diff --git a/roles/mgrote_minio_configure/defaults/main.yml b/roles/mgrote_minio_configure/defaults/main.yml index 24c251bb..8b18be06 100644 --- a/roles/mgrote_minio_configure/defaults/main.yml +++ b/roles/mgrote_minio_configure/defaults/main.yml @@ -11,3 +11,89 @@ minio_users: secret: hallowelt - name: testuser6 secret: hallowelt2 + +minio_buckets: + - name: testbucket1 + - name: testbucket3 + +minio_policies: + - name: testbucket1_rw + policy: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "AWS": [ + "*" + ] + }, + "Action": [ + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:ListBucketMultipartUploads" + ], + "Resource": [ + "arn:aws:s3:::testbucket1" + ] + }, + { + "Effect": "Allow", + "Principal": { + "AWS": [ + "*" + ] + }, + "Action": [ + "s3:AbortMultipartUpload", + "s3:DeleteObject", + "s3:GetObject", + "s3:ListMultipartUploadParts", + "s3:PutObject" + ], + "Resource": [ + "arn:aws:s3:::testbucket1/*" + ] + } + ] + } + - name: testbucketw_ro + policy: | + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "AWS": [ + "*" + ] + }, + "Action": [ + "s3:GetBucketLocation", + "s3:ListBucket", + "s3:ListBucketMultipartUploads" + ], + "Resource": [ + "arn:aws:s3:::testbucket3" + ] + }, + { + "Effect": "Allow", + "Principal": { + "AWS": [ + "*" + ] + }, + "Action": [ + "s3:AbortMultipartUpload", + "s3:GetObject", + "s3:ListMultipartUploadParts", + ], + "Resource": [ + "arn:aws:s3:::testbucket3/*" + ] + } + ] + } diff --git a/roles/mgrote_minio_configure/tasks/bucket.yml b/roles/mgrote_minio_configure/tasks/bucket.yml index e69de29b..b84d550f 100644 --- a/roles/mgrote_minio_configure/tasks/bucket.yml +++ b/roles/mgrote_minio_configure/tasks/bucket.yml @@ -0,0 +1,4 @@ +--- +- name: setup minio buckets + ansible.builtin.command: "{{ minio_client_bin }} --dp mb {{ minio_root_alias }}/{{ item.name }}" + loop: "{{ minio_buckets }}" diff --git a/roles/mgrote_minio_configure/tasks/policy.yml b/roles/mgrote_minio_configure/tasks/policy.yml index e69de29b..d117852a 100644 --- a/roles/mgrote_minio_configure/tasks/policy.yml +++ b/roles/mgrote_minio_configure/tasks/policy.yml @@ -0,0 +1,19 @@ +--- +- name: create needed dirs + ansible.builtin.file: + path: "{{ minio_config_dir }}" + state: directory + owner: root + group: root + mode: '0644' + +- name: create policy files + ansible.builtin.blockinfile: + path: "{{ minio_config_dir }}/{{ item.name }}" + block: "{{ item.policy }}" + state: present + loop: "{{ minio_policies }}" + +- name: setup minio policies + ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ item.name }} {{ minio_config_dir }}/{{ item.name }}" + loop: "{{ minio_policies }}"