This commit is contained in:
Michael Grote 2024-11-09 10:34:23 +01:00
parent ef5b01b10e
commit e14801ebc8
3 changed files with 109 additions and 0 deletions

View file

@ -11,3 +11,89 @@ minio_users:
secret: hallowelt
- name: testuser6
secret: hallowelt2
minio_buckets:
- name: testbucket1
- name: testbucket3
minio_policies:
- name: testbucket1_rw
policy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::testbucket1"
]
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:ListMultipartUploadParts",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::testbucket1/*"
]
}
]
}
- name: testbucketw_ro
policy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::testbucket3"
]
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:AbortMultipartUpload",
"s3:GetObject",
"s3:ListMultipartUploadParts",
],
"Resource": [
"arn:aws:s3:::testbucket3/*"
]
}
]
}

View file

@ -0,0 +1,4 @@
---
- name: setup minio buckets
ansible.builtin.command: "{{ minio_client_bin }} --dp mb {{ minio_root_alias }}/{{ item.name }}"
loop: "{{ minio_buckets }}"

View file

@ -0,0 +1,19 @@
---
- name: create needed dirs
ansible.builtin.file:
path: "{{ minio_config_dir }}"
state: directory
owner: root
group: root
mode: '0644'
- name: create policy files
ansible.builtin.blockinfile:
path: "{{ minio_config_dir }}/{{ item.name }}"
block: "{{ item.policy }}"
state: present
loop: "{{ minio_policies }}"
- name: setup minio policies
ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ item.name }} {{ minio_config_dir }}/{{ item.name }}"
loop: "{{ minio_policies }}"