homeserver/roles/mgrote_minio_configure/tasks/policy.yml
2024-11-09 20:28:46 +01:00

44 lines
1.4 KiB
YAML

---
# https://galaxy.ansible.com/ui/repo/published/dubzland/minio/content/module/minio_policy/ ?
- name: create needed dirs
ansible.builtin.file:
path: "{{ minio_config_dir }}"
state: directory
owner: root
group: root
mode: '0644'
# pro bucket hjeeil ro + rw
- name: temaplet ro policy files
ansible.builtin.template:
dest: "{{ minio_config_dir }}/{{ item.bucket }}_ro"
src: policy_ro.j2
owner: root
group: root
mode: '0644'
loop: "{{ minio_policies }}"
- name: temaplet rw policy files
ansible.builtin.template:
dest: "{{ minio_config_dir }}/{{ item.bucket }}_rw"
src: policy_rw.j2
owner: root
group: root
mode: '0644'
loop: "{{ minio_policies }}"
- name: setup minio policies ro
ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ minio_root_alias }} {{ item.bucket }} {{ minio_config_dir }}/{{ item.bucket }}_rw"
loop: "{{ minio_policies }}"
- name: setup minio policies ro
ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy create {{ minio_root_alias }} {{ item.bucket }} {{ minio_config_dir }}/{{ item.bucket }}_ro"
loop: "{{ minio_policies }}"
- name: Assign MinIO policies to users
ansible.builtin.command: "{{ minio_client_bin }} --dp admin policy attach {{ item.1 }} --user {{ item.0.name }}"
loop: "{{ minio_users | subelements('policies') }}"
# ensure absent files are removed
# deletata to localhost