minio文件桶策略设置

一、访问策略

1、支持以下效果

Allow
Deny

2、支持以下操作

s3:GetObject
s3:ListBucket
s3:PutObject
s3:GetBucketLocation
s3:DeleteObject
s3:AbortMultipartUpload
s3:ListBucketMultipartUploads
s3:ListMultipartUploadParts

3、支持下列条件

StringEquals
StringNotEquals
StringLike
StringNotLike
IpAddress
NotIpAddress

每个条件支持的key

s3:prefix
s3:max-keys
aws:Referer
aws:SourceIp

4、是否支持嵌套策略

不支持嵌套策略

二、配置示例

// Assume policyJson contains below JSON string;
 {
     "Statement": [
         {
             "Action": [
                 "s3:GetBucketLocation",
                 "s3:ListBucket"
             ],
             "Effect": "Allow",
             "Principal": "*",
             "Resource": "arn:aws:s3:::my-bucketname"
         },
         {
             "Action": "s3:GetObject",
             "Effect": "Allow",
             "Principal": "*",
             "Resource": "arn:aws:s3:::my-bucketname/myobject*"
         }
     ],
     "Version": "2012-10-17"
}

minioClient.setBucketPolicy(
SetBucketPolicyArgs.builder().bucket("my-bucketname").config(policyJson).build());
1、 "Resource": "arn:aws:s3:::my-bucketname/myobject*" 这里最后的'*'不能舍弃，否则会报错
2、Version": "2012-10-17 好像这是版本的一个固定值，对应的版本使用