- 参考资料
- 一、概述
- 二、MinIO 桶策略
- 1、问题引出
- 2、不同的读写策略
- 只读 `PolicyType.READ`
- 只写 `PolicyType.WRITE`
- 读写 `PolicyType.READ_WRITE`
- 3、读写策略解析
1、MinIO中文文档 - Java Client API参考文档
2、MinIO中文文档 - 适用于与Amazon S3兼容的云存储的MinIO Java SDK
3、亚马逊官方文档 - Amazon S3 中的策略和权限
4、操作存储桶策略Demo
5、minio文件桶策略设置
这篇文章主要是整理记录一下框架中关于 MinIO 桶策略的相关内容。
二、MinIO 桶策略 1、问题引出前面几篇笔记主要是着重在MinIO使用上,但是还有一些细节的地方需要整理一下。
如下代码:
在 MinIO 创建桶时,调用了方法 MinioCloudStorageStrategy#getPolicy()
private String getPolicy(String bucketName, PolicyType policyType) {
StringBuilder builder = new StringBuilder();
builder.append("{n");
builder.append(" "Statement": [n");
builder.append(" {n");
builder.append(" "Action": [n");
if (policyType == PolicyType.WRITE) {
builder.append(" "s3:GetBucketLocation",n");
builder.append(" "s3:ListBucketMultipartUploads"n");
} else if (policyType == PolicyType.READ_WRITE) {
builder.append(" "s3:GetBucketLocation",n");
builder.append(" "s3:ListBucket",n");
builder.append(" "s3:ListBucketMultipartUploads"n");
} else {
builder.append(" "s3:GetBucketLocation"n");
}
builder.append(" ],n");
builder.append(" "Effect": "Allow",n");
builder.append(" "Principal": "*",n");
builder.append(" "Resource": "arn:aws:s3:::");
builder.append(bucketName);
builder.append(""n");
builder.append(" },n");
if (PolicyType.READ.equals(policyType)) {
builder.append(" {n");
builder.append(" "Action": [n");
builder.append(" "s3:ListBucket"n");
builder.append(" ],n");
builder.append(" "Effect": "Deny",n");
builder.append(" "Principal": "*",n");
builder.append(" "Resource": "arn:aws:s3:::");
builder.append(bucketName);
builder.append(""n");
builder.append(" },n");
}
builder.append(" {n");
builder.append(" "Action": ");
switch (policyType) {
case WRITE:
builder.append("[n");
builder.append(" "s3:AbortMultipartUpload",n");
builder.append(" "s3:DeleteObject",n");
builder.append(" "s3:ListMultipartUploadParts",n");
builder.append(" "s3:PutObject"n");
builder.append(" ],n");
break;
case READ_WRITE:
builder.append("[n");
builder.append(" "s3:AbortMultipartUpload",n");
builder.append(" "s3:DeleteObject",n");
builder.append(" "s3:GetObject",n");
builder.append(" "s3:ListMultipartUploadParts",n");
builder.append(" "s3:PutObject"n");
builder.append(" ],n");
break;
default:
builder.append(""s3:GetObject",n");
break;
}
builder.append(" "Effect": "Allow",n");
builder.append(" "Principal": "*",n");
builder.append(" "Resource": "arn:aws:s3:::");
builder.append(bucketName);
builder.append("
READ("read-only"),
WRITE("write-only"),
READ_WRITE("read-write");
在控制台打印了一下不同策略的生成结果如下:
只读 PolicyType.READ{
"Statement": [
{
"Action": [
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Principal": "*",
"Resource": "arn:aws:s3:::ruoyi"
},
{
"Action": [
"s3:ListBucket"
],
"Effect": "Deny",
"Principal": "*",
"Resource": "arn:aws:s3:::ruoyi"
},
{
"Action": "s3:GetObject",
"Effect": "Allow",
"Principal": "*",
"Resource": "arn:aws:s3:::ruoyi/*"
}
],
"Version": "2012-10-17"
}
只写 PolicyType.WRITE
{
"Statement": [
{
"Action": [
"s3:GetBucketLocation",
"s3:ListBucketMultipartUploads"
],
"Effect": "Allow",
"Principal": "*",
"Resource": "arn:aws:s3:::ruoyi"
},
{
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:ListMultipartUploadParts",
"s3:PutObject"
],
"Effect": "Allow",
"Principal": "*",
"Resource": "arn:aws:s3:::ruoyi/*"
}
],
"Version": "2012-10-17"
}
读写 PolicyType.READ_WRITE
{
"Statement": [
{
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Effect": "Allow",
"Principal": "*",
"Resource": "arn:aws:s3:::ruoyi"
},
{
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:ListMultipartUploadParts",
"s3:PutObject"
],
"Effect": "Allow",
"Principal": "*",
"Resource": "arn:aws:s3:::ruoyi/*"
}
],
"Version": "2012-10-17"
}
3、读写策略解析
来自亚马逊官方文档的解析:
亚马逊官方文档 - Amazon S3 中的策略和权限
