Policy configuration of accessing bucket with Minio SDK

Time:2022-5-23

Configure users to access buckets

Minio is a high-performance object storage service, which is developed based on golang and can be deployed locally.
It is very convenient to use it to manage the uploaded and downloaded files in your system.

When accessing Minio services through SDK, you usually create a service account first, and then access the bucket through access key and secret key.
For example:

package main

import (
    "log"

    "github.com/minio/minio-go/v7"
    "github.com/minio/minio-go/v7/pkg/credentials"
)

func InitMinioClient(endpoint, accessKey, secretKey string) (*minio.Client, error) {
    return minio.New(endpoint, &minio.Options{
        Creds:  credentials.NewStaticV4(accessKey, secretKey, ""),
        Secure: false,
    })
}

// upload file
func PutFile(mc *minio.Client, bucketname, objectname, fp string) (minio.UploadInfo, error) {
    return mc.FPutObject(context.Background(), bucketname, objectname, fp, minio.PutObjectOptions{
      ContentType: "application/csv",
    })
}



func main() {
    endpoint := "your minio endpoint"
    accessKey := "Q3AM3UQ867SPQQA43P2F"
    secretKey := "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG"

    // Initialize minio client object.
  	minioClient, err := InitMinioClient(endpoint, accessKey, secretKey)
  	//Omit error handling...
  
    PutFile(minioClient, "test", "test.csv", "./xxx.csv")
  	//Omit error handling...
}

In the latest version of Minio console, there are two entries for configuring service account:
image.png

Configure the policy to access the bucket

First, each bucket has three access policies to set:

  1. Public: access key and secret key are not required and can be accessed directly
  2. Private: access key and secret key are required to access
  3. Custom: access key and secret key are not required, but can only be accessed in a manner consistent with the policy

image.png

The default is the privilege policy, which requires access key and secret key.
Public policy allows everyone to access without any access control. It is suitable for public resources.

The custom strategy is the goal of this attempt.
Since we don’t have access key and secret key, the above code can be changed as follows:

package main

import (
    "log"

    "github.com/minio/minio-go/v7"
    "github.com/minio/minio-go/v7/pkg/credentials"
)

func InitMinioClient(endpoint string) (*minio.Client, error) {
    return minio.New(endpoint, &minio.Options{
        Creds:  credentials.NewStaticV4("", "", ""),
        Secure: false,
    })
}

// upload file
func PutFile(mc *minio.Client, bucketname, objectname, fp string) (minio.UploadInfo, error) {
    return mc.FPutObject(context.Background(), bucketname, objectname, fp, minio.PutObjectOptions{
      ContentType: "application/csv",
    })
}



func main() {
    endpoint := "your minio endpoint"
    // Initialize minio client object.
  	minioClient, err := InitMinioClient(endpoint)
  	//Omit error handling...
  
    PutFile(minioClient, "test", "test.csv", "./xxx.csv")
  	//Omit error handling...
}

At the same time, configure the bucket policy to allow * * putfile * * operation.
image.png

In this way, even if the access key and secure key are not configured, we can access the test bucket.

summary

You can access by configuring users without specifying a specific bucket.
To access by configuring policies, you need to configure specific bucket access policies.
Each of them has its own application scenario, and you can choose a suitable way according to the actual situation.

The version of Minio I use is:

$ docker exec minio_minio_1 minio -v
minio version RELEASE.2022-02-16T00-35-27Z

Recommended Today

A front-end developer's Vim is the same as an IDE

Here is my new configurationjaywcjlove/vim-webI've been grinding it, and it's basically ready to use. Take it out and cheat the star Install The latest version of Vim 7.4+ uses (brew install macvim) installation, vim version updatebrew install macvim –override-system-vim View configuration locations # Enter vim and enter the following characters :echo $MYVIMRC download vim-web Download […]