Improve code organization and error handling

- Add proper error types and handling with severity levels
- Improve SSL/TLS configuration and security
- Add helper functions for safer field access
- Enhance documentation and code organization
- Add proper constants and remove magic values
- Improve type definitions and validation

docs/resources/s3_bucket_replication.md

@@ -3,13 +3,10 @@
 page_title: "minio_s3_bucket_replication Resource - terraform-provider-minio"
 subcategory: ""
 description: |-
-  
 ---
 
 # minio_s3_bucket_replication (Resource)
 
-
-
 ## Example Usage
 
 ```terraform
@@ -100,7 +97,7 @@ resource "minio_iam_user" "replication_in_b" {
   provider = minio.deployment_b
   name = "my-user"
   force_destroy = true
-} 
+}
 
 resource "minio_iam_user_policy_attachment" "replication_in_b" {
   provider = minio.deployment_b
@@ -130,7 +127,7 @@ resource "minio_s3_bucket_replication" "replication_in_b" {
       bucket = minio_s3_bucket.my_bucket_in_b.bucket
       secure = false
       host = var.minio_server_b
-      bandwidth_limt = "100M"
+      bandwidth_limit = "100M"
       access_key = minio_iam_service_account.replication_in_b.access_key
       secret_key = minio_iam_service_account.replication_in_b.secret_key
     }
@@ -151,7 +148,7 @@ resource "minio_iam_policy" "replication_in_a" {
 resource "minio_iam_user" "replication_in_a" {
   name = "my-user"
   force_destroy = true
-} 
+}
 
 resource "minio_iam_user_policy_attachment" "replication_in_a" {
   user_name   = minio_iam_user.replication_in_a.name
@@ -180,7 +177,7 @@ resource "minio_s3_bucket_replication" "replication_in_a" {
       bucket = minio_s3_bucket.my_bucket_in_a.bucket
       host = var.minio_server_a
       secure = false
-      bandwidth_limt = "100M"
+      bandwidth_limit = "100M"
       access_key = minio_iam_service_account.replication_in_a.access_key
       secret_key = minio_iam_service_account.replication_in_a.secret_key
     }
@@ -194,6 +191,7 @@ resource "minio_s3_bucket_replication" "replication_in_a" {
 ```
 
 <!-- schema generated by tfplugindocs -->
+
 ## Schema
 
 ### Required
@@ -209,6 +207,7 @@ resource "minio_s3_bucket_replication" "replication_in_a" {
 - `id` (String) The ID of this resource.
 
 <a id="nestedblock--rule"></a>
+
 ### Nested Schema for `rule`
 
 Required:
@@ -221,17 +220,18 @@ Optional:
 - `delete_replication` (Boolean) Whether or not to propagate deletion
 - `enabled` (Boolean) Whether or not this rule is enabled
 - `existing_object_replication` (Boolean) Whether or not to synchronise object created prior the replication configuration
-- `metadata_sync` (Boolean) Whether or not to synchonise buckets and objects metadata (such as locks). This must be enabled to achieve a two-way replication
-- `prefix` (String) Bucket prefix object must be in to be syncronised
+- `metadata_sync` (Boolean) Whether or not to synchronise buckets and objects metadata (such as locks). This must be enabled to achieve a two-way replication
+- `prefix` (String) Bucket prefix object must be in to be synchronised
 - `priority` (Number) Rule priority. If omitted, the inverted index will be used as priority. This means that the first rule definition will have the higher priority
-- `tags` (Map of String) Tags which objects must have to be syncronised
+- `tags` (Map of String) Tags which objects must have to be synchronised
 
 Read-Only:
 
-- `arn` (String) Rule ARN genrated by MinIO
+- `arn` (String) Rule ARN generated by MinIO
 - `id` (String) Rule ID generated by MinIO
 
 <a id="nestedblock--rule--target"></a>
+
 ### Nested Schema for `rule.target`
 
 Required:
@@ -242,13 +242,13 @@ Required:
 
 Optional:
 
