Summary

Extend the bucket application and SeaweedFS configuration to support object locking, storage pool selection, and flexible user access management.

Tasks

1. Add WORM for the default pool in SeaweedFS

Currently, -worm BucketClass is generated for each named storage pool, but the default (main) pool also needs a WORM-enabled BucketClass.

2. Rename BucketClass suffix worm → lock

Rename the -worm suffix to -lock across all generated BucketClass resources for consistency and clarity.

3. Extend the bucket application values schema

The bucket application should support the following configuration:

locking: true|false       # provisions bucket from the `-lock` BucketClass
storagePool: <name>       # selects a specific BucketClass (by storage pool name)
users:
  <name>:                 # creates a BucketAccess with the appropriate BucketAccessClass
    readonly: true|false
  <name>:
    readonly: true|false

Details:

• locking: true — creates BucketClaim referencing the -lock BucketClass (with object lock enabled)
• storagePool — allows selecting a specific storage pool's BucketClass instead of the default
• users — replaces the current hardcoded pair of BucketAccess resources (default + readonly) with a dynamic map, where each entry creates a BucketAccess in the corresponding BucketAccessClass (readwrite or readonly depending on the readonly flag)

Current State

• BucketClass with -worm suffix is generated per pool in packages/extra/seaweedfs/templates/storage-pool-bucket-classes.yaml
• Bucket app (packages/apps/bucket/) currently has empty values.yaml and hardcodes a single BucketClaim + two BucketAccess resources (default and readonly)