go minio 设置访问权限
bucket 权限
桶默认可以有三种 Access Policy 策略:public、custom、private。
- public:不经过任何认证可以直接访问资源
- custom:自定义策略 Access Rule
- private:未经授权不能进行任何操作,所有Access Rules失效
策略为custom
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:PutObject",
"s3:DeleteObject",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3:::<bucket-name>/*"
]
}
]
}
策略为public
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Resource": [
"arn:aws:s3:::aite-data"
]
},
{
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Action": [
"s3:DeleteObject",
"s3:GetObject",
"s3:ListMultipartUploadParts",
"s3:PutObject",
"s3:AbortMultipartUpload"
],
"Resource": [
"arn:aws:s3:::aite-data/*"
]
}
]
}
go设置桶权限
func (m *minio) SetUserBucketsAccess(ctx context.Context, userName string, buckets []string) error {
rs := make([]string, 0)
for _, b := range buckets {
rs = append(rs, fmt.Sprintf(`"arn:aws:s3:::%s/*"`, b))
}
policy := fmt.Sprintf(`{"Version": "2012-10-17","Statement": [{"Action": ["s3:*"],"Effect": "Allow","Resource": [%s]}]}`, strings.Join(rs, ","))
fmt.Println(policy)
err := m.adminClient.AddCannedPolicy(ctx, userName, []byte(policy))
if err != nil {
return errors.Errorf(nil, errors.ErrorMinioOperationFailed)
}
err = m.adminClient.SetPolicy(ctx, userName, userName, false)
if err != nil {
return errors.Errorf(nil, errors.ErrorMinioOperationFailed)
}
return nil
}
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· 记一次.NET内存居高不下排查解决与启示
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
2023-05-22 goframe API 自定义接口返回值处理
2023-05-22 更新docker配置,重启docker进程,容器不重启
2021-05-22 Golang 入门 : 浮点数
2021-05-22 Golang 入门 : 整型
2021-05-22 Golang 入门 : 类型系统介绍
2020-05-22 linux安装nodejs
2020-05-22 mysql导入失败