dubzland.minio.minio_policy module – Manages Minio policies

Note

This module is part of the dubzland.minio collection (version 1.2.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install dubzland.minio. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: dubzland.minio.minio_policy.

Synopsis

  • When the policy does not exist, it will be created.

  • When the policy does exist and state=absent, the policy will be deleted.

  • When changes are made to the policy, the policy will be updated.

Requirements

The below requirements are needed on the host that executes this module.

  • python >= 3.8

  • minio >= 7.1.4

Parameters

Parameter

Comments

auth

dictionary / required

Connection information for the Minio instance being managed.

access_key

string / required

Minio access key to use to authenticate with the Minio instance.

secret_key

string / required

Minio secret key used to connect to the Minio instance.

url

string / required

Minio Server URL.

name

string / required

Name of the policy to be managed.

state

string

Indicates the desired policy state.

present ensures the policy is present.

absent ensures the policy is absent.

Choices:

  • "present" ← (default)

  • "absent"

statements

list / elements=dictionary / required

List of policy statements to include

action

list / elements=string / required

Actions allowed or denied by this policy. See the minio docs for a list of valid policy actions.

effect

string / required

Determines whether this policy allows or denies access.

Choices:

  • "Allow"

  • "Deny"

resource

list / elements=string / required

List of resources to which this policy will apply.

Attributes

Attribute

Support

Description

check_mode

Support: full

Can run in check_mode and return changed status prediction without modifying target.

diff_mode

Support: none

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

Notes

Note

  • The auth.access_key provided must have the admin:CreatePolicy permission.

See Also

See also

mc admin policy

Documentation for the mc admin policy command.

Examples

- name: Add a policy to the Minio server
  dubzland.minio.minio_policy:
    name: fullaccess
    statements:
      - effect: Allow
        action: "s3:*"
        resource: "arn:aws:s3:::*"
    auth:
      url: http://minio-server:9000
      access_key: myuser
      secret_key: supersekret
    state: present
  delegate_to: localhost

Authors

  • Josh Williams (@t3hpr1m3)