docs: add missing policy attachment step for object storage

[mgajda]

Fixes #570

Adds the missing step for attaching user access policies to object storage users. Without this step, users cannot access buckets via AWS CLI even with valid S3 credentials.

Changes

• Add policy attachment via UpCloud API (curl with bearer token)
• Add policy attachment via web console (alternative)
• Add S3 access verification example
• Clarify difference between UpCloud API credentials and S3 access keys

Testing

✅ End-to-end workflow tested
✅ API endpoint verified (HTTP 204 success)
✅ Credential types clarified

This directly addresses the issue reported by @erikologic where the policy attachment step was missing from the documentation.

[paketeserrano]

@mgajda this is a good addition since it makes the obj storage example complete covering how to enable a user to access a bucket.

These type of files are also used as tests in the workflow .github/workflows/examples.yaml and it will fail as it is. Would it be possible to add the commands to parse the service-uuid, your-access-key-id, your-secret-access-key and service-endpoint ? That would make the test that executes the shell commands in this file succeeds.

[mgajda]

@paketeserrano Did my changes work?

[paketeserrano]

Hello @mgajda ,

I executed the code and I am getting this error:

`[17:41:14] paco@nube:~/github$ mdtest .
✗ Running test.md 140 s
Failures:

Step 6: expected exit code 0, got 253

Output:

• upctl object-storage show example-upctl-service -o json
• jq -r .endpoints[0].domain_name
• service_endpoint=l6s7i.upcloudobjects.com
• AWS_ACCESS_KEY_ID= AWS_SECRET_ACCESS_KEY= aws s3 ls --endpoint-url https://l6s7i.upcloudobjects.com

Unable to locate credentials. You can configure credentials by running "aws login".

1 of 8 test steps failed

Tests: 1 failed, 1 total
Elapsed: 140.193 s
`

Although this part is not executed in the tests, users will need to login into aws according to this error. Can you add that command please?

[mgajda]

Although this part is not executed in the tests, users will need to login into aws according to this error. Can you add that command please?

You are incorrect. Here we need AWS-like credentials issued by UpCloud.

That would be similar to line that is already there:

upctl object-storage access-key create my-service --username myuser --output json

So it looks like jq is using incorrect key name that possibly changed in code since?

access_key_id=$(echo "$access_key_output" | jq -r '.access_key_id')
secret_access_key=$(echo "$access_key_output" | jq -r '.secret_access_key')

@paketeserrano Unfortunately I no longer have UpCloud account to test it and see JSON output.

[paketeserrano]

Hello @mgajda ,

The error was a bit misleading, I was testing with an old version of mdtest. Your test is correct and more descriptive now. I just made a small modification to remove a line that was deleting the user because it was not needed since the delete service --force will do it anyway.

I will be merging in a moment