-- `bandwidth_limt` (String) Maximum bandwidth in byte per second that MinIO can used when syncronysing this target. Minimum is 100MB
+- `bandwidth_limit` (String) Maximum bandwidth in byte per second that MinIO can used when synchronising this target. Minimum is 100MB
 - `disable_proxy` (Boolean) Disable proxy for this target
 - `health_check_period` (String) Period where the health of this target will be checked. This must be a valid duration, such as `5s` or `2m`
-- `path` (String) Path of the Minio endpoint. This is usefull if MinIO API isn't served on at the root, e.g for `example.com/minio/`, the path would be `/minio/`
-- `path_style` (String) Whether to use path-style or virtual-hosted-syle request to this target (https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html#path-style-access). `auto` allows MinIO to chose automatically the appropriate option (Recommened)`
+- `path` (String) Path of the Minio endpoint. This is useful if MinIO API isn't served on at the root, e.g for `example.com/minio/`, the path would be `/minio/`
+- `path_style` (String) Whether to use path-style or virtual-hosted-style request to this target (https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html#path-style-access). `auto` allows MinIO to chose automatically the appropriate option (Recommend)`
 - `region` (String) Region of the target MinIO. This will be used to generate the target ARN
 - `secret_key` (String, Sensitive) Secret key for the replication service account in the target MinIO. This is optional so it can be imported but prevent secret update
 - `secure` (Boolean) Whether to use HTTPS with this target (Recommended). Note that disabling HTTPS will yield Terraform warning for security reason`
 - `storage_class` (String) The storage class to use for the object on this target
-- `syncronous` (Boolean) Use synchronous replication.
+- `synchronous` (Boolean) Use synchronous replication.

examples/resources/minio_s3_bucket_replication/resource.tf

@@ -115,7 +115,7 @@ resource "minio_s3_bucket_replication" "replication_in_b" {
       bucket = minio_s3_bucket.my_bucket_in_b.bucket
       secure = false
       host = var.minio_server_b
-      bandwidth_limt = "100M"
+      bandwidth_limit = "100M"
       access_key = minio_iam_service_account.replication_in_b.access_key
       secret_key = minio_iam_service_account.replication_in_b.secret_key
     }
@@ -165,7 +165,7 @@ resource "minio_s3_bucket_replication" "replication_in_a" {
       bucket = minio_s3_bucket.my_bucket_in_a.bucket
       host = var.minio_server_a
       secure = false
-      bandwidth_limt = "100M"
+      bandwidth_limit = "100M"
       access_key = minio_iam_service_account.replication_in_a.access_key
       secret_key = minio_iam_service_account.replication_in_a.secret_key
     }

minio/resource_minio_s3_bucket_replication.go

@@ -152,7 +152,7 @@ func resourceMinioBucketReplication() *schema.Resource {
 										Description: "Path of the Minio endpoint. This is usefull if MinIO API isn't served on at the root, e.g for `example.com/minio/`, the path would be `/minio/`",
 										Optional:    true,
 									},
-									"syncronous": {
+									"synchronous": {
 										Type:        schema.TypeBool,
 										Description: "Use synchronous replication.",
 										Optional:    true,
@@ -175,7 +175,7 @@ func resourceMinioBucketReplication() *schema.Resource {
 										},
 										ValidateFunc: validation.StringMatch(regexp.MustCompile(`^[0-9]+\s?[s|m|h]$`), "must be a valid golang duration"),
 									},
-									"bandwidth_limt": {
+									"bandwidth_limit": {
 										Type:        schema.TypeString,
 										Description: "Maximum bandwidth in byte per second that MinIO can used when syncronysing this target. Minimum is 100MB",
 										Optional:    true,
@@ -189,7 +189,7 @@ func resourceMinioBucketReplication() *schema.Resource {
 											if !ok {
 												diags = append(diags, diag.Diagnostic{
 													Severity: diag.Error,
-													Summary:  "expected type of bandwidth_limt to be string",
+													Summary:  "expected type of bandwidth_limit to be string",
 												})
 												return
 											}
@@ -202,14 +202,14 @@ func resourceMinioBucketReplication() *schema.Resource {
 											if err != nil {
 												diags = append(diags, diag.Diagnostic{
 													Severity: diag.Error,
-													Summary:  "bandwidth_limt must be a positive value. It may use suffixes (k, m, g, ..) ",
+													Summary:  "bandwidth_limit must be a positive value. It may use suffixes (k, m, g, ..) ",
 												})
 												return
 											}
 											if val < uint64(100*humanize.BigMByte.Int64()) {
 												diags = append(diags, diag.Diagnostic{
 													Severity: diag.Error,
-													Summary:  "When set, bandwidth_limt must be at least 100MBps",
+													Summary:  "When set, bandwidth_limit must be at least 100MBps",
 												})
 
