Minio: How's bucket policy related to anonymous/authorized access?

Question

Minio has policies for each bucket. Which contains:

• ReadOnly
• WriteOnly
• Read+Write
• None

How are these related to the anonymous/authorized access to the folders?
Like say I want to make a bunch of files available as read-only to users without credentials (access key and secret key). How can I do it?

Answer 1

Bucket policies provided by Minio client side are an abstracted version of the same bucket policies AWS S3 provides.

Client constructs a policy JSON based on the input string of bucket and prefix.

• ReadOnly means - anonymous download access is allowed includes being able to list objects on the desired prefix
• WriteOnly means - anonymous uploads are allowed includes being able to list incomplete uploads on the desired prefix
• Read-Write - anonymous access to upload and download all objects. This also means full public access.
• None - is default (no policy) it means that all operations need to be authenticated towards desired bucket and prefix.

A bunch of files should reside under a particular prefix can be made available for read only access. Lets say your prefix is 'my-prefix/read-only/downloads' then if you are using

import java.io.IOException; import java.security.NoSuchAlgorithmException; import java.security.InvalidKeyException;  import org.xmlpull.v1.XmlPullParserException;  import io.minio.MinioClient; import io.minio.policy.PolicyType; import io.minio.errors.MinioException;  public class SetBucketPolicy {   /**    * MinioClient.setBucketPolicy() example.    */   public static void main(String[] args)     throws IOException, NoSuchAlgorithmException, InvalidKeyException, XmlPullParserException {     try {       /* play.minio.io for test and development. */       MinioClient minioClient = new MinioClient("https://play.minio.io:9000", "Q3AM3UQ867SPQQA43P2F",                                                 "zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG");        /* Amazon S3: */       // MinioClient minioClient = new MinioClient("https://s3.amazonaws.com", "YOUR-ACCESSKEYID",       //                                           "YOUR-SECRETACCESSKEY");        minioClient.setBucketPolicy("my-bucketname", "my-prefix/read-only/downloads", PolicyType.READ_ONLY);     } catch (MinioException e) {       System.out.println("Error occurred: " + e);     }   } } 

Once your call is successful, all the objects inside 'my-prefix/read-only/downloads' are publicly readable i.e without access/secret key.

Answer 2

'public' is valid policy...

You can change this policy: install mc (minio client) and then:

# list default hosts after install: 
mc config host ls

# remove all hosts: mc config host rm {hostName}
mc config host rm local

# add your host: mc config host add {hostName} {url} {apiKey} {apiSecret}
mc config host add local http://127.0.0.1:9000 ClientIdASSDSD ClientSecretASASASdsasdasdasdasd

# create bucket: mc mb {host}/{bucket}
mc mb local/mybucket

# change bucket policy: mc policy set {policy} {host}/{bucket}
mc policy set public local/mybucket