minio版本:8.3.0
我先去gitgub上看了一下Minio的API,确实有个设置桶策略的API。
我是看了又看,也没明白个啥,真心话。
PolicyType.NONE, PolicyType.READ_ONLY, PolicyType.READ_WRITE, PolicyType.WRITE_ONLY,这个PolicyType也没指明,是真的麻烦啊。
去看例子也没有找到。👨💻
后来在百度上搜了一下Minio策略,才知道用的是Minio的桶策略是基于访问策略语言规范(Access Policy Language specification)的解析和验证存储桶访问策略 –Amazon S3。可简单理解为资源-权限模型吧。具体没深入😂。
意思虽然是参数中的那样,但是写起来是一点关系也没有😂
我们先看个Amazon S3官方例子:
- {
- "Version": "2012-10-17",
- "Id": "ExamplePolicy01",
- "Statement": [
- {
- "Sid": "ExampleStatement01",
- "Effect": "Allow",
- "Principal": {
- "AWS": "arn:aws:iam::123456789012:user/Dave"
- },
- "Action": [
- "s3:GetObject",
- "s3:GetBucketLocation",
- "s3:ListBucket"
- ],
- "Resource": [
- "arn:aws:s3:::awsexamplebucket1/*",
- "arn:aws:s3:::awsexamplebucket1"
- ]
- }
- ]
- }
-
一个个来解释哈:
Actions支持一下操作:
- s3:GetObject
- s3:ListBucket
- s3:PutObject
- s3:GetBucketLocation
- s3:DeleteObject
- s3:AbortMultipartUpload
- s3:ListBucketMultipartUploads
- s3:ListMultipartUploadParts
-
我写的这个是对那个桶内的资源实现可读可写。
- {
- "Version":"2012-10-17",
- "Statement":[
- {
- "Effect":"Allow",
- "Principal":{
- "AWS":["*"]
- },
- "Action":[
- "s3:GetBucketLocation",
- "s3:ListBucketMultipartUploads"
- ],
- "Resource":[
- "arn:aws:s3:::MybuckerName"
- ]
- },
- {
- "Effect":"Allow",
- "Principal":{
- "AWS":["*"]
- },
- "Action":[
- "s3:AbortMultipartUpload",
- "s3:DeleteObject",
- "s3:ListMultipartUploadParts",
- "s3:PutObject"
- ],
- "Resource":[
- "arn:aws:s3::: MybuckerName/*"
- ]
- }
- ]
- }
-
之前已经写过SpringBoot整合Minio,但桶的策略设置并非是编码设置的。有需求可前往去看。
SpringBoot整合Minio 项目中使用自己文件存储服务器!!!
我们总不能每次还去代码里修改吧
- {
- "Version":"2012-10-17",
- "Statement":[
- {
- "Effect":"Allow",
- "Principal":{
- "AWS":["*"]
- },
- "Action":[
- "s3:GetBucketLocation",
- "s3:ListBucketMultipartUploads"
- ],
- "Resource":[
- "arn:aws:s3:::MybuckerName"
- ]
- },
- {
- "Effect":"Allow",
- "Principal":{
- "AWS":["*"]
- },
- "Action":[
- "s3:AbortMultipartUpload",
- "s3:DeleteObject",
- "s3:ListMultipartUploadParts",
- "s3:PutObject"
- ],
- "Resource":[
- "arn:aws:s3::: MybuckerName/*"
- ]
- }
- ]
- }
-
- /**
- * @Author: crush
- * @Date: 2021-09-19 15:34
- * version 1.0
- */
- public class PolicyJsonUtils {
-
- /**
- * json转String
- * @param path 文件路径
- * @param bucketName 这里是传入的桶名称,执行完后会替换掉原json文件中的MybuckerName
- * @return
- * @throws IOException
- */
- public static String json2String(String path, String bucketName) throws IOException {
- StringBuilder result = new StringBuilder();
- ClassPathResource resource = new ClassPathResource(path);
- InputStream in = resource.getInputStream();
- // 读取文件上的数据。
- // 将字节流向字符流的转换。
- // 读取
- InputStreamReader isr = new InputStreamReader(in, StandardCharsets.UTF_8);
- // 创建字符流缓冲区
- // 缓冲
- BufferedReader bufr = new BufferedReader(isr);
-
- String line = null;
- while ((line = bufr.readLine()) != null) {
- result.append(System.lineSeparator()+line);
- }
- isr.close();
- JSONObject parse = (JSONObject) JSONObject.parse(result.toString());
- JSONArray statement = (JSONArray) parse.get("Statement");
- JSONObject o = (JSONObject) statement.get(0);
- o.remove("Resource");
- o.fluentPut("Resource", "arn:aws:s3:::" + bucketName);
- JSONObject o1 = (JSONObject) statement.get(1);
- o1.remove("Resource");
- o1.fluentPut("Resource", "arn:aws:s3:::" + bucketName + "/*");
- return parse.toString();
- }
- }
-
设置桶策略
-
-
- /**
- * 占位符
- */
- private static final String BUCKET_PARAM = "${bucket}";
-
- /**
- * bucket权限-读写
- */
- private static final String READ_WRITE = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"*\"]},\"Action\":[\"s3:GetBucketLocation\",\"s3:ListBucket\",\"s3:ListBucketMultipartUploads\"],\"Resource\":[\"arn:aws:s3:::" + BUCKET_PARAM + "\"]},{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"*\"]},\"Action\":[\"s3:DeleteObject\",\"s3:GetObject\",\"s3:ListMultipartUploadParts\",\"s3:PutObject\",\"s3:AbortMultipartUpload\"],\"Resource\":[\"arn:aws:s3:::" + BUCKET_PARAM + "/*\"]}]}";
-
-
- /**
- * bucket权限-只读
- */
- private static final String WRITE_ONLY = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"*\"]},\"Action\":[\"s3:GetBucketLocation\",\"s3:ListBucketMultipartUploads\"],\"Resource\":[\"arn:aws:s3:::" + BUCKET_PARAM + "\"]},{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":[\"*\"]},\"Action\":[\"s3:AbortMultipartUpload\",\"s3:DeleteObject\",\"s3:ListMultipartUploadParts\",\"s3:PutObject\"],\"Resource\":[\"arn:aws:s3:::" + BUCKET_PARAM + "/*\"]}]}";
-
- /**
- * 给桶设置策略 ,可读可写等等
- *
- * @param bucketName 存储桶名称
- */
- @SneakyThrows
- public void setBucketPolicy(String bucketName) {
- String policy= PolicyJsonUtils.json2String("policyJson.json",bucketName);
- //用工具类 就是把里面的常量替换出来就可以了,当时写了两种方式(喜欢那种就用那种吧)
- minioClient.setBucketPolicy(SetBucketPolicyArgs.builder().bucket(bucketName).
- config(READ_WRITE.replace(BUCKET_PARAM, bucketName)).build());
- }
-
- /**
- * 设置桶策略
- * @param bucketName
- * @return
- */
- void setPolicy(String bucketName);
-
- @Override
- public void setPolicy(String bucketName) {
- minioUtil.setBucketPolicy(bucketName);
- }
-
- @GetMapping("/setPolicy/{bucketName}")
- public String setPolicy(@PathVariable String bucketName){
- minioService.setPolicy(bucketName);
- return "设置成功";
- }
-
创建一个存储桶。
上传图片:
直接点击这个链接是无法访问的。会报这样的错误。
设置策略:
我们再访问一次之前的链接,就已经是可以访问的状态了。
湘公网安备 43102202000103号
