diff --git a/roles/mgrote_minio_configure/tasks/policy.yml b/roles/mgrote_minio_configure/tasks/policy.yml index 899bcb5f..6d2ab8e1 100644 --- a/roles/mgrote_minio_configure/tasks/policy.yml +++ b/roles/mgrote_minio_configure/tasks/policy.yml @@ -26,10 +26,16 @@ mode: '0644' loop: "{{ minio_policies }}" -- name: setup minio policies - ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ item.bucket }} {{ minio_config_dir }}/{{ item.bucket }}" +- name: setup minio policies ro + ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ minio_root_alias }} {{ item.bucket }} {{ minio_config_dir }}/{{ item.bucket }}_rw" loop: "{{ minio_policies }}" +- name: setup minio policies ro + ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ minio_root_alias }} {{ item.bucket }} {{ minio_config_dir }}/{{ item.bucket }}_ro" + loop: "{{ minio_policies }}" + + + - name: Assign MinIO policies to users ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy attach {{ item.1 }} --user {{ item.0.name }}" loop: "{{ minio_users | subelements('policies') }}"