roles/mgrote_minio_configure/defaults/main.yml

@@ -14,15 +14,19 @@ minio_users:
   - name: testuser5
     secret: hallowelt
     state: present
-    policy: testbucket1_rw
+    policies:
+      - testbucket1_rw
   - name: testuser6
     secret: hallowelt2
     state: present
-    policy: testbucket3_ro
+    policies:
+      - testbucket3_ro
   - name: testuserwer
     secret: hallowelt2
     state: present
-    policy: testbucket3_ro
+    policies:
+      - testbucket3_ro
+      - testbucket1_rw
 
 minio_buckets:
   - name: testbucket1

roles/mgrote_minio_configure/tasks/main.yml

@@ -10,6 +10,17 @@
     secret_key: "{{ minio_root_secret_key }}"
     state: present
 
+- name: Add a Minio user
+  dubzland.minio.minio_user:
+    access_key: "{{ item.name }}"
+    secret_key: "{{ item.secret }}"
+    auth:
+      access_key: "{{ minio_root_access_key }}"
+      secret_key: "{{ minio_root_secret_key }}"
+      url: "{{ minio_url }}"
+    state: "{{ item.state | default('present') }}"
+  loop: "{{ minio_users }}"
+
 # bug:delegate to geht nciht
 # TASK [mgrote_minio_configure : Add a Minio user] ***************************************************************************************************************************************************************failed: [docker10.mgrote.net -> localhost] (item={'name': 'testuser5', 'secret': 'hallowelt', 'state': 'present', 'policies': ['testbucket1_rw']}) => {"ansible_loop_var": "item", "changed": false, "item": {"name": "testuser5", "policies": ["testbucket1_rw"], "secret": "hallowelt", "state": "present"}, "msg": "Failed to import the required Python library (minio) on 398016b0e4b9's Python /usr/local/bin/python3. See https://min.io/docs/minio/linux/developers/python/minio-py.html for more info. Please read the module documentation and install it in the appropriate location. If the required library is installed, but Ansible is using the wrong Python interpreter, please consult the documentation on ansible_python_interpreter"}
 # no_log überall bei keys und users
@@ -23,18 +34,6 @@
 - name: include bucket tasks
   ansible.builtin.include_tasks: bucket.yml
 
-- name: Add a Minio user
-  dubzland.minio.minio_user:
-    access_key: "{{ item.name }}"
-    secret_key: "{{ item.secret }}"
-    policy: "{{ item.policy }}"
-    auth:
-      access_key: "{{ minio_root_access_key }}"
-      secret_key: "{{ minio_root_secret_key }}"
-      url: "{{ minio_url }}"
-    state: "{{ item.state | default('present') }}"
-  loop: "{{ minio_users }}"
-
 - name: get all access keys (is set to true)
   ansible.builtin.command: "{{ minio_client_bin }} --dp admin accesskey list  {{ minio_root_alias }} --all"
   when: minio_print_keys

roles/mgrote_minio_configure/tasks/policy.yml

@@ -34,5 +34,9 @@
   ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ minio_root_alias }} {{ item.bucket }}_ro {{ minio_config_dir }}/{{ item.bucket }}_ro"
   loop: "{{ minio_policies }}"
 
+- name: Assign MinIO policies to users
+  ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy attach {{ minio_root_alias }} {{ item.1 }} --user {{ item.0.name }}"
+  loop: "{{ minio_users | subelements('policies') }}"
+
 # ensure absent files are removed
 # deletata to localhost