policy
This commit is contained in:
parent
ef5b01b10e
commit
e14801ebc8
3 changed files with 109 additions and 0 deletions
|
@ -11,3 +11,89 @@ minio_users:
|
|||
secret: hallowelt
|
||||
- name: testuser6
|
||||
secret: hallowelt2
|
||||
|
||||
minio_buckets:
|
||||
- name: testbucket1
|
||||
- name: testbucket3
|
||||
|
||||
minio_policies:
|
||||
- name: testbucket1_rw
|
||||
policy: |
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Principal": {
|
||||
"AWS": [
|
||||
"*"
|
||||
]
|
||||
},
|
||||
"Action": [
|
||||
"s3:GetBucketLocation",
|
||||
"s3:ListBucket",
|
||||
"s3:ListBucketMultipartUploads"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:s3:::testbucket1"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Principal": {
|
||||
"AWS": [
|
||||
"*"
|
||||
]
|
||||
},
|
||||
"Action": [
|
||||
"s3:AbortMultipartUpload",
|
||||
"s3:DeleteObject",
|
||||
"s3:GetObject",
|
||||
"s3:ListMultipartUploadParts",
|
||||
"s3:PutObject"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:s3:::testbucket1/*"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
- name: testbucketw_ro
|
||||
policy: |
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Principal": {
|
||||
"AWS": [
|
||||
"*"
|
||||
]
|
||||
},
|
||||
"Action": [
|
||||
"s3:GetBucketLocation",
|
||||
"s3:ListBucket",
|
||||
"s3:ListBucketMultipartUploads"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:s3:::testbucket3"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Principal": {
|
||||
"AWS": [
|
||||
"*"
|
||||
]
|
||||
},
|
||||
"Action": [
|
||||
"s3:AbortMultipartUpload",
|
||||
"s3:GetObject",
|
||||
"s3:ListMultipartUploadParts",
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:s3:::testbucket3/*"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
- name: setup minio buckets
|
||||
ansible.builtin.command: "{{ minio_client_bin }} --dp mb {{ minio_root_alias }}/{{ item.name }}"
|
||||
loop: "{{ minio_buckets }}"
|
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
- name: create needed dirs
|
||||
ansible.builtin.file:
|
||||
path: "{{ minio_config_dir }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
|
||||
- name: create policy files
|
||||
ansible.builtin.blockinfile:
|
||||
path: "{{ minio_config_dir }}/{{ item.name }}"
|
||||
block: "{{ item.policy }}"
|
||||
state: present
|
||||
loop: "{{ minio_policies }}"
|
||||
|
||||
- name: setup minio policies
|
||||
ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ item.name }} {{ minio_config_dir }}/{{ item.name }}"
|
||||
loop: "{{ minio_policies }}"
|
Loading…
Reference in a new issue