = "true" ]; then
+    set -x
+fi
+
+echo "Starting health check..."
+
+# Get policy name from path
+minio_policy_name=$(basename "$MINIO_POLICY_PATH" .json | tr '[:upper:]' '[:lower:]' | tr -cd '[:alnum:]-_')
+echo "Checking for policy: $minio_policy_name"
+
+# Check if alias exists
+echo "Checking MinIO alias..."
+alias_list=$(mc alias list)
+case "$alias_list" in
+    *"$MINIO_ALIAS"*) 
+        echo "✅ MinIO alias found"
+        ;;
+    *)
+        echo "ERROR: MinIO alias $MINIO_ALIAS not found"
+        exit 1
+        ;;
+esac
+
+# Check if user exists
+echo "Checking MinIO user..."
+user_list=$(mc admin user ls "$MINIO_ALIAS")
+case "$user_list" in
+    *"$MINIO_USER_ACCESS_KEY"*)
+        echo "✅ MinIO user found"
+        ;;
+    *)
+        echo "ERROR: MinIO user $MINIO_USER_ACCESS_KEY not found"
+        exit 1
+        ;;
+esac
+
+# Check if policy exists
+echo "Checking MinIO policy..."
+policy_list=$(mc admin policy list "$MINIO_ALIAS")
+case "$policy_list" in
+    *"$minio_policy_name"*)
+        echo "✅ MinIO policy found"
+        ;;
+    *)
+        echo "ERROR: MinIO policy $minio_policy_name not found"
+        exit 1
+        ;;
+esac
+
+# Check if bucket exists
+echo "Checking MinIO bucket..."
+bucket_list=$(mc ls "$MINIO_ALIAS")
+case "$bucket_list" in
+    *"$MINIO_USER_BUCKET_NAME"*)
+        echo "✅ MinIO bucket found"
+        ;;
+    *)
+        echo "ERROR: MinIO bucket $MINIO_USER_BUCKET_NAME not found"
+        exit 1
+        ;;
+esac
+
+# All checks passed
+echo "✅ Health check passed: User, policy, and bucket exist"
+exit 0