minio设置文件访问策略_11575002的技术博客_

1、设置Access Policy为public

通过访问主机地址+文件的方式： http://x.x.x.x:9000/bucket/xxx.jpg

minio设置文件访问策略_json

此时的规则是

minio设置文件访问策略_json_02

2、通过MC设置存储桶或路径策略为 download

必须通过minio client才能设置下载策略

两种方式：

docker pull minio/mc

注意：此时要启动这个MC的话需要关联上之前已经启动的minio集群

docker run -it --entrypoint=/bin/sh minio/mc

mc config host add <ALIAS> <YOUR-S3-ENDPOINT> <YOUR-ACCESS-KEY> <YOUR-SECRET-KEY> [--api API-SIGNATURE]

mc config host add minio http://192.168.20.102:9000 minioadmin minioadmin --api s3v4

mc ls minio

ALIAS: 别名就是给你的云存储服务起了一个短点的外号。

S3 endpoint,access key和secret key是你的云存储服务提供的。

endpoint

access key、secret key 到这里大家肯定都知道啦。

API签名是可选参数，默认情况下，它被设置为"S3v4"。

mc anonymous set download minio/file

mc anonymous set public minio/file

cat ~/.mc/config.json
{
        "version": "10",
        "aliases": {
                "minio": {
                        "url": "http://192.168.20.102:9000",
                        "accessKey": "minioadmin",
                        "secretKey": "minioadmin",
                        "api": "s3v4",
                        "path": "auto"
                },
                "gcs": {
                        "url": "https://storage.googleapis.com",
                        "accessKey": "YOUR-ACCESS-KEY-HERE",
                        "secretKey": "YOUR-SECRET-KEY-HERE",
                        "api": "S3v2",
                        "path": "dns"
                },
                "local": {
                        "url": "http://localhost:9000",
                        "accessKey": "",
                        "secretKey": "",
                        "api": "S3v4",
                        "path": "auto"
                },
                "play": {
                        "url": "https://play.min.io",
                        "accessKey": "Q3AM3UQ867SPQQA43P2F",
                        "secretKey": "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG",
                        "api": "S3v4",
                        "path": "auto"
                },
                "s3": {
                        "url": "https://s3.amazonaws.com",
                        "accessKey": "YOUR-ACCESS-KEY-HERE",
                        "secretKey": "YOUR-SECRET-KEY-HERE",
                        "api": "S3v4",
                        "path": "dns"
                }
        }
}

通过 mc policy 命令获取 policy 相关的所有命令如下：

# /usr/local/minio/bin/mc policy
Name:
  mc policy - manage anonymous access to buckets and objects

USAGE:
  mc policy [FLAGS] set PERMISSION TARGET
  mc policy [FLAGS] set-json FILE TARGET
  mc policy [FLAGS] get TARGET
  mc policy [FLAGS] get-json TARGET
  mc policy [FLAGS] list TARGET

FLAGS:
  --recursive, -r               list recursively
  --config-dir value, -C value  path to configuration folder (default: "/root/.mc")
  --quiet, -q                   disable progress bar display
  --no-color                    disable color theme
  --json                        enable JSON lines formatted output
  --debug                       enable debug output
  --insecure                    disable SSL certificate verification
  --help, -h                    show help
  
PERMISSION:
  Allowed policies are: [none, download, upload, public].

FILE:
  A valid S3 policy JSON filepath.

EXAMPLES:
  1. Set bucket to "download" on Amazon S3 cloud storage.
     $ mc policy set download s3/burningman2011

  2. Set bucket to "public" on Amazon S3 cloud storage.
     $ mc policy set public s3/shared

  3. Set bucket to "upload" on Amazon S3 cloud storage.
     $ mc policy set upload s3/incoming

  4. Set policy to "public" for bucket with prefix on Amazon S3 cloud storage.
     $ mc policy set public s3/public-commons/images

  5. Set a custom prefix based bucket policy on Amazon S3 cloud storage using a JSON file.
     $ mc policy set-json /path/to/policy.json s3/public-commons/images

  6. Get bucket permissions.
     $ mc policy get s3/shared

  7. Get bucket permissions in JSON format.
     $ mc policy get-json s3/shared

  8. List policies set to a specified bucket.
     $ mc policy list s3/shared

  9. List public object URLs recursively.
     $ mc policy --recursive links s3/shared/

查看存储桶或路径策略

# /usr/local/minio/bin/mc policy get minio/test
Access permission for `minio/test` is `public`

设置存储桶或路径策略为 download

# download 后面 跟存储桶或路径
# /usr/local/minio/bin/mc policy set download minio/test
Access permission for `minio/test` is set to `download`

# /usr/local/minio/bin/mc policy get minio/test         
Access permission for `minio/test` is `download`

minio设置文件访问策略_ci_03

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "*"
                ]
            },
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::test"
            ]
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "*"
                ]
            },
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::test/*"
            ]
        }
    ]
}

3、存储桶策略策略是private，无法访问图片，但是进行如下设置后，就可以访问图片（图片不用分享也能访问）

minio设置文件访问策略_json_04

1、设置Access Policy为public

此时的规则是

2、通过MC设置存储桶或路径策略为 download

3、 存储桶策略策略是private，无法访问图片，但是进行如下设置后，就可以访问图片 （图片不用分享也能访问）

3、存储桶策略策略是private，无法访问图片，但是进行如下设置后，就可以访问图片（图片不用分享也能访问）