diff --git a/roles/mgrote_minio_configure/defaults/main.yml b/roles/mgrote_minio_configure/defaults/main.yml index c7a9b311..0b847f42 100644 --- a/roles/mgrote_minio_configure/defaults/main.yml +++ b/roles/mgrote_minio_configure/defaults/main.yml @@ -10,8 +10,12 @@ minio_config_dir: /etc/minio minio_users: - name: testuser5 secret: hallowelt + policies: + - testbucket1_rw - name: testuser6 secret: hallowelt2 + policies: + - testbucket3_ro minio_buckets: - name: testbucket1 @@ -59,7 +63,7 @@ minio_policies: } ] } - - name: testbucketw_ro + - name: testbucket3_ro policy: | { "Version": "2012-10-17", diff --git a/roles/mgrote_minio_configure/tasks/policy.yml b/roles/mgrote_minio_configure/tasks/policy.yml index d117852a..9add6702 100644 --- a/roles/mgrote_minio_configure/tasks/policy.yml +++ b/roles/mgrote_minio_configure/tasks/policy.yml @@ -17,3 +17,7 @@ - name: setup minio policies ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ item.name }} {{ minio_config_dir }}/{{ item.name }}" loop: "{{ minio_policies }}" + +- name: Assign MinIO policies to users + ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy attach {{ item.1 }} --user {{ item.0.name }}" + loop: "{{ minio_users | subelements('policies') }}"