26

Minio has policies for each bucket. Which contains:

  • ReadOnly
  • WriteOnly
  • Read+Write
  • None

How are these related to the anonymous/authorized access to the folders?
Like say I want to make a bunch of files available as read-only to users without credentials (access key and secret key). How can I do it?

Daniel
  • 5,839
  • 9
  • 46
  • 85

2 Answers2

23

Bucket policies provided by Minio client side are an abstracted version of the same bucket policies AWS S3 provides.

Client constructs a policy JSON based on the input string of bucket and prefix.

  • ReadOnly means - anonymous download access is allowed includes being able to list objects on the desired prefix
  • WriteOnly means - anonymous uploads are allowed includes being able to list incomplete uploads on the desired prefix
  • Read-Write - anonymous access to upload and download all objects. This also means full public access.
  • None - is default (no policy) it means that all operations need to be authenticated towards desired bucket and prefix.

A bunch of files should reside under a particular prefix can be made available for read only access. Lets say your prefix is 'my-prefix/read-only/downloads' then if you are using

import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;

import org.xmlpull.v1.XmlPullParserException;

import io.minio.MinioClient;
import io.minio.policy.PolicyType;
import io.minio.errors.MinioException;

public class SetBucketPolicy {
  /**
   * MinioClient.setBucketPolicy() example.
   */
  public static void main(String[] args)
    throws IOException, NoSuchAlgorithmException, InvalidKeyException, XmlPullParserException {
    try {
      /* play.minio.io for test and development. */
      MinioClient minioClient = new MinioClient("https://play.minio.io:9000", "Q3AM3UQ867SPQQA43P2F",
                                                "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG");

      /* Amazon S3: */
      // MinioClient minioClient = new MinioClient("https://s3.amazonaws.com", "YOUR-ACCESSKEYID",
      //                                           "YOUR-SECRETACCESSKEY");

      minioClient.setBucketPolicy("my-bucketname", "my-prefix/read-only/downloads", PolicyType.READ_ONLY);
    } catch (MinioException e) {
      System.out.println("Error occurred: " + e);
    }
  }
}

Once your call is successful, all the objects inside 'my-prefix/read-only/downloads' are publicly readable i.e without access/secret key.

chadyred
  • 424
  • 1
  • 9
  • 19
Harshavardhana
  • 1,400
  • 8
  • 17
  • Thanks for the clarification. How can I make some files private? Like no anonymous (read) access? – Daniel Mar 06 '17 at 02:35
  • By default all your files are private, there is no special call to make them private. – Harshavardhana Mar 06 '17 at 02:40
  • 2
    just to be clear (so you can test from `curl`), the URL you would actually access a file is `https://play.minio.io:9000/my-bucketname/`, where `` in the above example is `my_prefix/read-only/downloads`, presumably you've created this path. If you just have a file `file.jpg` in the bucket, you'd have a prefix of `` in the above call and the url would be `https://play.minio.io:9000/my-bucketname/file.jpg` I found it confusing if I couldn't make a specific working example, so here it is. – Paul S Oct 03 '17 at 00:13
  • Is there a way to create bucket programatically on Minio without authenticating, i.e policy global to Minio, not limited to operations on a bucket. I need it to run an integration test, which will do following 1. Run Minio in docker. 2. Run AWS SAM to create bucket, upload object 3. SAM processes the objects as per the production code. – Kuldeep Yadav Jan 27 '23 at 07:16
12

'public' is valid policy...

You can change this policy: install mc (minio client) and then:

# list default hosts after install: 
mc config host ls

# remove all hosts: mc config host rm {hostName}
mc config host rm local

# add your host: mc config host add {hostName} {url} {apiKey} {apiSecret}
mc config host add local http://127.0.0.1:9000 ClientIdASSDSD ClientSecretASASASdsasdasdasdasd

# create bucket: mc mb {host}/{bucket}
mc mb local/mybucket

# change bucket policy: mc policy set {policy} {host}/{bucket}
mc policy set public local/mybucket
cweiske
  • 30,033
  • 14
  • 133
  • 194
Cumbu
  • 171
  • 1
  • 5