---
# https://galaxy.ansible.com/ui/repo/published/dubzland/minio/content/module/minio_policy/ ?
- name: "ensure needed dirs exist"
  ansible.builtin.file:
    path: "{{ minio_config_dir }}"
    state: directory
    owner: root
    group: root
    mode: '0644'

- name: "prep: template policy files (ro)"
  ansible.builtin.template:
    dest: "{{ minio_config_dir }}/{{ item.name }}_ro"
    src: policy_ro.j2
    owner: root
    group: root
    mode: '0644'
  loop: "{{ minio_buckets }}"

- name: "prep: template policy files (rw)"
  ansible.builtin.template:
    dest: "{{ minio_config_dir }}/{{ item.name }}_rw"
    src: policy_rw.j2
    owner: root
    group: root
    mode: '0644'
  loop: "{{ minio_buckets }}"

- name: "setup policies (ro)"
  ansible.builtin.command: "{{ minio_client_bin }} --disable-pager admin policy create {{ minio_root_alias }} {{ item.name }}_ro {{ minio_config_dir }}/{{ item.name }}_ro"
  loop: "{{ minio_buckets }}"
  changed_when: false # Befehl gibt immer "Created policy `testbucket3_ro` successfully." aus, unabhängig ob sie schon existiert oder nicht.

- name: "setup policies (rw)"
  ansible.builtin.command: "{{ minio_client_bin }} --disable-pager admin policy create {{ minio_root_alias }} {{ item.name }}_rw {{ minio_config_dir }}/{{ item.name }}_rw"
  loop: "{{ minio_buckets }}"
  changed_when: false # Befehl gibt immer "Created policy `testbucket3_ro` successfully." aus, unabhängig ob sie schon existiert oder nicht.

- name: "remove old policy files"
  ansible.builtin.file:
    path: "{{ minio_config_dir }}/{{ item.name }}*"
    state: absent
  loop: "{{ minio_buckets }}"
  when: '"absent" in item.state'