[#270] add per enclave bucket policy

deploy/ansible/roles/legion_core_chart/tasks/main.yml

@@ -1,27 +1,35 @@
 ---
 
 # Create Jenkins IAM role for airflow s3 access
-- name: Generate policy documents
+- name: Generate trust policy document
   template:
-    src: "{{ item }}.yaml.j2"
-    dest: "{{ tmp_dir }}/{{ item }}.{{ cluster_name }}.yaml"
-  with_items:
-    - trust_policy
-    - airflow_s3_access_policy
+    src: "trust_policy.yaml.j2"
+    dest: "{{ tmp_dir }}/trust_policy.{{ enclave }}.{{ cluster_name }}.yaml"
+  with_items: "{{ enclaves }}"
+  loop_control:
+    loop_var: enclave
+
+- name: Generate airflow s3 access policy document
+  template:
+    src: "airflow_s3_access_policy.yaml.j2"
+    dest: "{{ tmp_dir }}/airflow_s3_access_policy.{{ enclave }}.{{ cluster_name }}.yaml"
+  with_items: "{{ enclaves }}"
+  loop_control:
+    loop_var: enclave
 
 - name: Create Airflow S3 access role
   iam:
     iam_type: role
     name: "{{ cluster_name }}-jenkins-role"
-    trust_policy_filepath: "{{ tmp_dir }}/trust_policy.{{ cluster_name }}.yaml"
+    trust_policy_filepath: "{{ tmp_dir }}/trust_policy.{{ enclave }}.{{ cluster_name }}.yaml"
     state: present
 
 - name: Attach Airflow S3 accesse policy to the role
   iam_policy:
     iam_type: role
     iam_name: "{{ cluster_name }}-jenkins-role"
     policy_name: "{{ cluster_name }}-jenkins-airflow-s3-access-policy"
-    policy_document: "{{ tmp_dir }}/airflow_s3_access_policy.{{ cluster_name }}.yaml"
+    policy_document: "{{ tmp_dir }}/airflow_s3_access_policy.{{ enclave }}.{{ cluster_name }}.yaml"
     state: present
 
 # Install Legion core chart