Minio: How is the bucket policy related to anonymous / authorized access?

Minio has policies for every bucket . What contains:

  • Readonly
  • Writeonly
  • Read + Write
  • No

How are they related to anonymous / authorized folder access?
For example, I want to make a bunch of files read-only to users without credentials (access key and private key). How should I do it?

+4
source share
2 answers

The bucket policy provided by the Minio client side is an abstracted version of the same bucket strategies as AWS S3.

The client creates a JSON policy based on the input string of the bucket and prefix.

ReadOnly , , WriteOnly , , Read-Write - . . None - ( ), , .

, . , "my-prefix/read-only/downloads",

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;

import org.xmlpull.v1.XmlPullParserException;

import io.minio.MinioClient;
import io.minio.policy.PolicyType;
import io.minio.errors.MinioException;

public class SetBucketPolicy {
  /**
   * MinioClient.setBucketPolicy() example.
   */
  public static void main(String[] args)
    throws IOException, NoSuchAlgorithmException, InvalidKeyException, XmlPullParserException {
    try {
      /* play.minio.io for test and development. */
      MinioClient minioClient = new MinioClient("https://play.minio.io:9000", "Q3AM3UQ867SPQQA43P2F",
                                                "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG");

      /* Amazon S3: */
      // MinioClient minioClient = new MinioClient("https://s3.amazonaws.com", "YOUR-ACCESSKEYID",
      //                                           "YOUR-SECRETACCESSKEY");

      minioClient.setBucketPolicy("my-bucketname", "my-prefix/read-only/downloads", PolicyType.READ_ONLY);
    } catch (MinioException e) {
      System.out.println("Error occurred: " + e);
    }
  }
}

, "my-prefix/read-only/downloads" / .

+4

'public' - ...

: mc (minio client), :

# list default hosts after install: 
mc config host ls

# remove all hosts: mc config host rm {hostName}
mc config host rm local

# add your host: mc config host add {hostName} {url} {apiKey} {apiSecret}
mc config host add local http://127.0.0.1:9000 ClientIdASSDSD ClientSecretASASASdsasdasdasdasd

# create bucket: mc mb {host}/{bucket}
mc mb local/mybucket

# change bucket policy: mc policy {policy} {host}/{bucket}
mc policy public local/mybucket
0

Source: https://habr.com/ru/post/1671552/


All Articles