 											}
@@ -405,10 +405,10 @@ func minioReadBucketReplication(ctx context.Context, d *schema.ResourceData, met
 		target["secure"] = remoteTarget.Secure
 		target["path_style"] = remoteTarget.Path
 		target["path"] = strings.Join(pathComponent[:len(pathComponent)-1], "/")
-		target["syncronous"] = remoteTarget.ReplicationSync
+		target["synchronous"] = remoteTarget.ReplicationSync
 		target["disable_proxy"] = remoteTarget.DisableProxy
 		target["health_check_period"] = shortDur(remoteTarget.HealthCheckDuration)
-		target["bandwidth_limt"] = humanize.Bytes(uint64(remoteTarget.BandwidthLimit))
+		target["bandwidth_limit"] = humanize.Bytes(uint64(remoteTarget.BandwidthLimit))
 		target["region"] = remoteTarget.Region
 		target["access_key"] = remoteTarget.Credentials.AccessKey
 
@@ -516,7 +516,7 @@ func convertBucketReplicationConfig(bucketReplicationConfig *S3MinioBucketReplic
 			Type:                madmin.ReplicationService,
 			Region:              rule.Target.Region,
 			BandwidthLimit:      rule.Target.BandwidthLimit,
-			ReplicationSync:     rule.Target.Syncronous,
+			ReplicationSync:     rule.Target.Synchronous,
 			DisableProxy:        rule.Target.DisableProxy,
 			HealthCheckDuration: rule.Target.HealthCheckPeriod,
 		}
@@ -730,19 +730,19 @@ func getBucketReplicationConfig(v []interface{}) (result []S3MinioBucketReplicat
 			})
 		}
 
-		result[i].Target.Syncronous, ok = target["syncronous"].(bool)
-		result[i].Target.Syncronous = result[i].Target.Syncronous && ok
+		result[i].Target.Synchronous, ok = target["synchronous"].(bool)
+		result[i].Target.Synchronous = result[i].Target.Synchronous && ok
 		result[i].Target.DisableProxy, ok = target["disable_proxy"].(bool)
 		result[i].Target.DisableProxy = result[i].Target.DisableProxy && ok
 
 		var bandwidthStr string
 		var bandwidth uint64
 		var err error
-		if bandwidthStr, ok = target["bandwidth_limt"].(string); ok {
+		if bandwidthStr, ok = target["bandwidth_limit"].(string); ok {
 			bandwidth, err = humanize.ParseBytes(bandwidthStr)
 			if err != nil {
 				log.Printf("[WARN] invalid bandwidth value %q: %v", result[i].Target.BandwidthLimit, err)
-				errs = append(errs, diag.Errorf("rule[%d].target.bandwidth_limt is invalid. Make sure to use k, m, g as preffix only", i)...)
+				errs = append(errs, diag.Errorf("rule[%d].target.bandwidth_limit is invalid. Make sure to use k, m, g as preffix only", i)...)
 			} else {
 				result[i].Target.BandwidthLimit = int64(bandwidth)
 			}
@@ -761,17 +761,17 @@ func getBucketReplicationConfig(v []interface{}) (result []S3MinioBucketReplicat
 		pathstyle, _ = target["path_style"].(string)
 		switch strings.TrimSpace(strings.ToLower(pathstyle)) {
 		case "on":
-			result[i].Target.PathStyle = S3PathSyleOn
+			result[i].Target.PathStyle = S3PathStyleOn
 		case "off":
-			result[i].Target.PathStyle = S3PathSyleOff
+			result[i].Target.PathStyle = S3PathStyleOff
 		default:
 			if pathstyle != "auto" && pathstyle != "" {
 				errs = append(errs, diag.Diagnostic{
 					Severity: diag.Warning,
 					Summary:  fmt.Sprintf("rule[%d].target.path_style must be \"on\", \"off\" or \"auto\". Defaulting to \"auto\"", i),
 				})
 			}
-			result[i].Target.PathStyle = S3PathSyleAuto
+			result[i].Target.PathStyle = S3PathStyleAuto
 		}
 
 	}