From 210f4826dd0810c2ea31732fb9761ea9e8b87b36 Mon Sep 17 00:00:00 2001
From: Michael Grote <michael.grote@posteo.de>
Date: Sat, 9 Nov 2024 20:28:46 +0100
Subject: [PATCH] ff

---
 roles/mgrote_minio_configure/tasks/policy.yml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/roles/mgrote_minio_configure/tasks/policy.yml b/roles/mgrote_minio_configure/tasks/policy.yml
index 899bcb5f..6d2ab8e1 100644
--- a/roles/mgrote_minio_configure/tasks/policy.yml
+++ b/roles/mgrote_minio_configure/tasks/policy.yml
@@ -26,10 +26,16 @@
     mode: '0644'
   loop: "{{ minio_policies }}"
 
-- name: setup minio policies
-  ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ item.bucket }} {{ minio_config_dir }}/{{ item.bucket }}"
+- name: setup minio policies ro
+  ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ minio_root_alias }} {{ item.bucket }} {{ minio_config_dir }}/{{ item.bucket }}_rw"
   loop: "{{ minio_policies }}"
 
+- name: setup minio policies ro
+  ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ minio_root_alias }} {{ item.bucket }} {{ minio_config_dir }}/{{ item.bucket }}_ro"
+  loop: "{{ minio_policies }}"
+
+
+
 - name: Assign MinIO policies to users
   ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy attach {{ item.1 }} --user {{ item.0.name }}"
   loop: "{{ minio_users | subelements('policies') }}"