相关文章推荐
细心的绿豆  ·  Python精讲 | ...·  4 月前    · 
忐忑的眼镜  ·  Python之日期与时间处理模块(date和 ...·  7 月前    · 
高大的蟠桃  ·  python-----TypeError: ...·  1 年前    · 
耍酷的胡萝卜  ·  Python在Dataframe中新添加一列 ...·  1 年前    · 
酒量小的小蝌蚪  ·  Electron安装及打包exe_elect ...·  1 年前    · 
Code  ›  minio设置文件访问策略_11575002的技术博客_
s3
https://blog.51cto.com/u_11585002/6076662
八块腹肌的松鼠
1 年前
1、设置Access Policy为public

通过访问主机地址+文件的方式:​ ​http://x.x.x.x:9000/bucket/xxx.jpg​

minio设置文件访问策略_json

此时的规则是

minio设置文件访问策略_json_02

2、通过MC设置存储桶或路径策略为 download

必须通过minio client才能设置下载策略

两种方式: 

​docker pull minio/​​​mc​

注意:此时要启动这个MC的话需要关联上之前已经启动的minio集群 

docker run -it --entrypoint=/bin/sh minio/mc
​mc config host add <ALIAS> <YOUR-S3-ENDPOINT> <YOUR-ACCESS-KEY> <YOUR-SECRET-KEY> [--api API-SIGNATURE]

mc config host add minio http://192.168.20.102:9000 minioadmin minioadmin --api s3v4

mc ls minio

​ALIAS: 别名就是给你的云存储服务起了一个短点的外号。

S3 endpoint,access key和secret key是你的云存储服务提供的。

endpoint

access key、secret key 到这里大家肯定都知道啦。

API签名是可选参数,默认情况下,它被设置为"S3v4"。 

mc anonymous set download minio/file

mc anonymous set public minio/file
cat ~/.mc/config.json
{
        "version": "10",
        "aliases": {
                "minio": {
                        "url": "http://192.168.20.102:9000",
                        "accessKey": "minioadmin",
                        "secretKey": "minioadmin",
                        "api": "s3v4",
                        "path": "auto"
                },
                "gcs": {
                        "url": "https://storage.googleapis.com",
                        "accessKey": "YOUR-ACCESS-KEY-HERE",
                        "secretKey": "YOUR-SECRET-KEY-HERE",
                        "api": "S3v2",
                        "path": "dns"
                },
                "local": {
                        "url": "http://localhost:9000",
                        "accessKey": "",
                        "secretKey": "",
                        "api": "S3v4",
                        "path": "auto"
                },
                "play": {
                        "url": "https://play.min.io",
                        "accessKey": "Q3AM3UQ867SPQQA43P2F",
                        "secretKey": "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG",
                        "api": "S3v4",
                        "path": "auto"
                },
                "s3": {
                        "url": "https://s3.amazonaws.com",
                        "accessKey": "YOUR-ACCESS-KEY-HERE",
                        "secretKey": "YOUR-SECRET-KEY-HERE",
                        "api": "S3v4",
                        "path": "dns"
                }
        }
}

通过 mc policy 命令 获取 policy 相关的所有命令如下: 

# /usr/local/minio/bin/mc policy
Name:
  mc policy - manage anonymous access to buckets and objects

USAGE:
  mc policy [FLAGS] set PERMISSION TARGET
  mc policy [FLAGS] set-json FILE TARGET
  mc policy [FLAGS] get TARGET
  mc policy [FLAGS] get-json TARGET
  mc policy [FLAGS] list TARGET

FLAGS:
  --recursive, -r               list recursively
  --config-dir value, -C value  path to configuration folder (default: "/root/.mc")
  --quiet, -q                   disable progress bar display
  --no-color                    disable color theme
  --json                        enable JSON lines formatted output
  --debug                       enable debug output
  --insecure                    disable SSL certificate verification
  --help, -h                    show help
  
PERMISSION:
  Allowed policies are: [none, download, upload, public].

FILE:
  A valid S3 policy JSON filepath.

EXAMPLES:
  1. Set bucket to "download" on Amazon S3 cloud storage.
     $ mc policy set download s3/burningman2011

  2. Set bucket to "public" on Amazon S3 cloud storage.
     $ mc policy set public s3/shared

  3. Set bucket to "upload" on Amazon S3 cloud storage.
     $ mc policy set upload s3/incoming

  4. Set policy to "public" for bucket with prefix on Amazon S3 cloud storage.
     $ mc policy set public s3/public-commons/images

  5. Set a custom prefix based bucket policy on Amazon S3 cloud storage using a JSON file.
     $ mc policy set-json /path/to/policy.json s3/public-commons/images

  6. Get bucket permissions.
     $ mc policy get s3/shared

  7. Get bucket permissions in JSON format.
     $ mc policy get-json s3/shared

  8. List policies set to a specified bucket.
     $ mc policy list s3/shared

  9. List public object URLs recursively.
     $ mc policy --recursive links s3/shared/

查看存储桶或路径策略 

# /usr/local/minio/bin/mc policy get minio/test
Access permission for `minio/test` is `public`

设置存储桶或路径策略为 download 

# download 后面 跟存储桶或路径
# /usr/local/minio/bin/mc policy set download minio/test
Access permission for `minio/test` is set to `download`

# /usr/local/minio/bin/mc policy get minio/test         
Access permission for `minio/test` is `download`

minio设置文件访问策略_ci_03 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "*"
                ]
            },
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::test"
            ]
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": [
                    "*"
                ]
            },
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::test/*"
            ]
        }
    ]
}
3、 存储桶策略策略是private,无法访问图片,但是进行如下设置后,就可以访问图片 (图片不用分享也能访问)

minio设置文件访问策略_json_04

 
推荐文章
细心的绿豆  ·  Python精讲 | 条件赋值和and-or技巧-腾讯云开发者社区-腾讯云
4 月前
忐忑的眼镜  ·  Python之日期与时间处理模块(date和datetime) - 云游道士 - 博客园
7 月前
高大的蟠桃  ·  python-----TypeError: expected str, bytes or os.PathLike object, not NoneType_Python-CSDN问答
1 年前
耍酷的胡萝卜  ·  Python在Dataframe中新添加一列_dataframe末尾添加一列并保存_会飞的猩猩。的博客-CSDN博客
1 年前
酒量小的小蝌蚪  ·  Electron安装及打包exe_electron exe_fukaiit的博客-CSDN博客
1 年前
今天看啥   ·   Py中国   ·   codingpro   ·   藏经阁   ·   小百科   ·   link之家   ·   卧龙AI搜索
删除内容请联系邮箱 2879853325@qq.com
Code - 代码工具平台
© 2024 ~ 沪ICP备11025650号