Ceph rgw COR测试
Ceph rgw COR测试
目录
一、测试过程
1、设置bucket类型为public-read 或者为public-reda-write的存储桶。
下面这里建了一个public-read的存储桶,其中ACL: *anon*: READ
表示该存储桶的访问类型为public-read
类型。
[root@control1 ~]# s3cmd info s3://test1111
s3://test1111/ (bucket):
Location: cn
Payer: BucketOwner
Expiration Rule: none
Policy: none
CORS: none
ACL: *anon*: READ
ACL: admin: FULL_CONTROL
URL: http://10.110.101.30:8080/test1111/
2、向该存储桶上传文件。并查看对象的权限。
[root@control1 ~]# s3cmd info s3://test1111/15690311636958128.jpg
s3://test1111/15690311636958128.jpg (object):
File size: 34790
Last mod: Tue, 02 Jun 2020 06:05:10 GMT
MIME type: application/octet-stream
Storage: STANDARD
MD5 sum: dcd6cadab3c9718b0a914424048364ac
SSE: none
Policy: none
CORS: none
ACL: admin: FULL_CONTROL
3、打开浏览器,打开console,输入以下代码,进行访问测试
var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://10.110.101.30:8080/test1111/15690311636958128.jpg');
xhr.send(null);
xhr.onload = function(e) {
var xhr = e.target;
console.log(xhr.responseText);
}
#######
Access to XMLHttpRequest at 'http://10.110.101.30:8080/test1111/15690311636958128.jpg' from origin 'chrome-search://local-ntp' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
执行回车,结果如下:
4、设置CORS规则
# 编辑cors规则
[root@control1 ~]# cat cors.xml
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>GET</AllowedMethod>
<AllowedOrigin>*</AllowedOrigin>
<AllowedHeader>*</AllowedHeader>
<ExposeHeader>ETag</ExposeHeader>
</CORSRule>
</CORSConfiguration>
# 设置cor规则
[root@control1 ~]# s3cmd setcors cors.xml s3://test1111
#查看存储桶的COR规则
[root@control1 ~]# s3cmd info s3://test1111
s3://test1111/ (bucket):
Location: cn
Payer: BucketOwner
Expiration Rule: none
Policy: none
CORS: <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><CORSRule><AllowedMethod>GET</AllowedMethod><AllowedMethod>PUT</AllowedMethod><AllowedMethod>DELETE</AllowedMethod><AllowedMethod>POST</AllowedMethod><AllowedOrigin>*</AllowedOrigin><AllowedHeader>*</AllowedHeader><ExposeHeader>ETag</ExposeHeader></CORSRule></CORSConfiguration>
ACL: *anon*: READ
ACL: admin: FULL_CONTROL
URL: http://10.110.101.30:8080/test1111/
# 查看object的规则
[root@control1 ~]# s3cmd info s3://test1111/15690311636958128.jpg
s3://test1111/15690311636958128.jpg (object):
File size: 34790
Last mod: Tue, 02 Jun 2020 06:05:10 GMT
MIME type: application/octet-stream
Storage: STANDARD
MD5 sum: dcd6cadab3c9718b0a914424048364ac
SSE: none
Policy: none
CORS: <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><CORSRule><AllowedMethod>GET</AllowedMethod><AllowedMethod>PUT</AllowedMethod><AllowedMethod>DELETE</AllowedMethod><AllowedMethod>POST</AllowedMethod><AllowedOrigin>*</AllowedOrigin><AllowedHeader>*</AllowedHeader><ExposeHeader>ETag</ExposeHeader></CORSRule></CORSConfiguration>
ACL: admin: FULL_CONTROL
5、访问测试
看上图还是不能访问,提示accessdenied
我们需要给对象设置为任何人都可以读取
# 将object的acl规则设置为public-read
[root@control1 ~]# s3cmd setacl -P s3://test1111/15690311636958128.jpg
s3://test1111/15690311636958128.jpg: ACL set to Public [1 of 1]
# 查看对象相关的变量信息
[root@control1 ~]# s3cmd info s3://test1111/15690311636958128.jpg
s3://test1111/15690311636958128.jpg (object):
File size: 34790
Last mod: Tue, 02 Jun 2020 06:27:11 GMT
MIME type: application/octet-stream
Storage: STANDARD
MD5 sum: dcd6cadab3c9718b0a914424048364ac
SSE: none
Policy: none
CORS: <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><CORSRule><AllowedMethod>GET</AllowedMethod><AllowedMethod>PUT</AllowedMethod><AllowedMethod>DELETE</AllowedMethod><AllowedMethod>POST</AllowedMethod><AllowedOrigin>*</AllowedOrigin><AllowedHeader>*</AllowedHeader><ExposeHeader>ETag</ExposeHeader></CORSRule></CORSConfiguration>
ACL: *anon*: READ
ACL: admin: FULL_CONTROL
URL: http://10.110.101.30:8080/test1111/15690311636958128.jpg