roles/mgrote_minio_configure/defaults/main.yml

@@ -26,8 +26,10 @@ minio_users:
 
 # Anzulegende Buckets, pro Bucket wird eine RW + RO Policy erstellt
 minio_buckets:
-  - testbucket1
+  - name: testbucket1
-  - testbucket3
+    state: present
+  - name: testbucket3
+    state: present
 
 
 # auf docker10 aufraumen

roles/mgrote_minio_configure/tasks/bucket.yml

@@ -1,11 +1,11 @@
 ---
 - name: Ensure buckets exists
   dubzland.minio.minio_bucket:
-    name: "{{ item }}"
+    name: "{{ item.name }}"
     auth:
       access_key: "{{ minio_root_access_key }}"
       secret_key: "{{ minio_root_secret_key }}"
       url: "{{ minio_url }}"
-    state: present
+    state: "{{ item.state | default('present') }}"
   loop: "{{ minio_buckets }}"
   # state mit default

roles/mgrote_minio_configure/tasks/policy.yml

@@ -10,7 +10,7 @@
 
 - name: "prep: template policy files (ro)"
   ansible.builtin.template:
-    dest: "{{ minio_config_dir }}/{{ item }}_ro"
+    dest: "{{ minio_config_dir }}/{{ item.name }}_ro"
     src: policy_ro.j2
     owner: root
     group: root
@@ -19,7 +19,7 @@
 
 - name: "prep: template policy files (rw)"
   ansible.builtin.template:
-    dest: "{{ minio_config_dir }}/{{ item }}_rw"
+    dest: "{{ minio_config_dir }}/{{ item.name }}_rw"
     src: policy_rw.j2
     owner: root
     group: root
@@ -27,13 +27,19 @@
   loop: "{{ minio_buckets }}"
 
 - name: "setup policies (ro)"
-  ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ minio_root_alias }} {{ item }}_ro {{ minio_config_dir }}/{{ item }}_ro"
+  ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ minio_root_alias }} {{ item.name }}_ro {{ minio_config_dir }}/{{ item.name }}_ro"
   loop: "{{ minio_buckets }}"
 
 - name: "setup policies (rw)"
-  ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ minio_root_alias }} {{ item }}_rw {{ minio_config_dir }}/{{ item }}_rw"
+  ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ minio_root_alias }} {{ item.name }}_rw {{ minio_config_dir }}/{{ item.name }}_rw"
   loop: "{{ minio_buckets }}"
 
-# ensure absent files are removed
+- name: "remove old policies"
+  ansible.builtin.file:
+    path: "{{ minio_config_dir }}/{{ item.name }}_ro"
+    state: absent
+  loop: "{{ minio_buckets }}"
+  when: '"absent" in item.state'
+
 # deletata to localhost
 # changed when überall

roles/mgrote_minio_configure/templates/policy_ro.j2

@@ -14,7 +14,7 @@
         "s3:ListBucketMultipartUploads"
       ],
       "Resource": [
-        "arn:aws:s3:::{{ item }}"
+        "arn:aws:s3:::{{ item.name }}"
       ]
     },
     {
@@ -30,7 +30,7 @@
         "s3:ListMultipartUploadParts"
       ],
       "Resource": [
-        "arn:aws:s3:::{{ item }}/*"
+        "arn:aws:s3:::{{ item.name }}/*"
       ]
     }
   ]

roles/mgrote_minio_configure/templates/policy_rw.j2

@@ -14,7 +14,7 @@
         "s3:ListBucketMultipartUploads"
       ],
       "Resource": [
-        "arn:aws:s3:::{{ item }}"
+        "arn:aws:s3:::{{ item.name }}"
       ]
     },
     {
@@ -32,7 +32,7 @@
         "s3:PutObject"
       ],
       "Resource": [
-        "arn:aws:s3:::{{ item }}/*"
+        "arn:aws:s3:::{{ item.name }}/*"
       ]
     }
   ]