Ceph rgw COR测试

Ceph rgw COR测试

目录

一、测试过程

1、设置bucket类型为public-read 或者为public-reda-write的存储桶。

Ceph rgw COR测试

下面这里建了一个public-read的存储桶,其中ACL: *anon*: READ 表示该存储桶的访问类型为public-read

类型。

[root@control1 ~]# s3cmd info s3://test1111
s3://test1111/ (bucket):
   Location:  cn
   Payer:     BucketOwner
   Expiration Rule: none
   Policy:    none
   CORS:      none
   ACL:       *anon*: READ
   ACL:       admin: FULL_CONTROL
   URL:       http://10.110.101.30:8080/test1111/

2、向该存储桶上传文件。并查看对象的权限。

[root@control1 ~]# s3cmd info s3://test1111/15690311636958128.jpg
s3://test1111/15690311636958128.jpg (object):
   File size: 34790
   Last mod:  Tue, 02 Jun 2020 06:05:10 GMT
   MIME type: application/octet-stream
   Storage:   STANDARD
   MD5 sum:   dcd6cadab3c9718b0a914424048364ac
   SSE:       none
   Policy:    none
   CORS:      none
   ACL:       admin: FULL_CONTROL

3、打开浏览器,打开console,输入以下代码,进行访问测试

var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://10.110.101.30:8080/test1111/15690311636958128.jpg');
xhr.send(null);
xhr.onload = function(e) {
    var xhr = e.target;
    console.log(xhr.responseText);
}

#######
Access to XMLHttpRequest at 'http://10.110.101.30:8080/test1111/15690311636958128.jpg' from origin 'chrome-search://local-ntp' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

执行回车,结果如下:

Ceph rgw COR测试

4、设置CORS规则

# 编辑cors规则
[root@control1 ~]# cat cors.xml
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedMethod>PUT</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>GET</AllowedMethod>
<AllowedOrigin>*</AllowedOrigin>
<AllowedHeader>*</AllowedHeader>
<ExposeHeader>ETag</ExposeHeader>
</CORSRule>
</CORSConfiguration>


# 设置cor规则
[root@control1 ~]# s3cmd setcors cors.xml s3://test1111

#查看存储桶的COR规则
[root@control1 ~]# s3cmd info s3://test1111
s3://test1111/ (bucket):
   Location:  cn
   Payer:     BucketOwner
   Expiration Rule: none
   Policy:    none
   CORS:      <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><CORSRule><AllowedMethod>GET</AllowedMethod><AllowedMethod>PUT</AllowedMethod><AllowedMethod>DELETE</AllowedMethod><AllowedMethod>POST</AllowedMethod><AllowedOrigin>*</AllowedOrigin><AllowedHeader>*</AllowedHeader><ExposeHeader>ETag</ExposeHeader></CORSRule></CORSConfiguration>
   ACL:       *anon*: READ
   ACL:       admin: FULL_CONTROL
   URL:       http://10.110.101.30:8080/test1111/

# 查看object的规则
[root@control1 ~]# s3cmd info  s3://test1111/15690311636958128.jpg
s3://test1111/15690311636958128.jpg (object):
   File size: 34790
   Last mod:  Tue, 02 Jun 2020 06:05:10 GMT
   MIME type: application/octet-stream
   Storage:   STANDARD
   MD5 sum:   dcd6cadab3c9718b0a914424048364ac
   SSE:       none
   Policy:    none
   CORS:      <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><CORSRule><AllowedMethod>GET</AllowedMethod><AllowedMethod>PUT</AllowedMethod><AllowedMethod>DELETE</AllowedMethod><AllowedMethod>POST</AllowedMethod><AllowedOrigin>*</AllowedOrigin><AllowedHeader>*</AllowedHeader><ExposeHeader>ETag</ExposeHeader></CORSRule></CORSConfiguration>
   ACL:       admin: FULL_CONTROL

5、访问测试

Ceph rgw COR测试

看上图还是不能访问,提示accessdenied

我们需要给对象设置为任何人都可以读取

# 将object的acl规则设置为public-read
[root@control1 ~]# s3cmd setacl  -P  s3://test1111/15690311636958128.jpg
s3://test1111/15690311636958128.jpg: ACL set to Public  [1 of 1]

# 查看对象相关的变量信息
[root@control1 ~]# s3cmd info  s3://test1111/15690311636958128.jpg
s3://test1111/15690311636958128.jpg (object):
   File size: 34790
   Last mod:  Tue, 02 Jun 2020 06:27:11 GMT
   MIME type: application/octet-stream
   Storage:   STANDARD
   MD5 sum:   dcd6cadab3c9718b0a914424048364ac
   SSE:       none
   Policy:    none
   CORS:      <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><CORSRule><AllowedMethod>GET</AllowedMethod><AllowedMethod>PUT</AllowedMethod><AllowedMethod>DELETE</AllowedMethod><AllowedMethod>POST</AllowedMethod><AllowedOrigin>*</AllowedOrigin><AllowedHeader>*</AllowedHeader><ExposeHeader>ETag</ExposeHeader></CORSRule></CORSConfiguration>
   ACL:       *anon*: READ
   ACL:       admin: FULL_CONTROL
   URL:       http://10.110.101.30:8080/test1111/15690311636958128.jpg
上一篇:Linux 递归acl权限和默认acl权限


下一篇:负载均衡服务之HAProxy访问控制ACL