homeserver/roles/mgrote_minio_configure/defaults/main.yml

---
minio_root_access_key:
minio_root_secret_key:
minio_root_alias: minio_ansible_root
minio_url: https://s3.mgrote.net
minio_config_dir: /etc/minio
minio_client_release: ""
minio_client_bin: /usr/local/bin/mc
minio_print_keys: true # zeige secret in playbook

# --dp ausschreiben

minio_users:
  - name: testuser5
    secret: hallowelt
    state: present
    policies:
      - testbucket1_rw
  - name: testuser6
    secret: hallowelt2
    state: present
    policies:
      - testbucket3_ro

minio_buckets:
  - name: testbucket1
  - name: testbucket3

minio_policies:
  - name: testbucket1_rw
    policy: |
        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "AWS": [
                  "*"
                ]
              },
              "Action": [
                "s3:GetBucketLocation",
                "s3:ListBucket",
                "s3:ListBucketMultipartUploads"
              ],
              "Resource": [
                "arn:aws:s3:::testbucket1"
              ]
            },
            {
              "Effect": "Allow",
              "Principal": {
                "AWS": [
                  "*"
                ]
              },
              "Action": [
                "s3:AbortMultipartUpload",
                "s3:DeleteObject",
                "s3:GetObject",
                "s3:ListMultipartUploadParts",
                "s3:PutObject"
              ],
              "Resource": [
                "arn:aws:s3:::testbucket1/*"
              ]
            }
          ]
        }
  - name: testbucket3_ro
    policy: |
        {
          "Version": "2012-10-17",
          "Statement": [
            {
              "Effect": "Allow",
              "Principal": {
                "AWS": [
                  "*"
                ]
              },
              "Action": [
                "s3:GetBucketLocation",
                "s3:ListBucket",
                "s3:ListBucketMultipartUploads"
              ],
              "Resource": [
                "arn:aws:s3:::testbucket3"
              ]
            },
            {
              "Effect": "Allow",
              "Principal": {
                "AWS": [
                  "*"
                ]
              },
              "Action": [
                "s3:AbortMultipartUpload",
                "s3:DeleteObject",
                "s3:GetObject",
                "s3:ListMultipartUploadParts",
                "s3:PutObject"
              ],
              "Resource": [
                "arn:aws:s3:::testbucket3/*"
              ]
            }
          ]
        }
aadd role 2024-11-09 10:06:25 +01:00			`---`
root 2024-11-09 10:13:33 +01:00			`minio_root_access_key:`
			`minio_root_secret_key:`
			`minio_root_alias: minio_ansible_root`
			`minio_url: https://s3.mgrote.net`
def 2024-11-09 10:34:29 +01:00			`minio_config_dir: /etc/minio`
dd 2024-11-09 10:53:27 +01:00			`minio_client_release: ""`
dd 2024-11-09 10:53:51 +01:00			`minio_client_bin: /usr/local/bin/mc`
dd 2024-11-09 11:21:53 +01:00			`minio_print_keys: true # zeige secret in playbook`
user 2024-11-09 10:16:52 +01:00
			`# --dp ausschreiben`

			`minio_users:`
			`- name: testuser5`
			`secret: hallowelt`
ff 2024-11-09 18:49:50 +01:00			`state: present`
attach 2024-11-09 10:38:50 +01:00			`policies:`
			`- testbucket1_rw`
user 2024-11-09 10:16:52 +01:00			`- name: testuser6`
			`secret: hallowelt2`
ff 2024-11-09 18:49:50 +01:00			`state: present`
attach 2024-11-09 10:38:50 +01:00			`policies:`
			`- testbucket3_ro`
policy 2024-11-09 10:34:23 +01:00
			`minio_buckets:`
			`- name: testbucket1`
			`- name: testbucket3`

			`minio_policies:`
			`- name: testbucket1_rw`
			`policy: \|`
			`{`
dd 2024-11-09 10:51:52 +01:00			`"Version": "2012-10-17",`
			`"Statement": [`
			`{`
			`"Effect": "Allow",`
			`"Principal": {`
			`"AWS": [`
			`"*"`
			`]`
			`},`
			`"Action": [`
			`"s3:GetBucketLocation",`
			`"s3:ListBucket",`
			`"s3:ListBucketMultipartUploads"`
			`],`
			`"Resource": [`
			`"arn:aws:s3:::testbucket1"`
dd 2024-11-09 10:50:42 +01:00			`]`
			`},`
dd 2024-11-09 10:51:52 +01:00			`{`
			`"Effect": "Allow",`
			`"Principal": {`
			`"AWS": [`
			`"*"`
			`]`
			`},`
			`"Action": [`
			`"s3:AbortMultipartUpload",`
			`"s3:DeleteObject",`
			`"s3:GetObject",`
			`"s3:ListMultipartUploadParts",`
			`"s3:PutObject"`
			`],`
			`"Resource": [`
			`"arn:aws:s3:::testbucket1/*"`
dd 2024-11-09 10:50:42 +01:00			`]`
dd 2024-11-09 10:51:52 +01:00			`}`
			`]`
			`}`
attach 2024-11-09 10:38:50 +01:00			`- name: testbucket3_ro`
policy 2024-11-09 10:34:23 +01:00			`policy: \|`
			`{`
dd 2024-11-09 10:51:52 +01:00			`"Version": "2012-10-17",`
			`"Statement": [`
			`{`
			`"Effect": "Allow",`
			`"Principal": {`
			`"AWS": [`
			`"*"`
			`]`
			`},`
			`"Action": [`
			`"s3:GetBucketLocation",`
			`"s3:ListBucket",`
			`"s3:ListBucketMultipartUploads"`
			`],`
			`"Resource": [`
			`"arn:aws:s3:::testbucket3"`
dd 2024-11-09 10:50:42 +01:00			`]`
			`},`
dd 2024-11-09 10:51:52 +01:00			`{`
			`"Effect": "Allow",`
			`"Principal": {`
			`"AWS": [`
			`"*"`
			`]`
			`},`
			`"Action": [`
			`"s3:AbortMultipartUpload",`
			`"s3:DeleteObject",`
			`"s3:GetObject",`
			`"s3:ListMultipartUploadParts",`
			`"s3:PutObject"`
			`],`
			`"Resource": [`
			`"arn:aws:s3:::testbucket3/*"`
dd 2024-11-09 10:50:42 +01:00			`]`
dd 2024-11-09 10:51:52 +01:00			`}`
			`]`
			`}`