MINIO服务器的临时认证Token

2023-10-10 19:47:22

MINIO是类似阿里的OSS云存储服务器。它支持AWS S3服务器的一些接口。

1.搭建MINIO服务器

mkdir /usr/local/minio
mkdir /usr/local/minio/etc
mkdir /usr/local/minio/data
cd /usr/local/minio
# 等待下载完成
curl -O https://dl.minio.io/server/minio/release/linux-amd64/minio
chmod  750   minio
# 改成自己的服务器IP端口
nohup ./minio server  --console-address=192.168.0.1:19000 --config-dir /usr/local/minio/etc /usr/local/minio/data  > /usr/local/minio/minio.log 2>&1&

安装MC(MINIO服务器客户端命令)

#安装mc工具  授权初始化mc
wget https://dl.min.io/client/mc/release/linux-amd64/mc
chmod +x mc
./mc
# 添加账号
./mc config host add local http://192.168.0.1:19000 minio nsc_minio_2021

添加用户,策略

# 查看bucket
./mc ls minio
#查看配置
vim ~/.mc/config.json

#添加管理员账号
./mc admin user add local  assumerole nsc_assumerole
#添加配置策略,策略文件的 Version 固定设置为 2012-10-17
./mc admin policy add local assumerole ./policy/policy-assumerole.json
#为此账号授权策略
./mc admin policy set local assumerole user=assumerole

json策略文件/usr/local/minio/policy/policy-assumerole.json

./policy/policy-assumerole.json

{
    "Version": "2012-10-17",
    "Statement": [
         {
            "Effect": "Allow",
            "Action": [
                "s3:*",
            ],
            "Resource": [
                "arn:aws:s3:::*"
            ]
        }
    ]
}

安装aws工具


#通过 aws-cli 来获取 AssumeRole STS 授权
# aws-cli安装  到 /usr/local/
unzip awscliv2.zip 
chmod 755 -R aws 
./aws/install
 
aws configure --profile assumerole
#查看授权配置
cat ~/.aws/credentials 
#测试 
aws --profile assumerole \
    --endpoint-url 'http://192.168.0.1:9000' \
    sts assume-role \
    --policy '{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["s3:*"],"Resource": ["arn:aws:s3:::*"]}]}' \
    --role-arn 'arn:aws:s3:::image/*' \
    --role-session-name anything

如果显示结果如下,就成功了。

{
    "Credentials": {
        "AccessKeyId": "DSS2SDH76C7ITUVNV8MK",
        "SecretAccessKey": "J6+MwowTJjVw2VpgFZduX3ZbH+TdcNzuN7dR4+Bk",
        "SessionToken": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiJEU1MyU0RINzZDN0lUVVZOVjhNSyIsImV4cCI6MzYwMDAwMDAwMDAwMCwicG9saWN5IjoicmVhZG9ubHkiLCJzZXNzaW9uUG9saWN5IjoiZXlKV1pYSnphVzl1SWpvZ0lqSXdNVEl0TVRBdE1UY2lMQ0pUZEdGMFpXMWxiblFpT2lCYmV5SkZabVpsWTNRaU9pQWlRV3hzYjNjaUxDSkJZM1JwYjI0aU9pQmJJbk16T2tkbGRFOWlhbVZqZENKZExDSlNaWE52ZFhKalpTSTZJRnNpWVhKdU9tRjNjenB6TXpvNk9pb2lYWDFkZlE9PSJ9.fNP2vMvNDX5i7A_N4keuYdKuzaoYjUSAPGTuileROMSrn38Ff8TTzakIq10k4tUtxkHs2kRQhJCUyuoCPJHUyQ",
        "Expiration": "2021-09-30T09:29:06+00:00"
    },
    "AssumedRoleUser": {
        "Arn": ""
    }
}

java测试代码

package boot.spring.util;

import com.google.common.io.Files;
import io.minio.*;
import io.minio.credentials.AssumeRoleProvider;

import java.io.File;

public class MinIODemo {

    public static final String ENDPOINT = "http://192.168.0.1:9000/";
    public static final String ACCESS_KEY_COMPANY = "assumerole";
    public static final String SECRET_KEY_COMPANY = "nsc_assumerole";
    public static final String REGION = "us-east-1"; //这个影响不大
    public static final String BUCKET = "image";
    public static final String ROLE_ARN = "arn:aws:s3:::*";
    public static final String ROLE_SESSION_NAME = "anysession";
    public static final String POLICY_GET_AND_PUT = "{\n" +
            "    \"Version\": \"2012-10-17\",\n" +
            "    \"Statement\": [\n" +
            "        {\n" +
            "            \"Effect\": \"Allow\",\n" +
            "            \"Action\": [\n" +
            "                \"s3:*\"\n" +
            "            ],\n" +
            "            \"Resource\": [\n" +
            "                \"arn:aws:s3:::*\"\n" +
            "            ]\n" +
            "        }\n" +
            "    ]\n" +
            "}";

    public static void main(String[] args) throws Exception {
        AssumeRoleProvider provider = new AssumeRoleProvider(
                ENDPOINT,
                ACCESS_KEY_COMPANY,
                SECRET_KEY_COMPANY,
                3600,//默认3600秒失效,设置小于这个就是3600,大于3600就实际值
                POLICY_GET_AND_PUT,
                REGION,
                ROLE_ARN,
                ROLE_SESSION_NAME,
                null,
                null);
        System.out.println(provider.fetch().sessionToken());
        System.out.println(provider.fetch().accessKey());
        System.out.println(provider.fetch().secretKey());
        System.out.println(provider.fetch().isExpired());
        // build new minio client with *AssumeRoleProvider* as credential provider.
        MinioClient minioClient = MinioClient.builder()
                .endpoint(ENDPOINT)
                .credentialsProvider(provider)
                .build();
       /* String url = minioClient.getPresignedObjectUrl(GetPresignedObjectUrlArgs.builder()
                .method(Method.GET) // 这里不能错
                .bucket(BUCKET)
                .object("jpg/nacos.jpg")
                .expiry(604800)
                .build());
        System.out.println(url);*/
        // download object.
        String filename = "nacos.jpg";
       GetObjectResponse getObjectResponse = minioClient.getObject(GetObjectArgs.builder()
                .bucket(BUCKET).region(REGION)
                .object("jpg/" + filename)
                .build());
        byte [] buffer = new byte[getObjectResponse.available()];
        getObjectResponse.read(buffer);
        Files.write(buffer, new File("D:/" + filename));
        System.out.println("download <" + filename + "> success");

    }
}

上一篇:使用Arthas实现热更新


下一篇:JavaScript 原型对象的方法