homeserver/roles/mgrote_minio_configure/tasks/policy.yml

---
# https://galaxy.ansible.com/ui/repo/published/dubzland/minio/content/module/minio_policy/ ?
- name: "ensure needed dirs exist"
  ansible.builtin.file:
    path: "{{ minio_config_dir }}"
    state: directory
    owner: root
    group: root
    mode: '0644'

- name: "prep: template policy files (ro)"
  ansible.builtin.template:
    dest: "{{ minio_config_dir }}/{{ item.name }}_ro"
    src: policy_ro.j2
    owner: root
    group: root
    mode: '0644'
  loop: "{{ minio_buckets }}"

- name: "prep: template policy files (rw)"
  ansible.builtin.template:
    dest: "{{ minio_config_dir }}/{{ item.name }}_rw"
    src: policy_rw.j2
    owner: root
    group: root
    mode: '0644'
  loop: "{{ minio_buckets }}"

- name: "setup policies (ro)"
  ansible.builtin.command: "{{ minio_client_bin }} --disable-pager admin policy create {{ minio_root_alias }} {{ item.name }}_ro {{ minio_config_dir }}/{{ item.name }}_ro"
  loop: "{{ minio_buckets }}"
  changed_when: false # Befehl gibt immer "Created policy `testbucket3_ro` successfully." aus, unabhängig ob sie schon existiert oder nicht.

- name: "setup policies (rw)"
  ansible.builtin.command: "{{ minio_client_bin }} --disable-pager admin policy create {{ minio_root_alias }} {{ item.name }}_rw {{ minio_config_dir }}/{{ item.name }}_rw"
  loop: "{{ minio_buckets }}"
  changed_when: false # Befehl gibt immer "Created policy `testbucket3_ro` successfully." aus, unabhängig ob sie schon existiert oder nicht.

- name: "remove old policy files"
  ansible.builtin.file:
    path: "{{ minio_config_dir }}/{{ item.name }}*"
    state: absent
  loop: "{{ minio_buckets }}"
  when: '"absent" in item.state'
setup minio automation (#229) Reviewed-on: https://git.mgrote.net/mg/homeserver/pulls/229 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de> 2024-11-09 22:00:58 +01:00			`---`
			`# https://galaxy.ansible.com/ui/repo/published/dubzland/minio/content/module/minio_policy/ ?`
			`- name: "ensure needed dirs exist"`
			`ansible.builtin.file:`
			`path: "{{ minio_config_dir }}"`
			`state: directory`
			`owner: root`
			`group: root`
			`mode: '0644'`

			`- name: "prep: template policy files (ro)"`
			`ansible.builtin.template:`
			`dest: "{{ minio_config_dir }}/{{ item.name }}_ro"`
			`src: policy_ro.j2`
			`owner: root`
			`group: root`
			`mode: '0644'`
			`loop: "{{ minio_buckets }}"`

			`- name: "prep: template policy files (rw)"`
			`ansible.builtin.template:`
			`dest: "{{ minio_config_dir }}/{{ item.name }}_rw"`
			`src: policy_rw.j2`
			`owner: root`
			`group: root`
			`mode: '0644'`
			`loop: "{{ minio_buckets }}"`

			`- name: "setup policies (ro)"`
			`ansible.builtin.command: "{{ minio_client_bin }} --disable-pager admin policy create {{ minio_root_alias }} {{ item.name }}_ro {{ minio_config_dir }}/{{ item.name }}_ro"`
			`loop: "{{ minio_buckets }}"`
			changed_when: false # Befehl gibt immer "Created policy `testbucket3_ro` successfully." aus, unabhängig ob sie schon existiert oder nicht.

			`- name: "setup policies (rw)"`
			`ansible.builtin.command: "{{ minio_client_bin }} --disable-pager admin policy create {{ minio_root_alias }} {{ item.name }}_rw {{ minio_config_dir }}/{{ item.name }}_rw"`
			`loop: "{{ minio_buckets }}"`
			changed_when: false # Befehl gibt immer "Created policy `testbucket3_ro` successfully." aus, unabhängig ob sie schon existiert oder nicht.

			`- name: "remove old policy files"`
			`ansible.builtin.file:`
			`path: "{{ minio_config_dir }}/{{ item.name }}*"`
			`state: absent`
			`loop: "{{ minio_buckets }}"`
			`when: '"absent" in item.state'`