senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
veza/ansible/roles/minio/tasks/minio_policies.yml
okinrev 327ac36a30 BASE: completing the initial repo state
2025-12-03 22:56:50 +01:00

69 lines
3.2 KiB
YAML
Raw Blame History

---
# file: roles/minio/tasks/minio_policies.yml
- name: "get local user {{ minio_user }} policies"
ansible.builtin.command: "mcli admin user info minio_on_localhost {{ minio_user }} --json"
loop: "{{ minio_policy.users }}"
loop_control:
loop_var: minio_user
register: minio_local_user_policies_get
changed_when: false
check_mode: false
when:
- minio_policy.users is defined
- minio_auth_type == "local"
- name: "add local user {{ item.minio_user }} policy {{ minio_policy.policy }}"
ansible.builtin.command: "mcli admin policy attach minio_on_localhost {{ minio_policy.policy }} --user {{ item.minio_user }} --json"
loop: "{{ minio_local_user_policies_get.results }}"
when:
- minio_local_user_policies_get is not skipped
- not 'policyName' in item.stdout or minio_policy.policy not in (item.stdout|from_json|json_query('policyName'))
- name: "get local group {{ minio_group }} policies"
ansible.builtin.command: "mcli admin group info minio_on_localhost {{ minio_group }} --json"
loop: "{{ minio_policy.groups }}"
loop_control:
loop_var: minio_group
register: minio_local_group_policies_get
changed_when: false
check_mode: false
when:
- minio_policy.groups is defined
- minio_auth_type == "local"
- name: "add local group {{ item.minio_group }} policy {{ minio_policy.policy }}"
ansible.builtin.command: "mcli admin policy attach minio_on_localhost {{ minio_policy.policy }} --group {{ item.minio_group }} --json"
loop: "{{ minio_local_group_policies_get.results }}"
when:
- minio_local_group_policies_get is not skipped
- not 'policyName' in item.stdout or minio_policy.policy not in (item.stdout|from_json|json_query('policyName'))
- name: "get policy entities"
ansible.builtin.command: "mcli idp ldap policy entities minio_on_localhost/ --policy {{ minio_policy.policy }} --json"
register: minio_ldap_get_policies
changed_when: false
check_mode: false
when:
- minio_policy.users is defined or minio_policy.groups is defined
- minio_auth_type == "ldap"
- name: "add ldap user {{ minio_user }} policy {{ minio_policy.policy }}"
ansible.builtin.command: "mcli idp ldap policy attach minio_on_localhost {{ minio_policy.policy }} --user='{{ minio_user }}' --json"
loop: "{{ minio_policy.users }}"
loop_control:
loop_var: minio_user
when:
- minio_policy.users is defined
- minio_ldap_get_policies is not skipped
- "'policyMappings' not in (minio_ldap_get_policies.stdout|from_json|json_query('result')) or (minio_user not in minio_ldap_get_policies.stdout|from_json|json_query('result.policyMappings[*].users[*]') | first | default('[]') )"
- name: "add ldap group {{ minio_group }} policy {{ minio_policy.policy }}"
ansible.builtin.command: "mcli idp ldap policy attach minio_on_localhost {{ minio_policy.policy }} --group='{{ minio_group }}' --json"
loop: "{{ minio_policy.groups }}"
loop_control:
loop_var: minio_group
when:
- minio_policy.groups is defined
- minio_ldap_get_policies is not skipped
- "'policyMappings' not in (minio_ldap_get_policies.stdout|from_json|json_query('result')) or (minio_group not in minio_ldap_get_policies.stdout|from_json|json_query('result.policyMappings[*].groups[*]') | first | default('[]') )"
Reference in a new issue View git blame Copy permalink