天天看點
傳回

MINIO伺服器的臨時認證Token

MINIO是類似阿裡的OSS雲存儲伺服器。它支援AWS S3伺服器的一些接口。

1.搭建MINIO伺服器

mkdir /usr/local/minio
mkdir /usr/local/minio/etc
mkdir /usr/local/minio/data
cd /usr/local/minio
# 等待下載下傳完成
curl -O https://dl.minio.io/server/minio/release/linux-amd64/minio
chmod  750   minio
# 改成自己的伺服器IP端口
nohup ./minio server  --console-address=192.168.0.1:19000 --config-dir /usr/local/minio/etc /usr/local/minio/data  > /usr/local/minio/minio.log 2>&1&

安裝MC(MINIO伺服器用戶端指令)

#安裝mc工具  授權初始化mc
wget https://dl.min.io/client/mc/release/linux-amd64/mc
chmod +x mc
./mc
# 添加賬号
./mc config host add local http://192.168.0.1:19000 minio nsc_minio_2021

添加使用者,政策

# 檢視bucket
./mc ls minio
#檢視配置
vim ~/.mc/config.json

#添加管理者賬号
./mc admin user add local  assumerole nsc_assumerole
#添加配置政策,政策檔案的 Version 固定設定為 2012-10-17
./mc admin policy add local assumerole ./policy/policy-assumerole.json
#為此賬号授權政策
./mc admin policy set local assumerole user=assumerole

json政策檔案/usr/local/minio/policy/policy-assumerole.json

./policy/policy-assumerole.json

{
    "Version": "2012-10-17",
    "Statement": [
         {
            "Effect": "Allow",
            "Action": [
                "s3:*",
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ]
        }
    ]
}

安裝aws工具

#通過 aws-cli 來擷取 AssumeRole STS 授權
# aws-cli安裝  到 /usr/local/
unzip awscliv2.zip 
chmod 755 -R aws 
./aws/install
 
aws configure --profile assumerole
#檢視授權配置
cat ~/.aws/credentials 
#測試 
aws --profile assumerole \
    --endpoint-url 'http://192.168.0.1:9000' \
    sts assume-role \
    --policy '{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["s3:*"],"Resource": ["arn:aws:s3:::*"]}]}' \
    --role-arn 'arn:aws:s3:::image/*' \
    --role-session-name anything

如果顯示結果如下,就成功了。

{
    "Credentials": {
        "AccessKeyId": "DSS2SDH76C7ITUVNV8MK",
        "SecretAccessKey": "J6+MwowTJjVw2VpgFZduX3ZbH+TdcNzuN7dR4+Bk",
        "SessionToken": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiJEU1MyU0RINzZDN0lUVVZOVjhNSyIsImV4cCI6MzYwMDAwMDAwMDAwMCwicG9saWN5IjoicmVhZG9ubHkiLCJzZXNzaW9uUG9saWN5IjoiZXlKV1pYSnphVzl1SWpvZ0lqSXdNVEl0TVRBdE1UY2lMQ0pUZEdGMFpXMWxiblFpT2lCYmV5SkZabVpsWTNRaU9pQWlRV3hzYjNjaUxDSkJZM1JwYjI0aU9pQmJJbk16T2tkbGRFOWlhbVZqZENKZExDSlNaWE52ZFhKalpTSTZJRnNpWVhKdU9tRjNjenB6TXpvNk9pb2lYWDFkZlE9PSJ9.fNP2vMvNDX5i7A_N4keuYdKuzaoYjUSAPGTuileROMSrn38Ff8TTzakIq10k4tUtxkHs2kRQhJCUyuoCPJHUyQ",
        "Expiration": "2021-09-30T09:29:06+00:00"
    },
    "AssumedRoleUser": {
        "Arn": ""
    }
}

java測試代碼

package boot.spring.util;

import com.google.common.io.Files;
import io.minio.*;
import io.minio.credentials.AssumeRoleProvider;

import java.io.File;

public class MinIODemo {

    public static final String ENDPOINT = "http://192.168.0.1:9000/";
    public static final String ACCESS_KEY_COMPANY = "assumerole";
    public static final String SECRET_KEY_COMPANY = "nsc_assumerole";
    public static final String REGION = "us-east-1"; //這個影響不大
    public static final String BUCKET = "image";
    public static final String ROLE_ARN = "arn:aws:s3:::*";
    public static final String ROLE_SESSION_NAME = "anysession";
    public static final String POLICY_GET_AND_PUT = "{\n" +
            "    \"Version\": \"2012-10-17\",\n" +
            "    \"Statement\": [\n" +
            "        {\n" +
            "            \"Effect\": \"Allow\",\n" +
            "            \"Action\": [\n" +
            "                \"s3:*\"\n" +
            "            ],\n" +
            "            \"Resource\": [\n" +
            "                \"arn:aws:s3:::*\"\n" +
            "            ]\n" +
            "        }\n" +
            "    ]\n" +
            "}";

    public static void main(String[] args) throws Exception {
        AssumeRoleProvider provider = new AssumeRoleProvider(
                ENDPOINT,
                ACCESS_KEY_COMPANY,
                SECRET_KEY_COMPANY,
                3600,//預設3600秒失效,設定小于這個就是3600,大于3600就實際值
                POLICY_GET_AND_PUT,
                REGION,
                ROLE_ARN,
                ROLE_SESSION_NAME,
                null,
                null);
        System.out.println(provider.fetch().sessionToken());
        System.out.println(provider.fetch().accessKey());
        System.out.println(provider.fetch().secretKey());
        System.out.println(provider.fetch().isExpired());
        // build new minio client with *AssumeRoleProvider* as credential provider.
        MinioClient minioClient = MinioClient.builder()
                .endpoint(ENDPOINT)
                .credentialsProvider(provider)
                .build();
       /* String url = minioClient.getPresignedObjectUrl(GetPresignedObjectUrlArgs.builder()
                .method(Method.GET) // 這裡不能錯
                .bucket(BUCKET)
                .object("jpg/nacos.jpg")
                .expiry(604800)
                .build());
        System.out.println(url);*/
        // download object.
        String filename = "nacos.jpg";
       GetObjectResponse getObjectResponse = minioClient.getObject(GetObjectArgs.builder()
                .bucket(BUCKET).region(REGION)
                .object("jpg/" + filename)
                .build());
        byte [] buffer = new byte[getObjectResponse.available()];
        getObjectResponse.read(buffer);
        Files.write(buffer, new File("D:/" + filename));
        System.out.println("download <" + filename + "> success");

    }
}
Linux 阿裡雲 aws
上一篇: Flutter-深入了解flutter手勢分發過程與相關Api
下一篇: classpath、path、JAVA_HOME的作用及JAVA環境變量配置1.CLASSPATH是什麼?它的作用是什麼?

繼續閱讀