Code Monkey home page Code Monkey logo

Comments (4)

migruiz4 avatar migruiz4 commented on June 20, 2024 1

Hi @ammirator-administrator,

The "condition" section was not supported in the bitnami/minio chart.

I have created this PR (#25462) adding support for it, so please take a look and let me know if it works for your.

Some things to consider, I have to modify your values.yaml to match upstream JSON schema:

provisioning:
  enabled: true
  policies:
    - name: my-bucket-policy
      statements:
        - resources:
            - "arn:aws:s3:::my-bucket/*"
          effect: "Allow"
          actions:
            - "s3:GetObject"
          condition:
            StringLike:
                "aws:Referer":
                  - "https://localhost:3000/*"
                  - "http://localhost:3000/*"

Notes:

  • I used condition not conditions.
  • Format is object, not array.
  • Removed : | string modifier.
  • Keys containing special characters, such as aws:Referer must be quoted to prevent syntax errors.

from charts.

ammirator-administrator avatar ammirator-administrator commented on June 20, 2024

Is there any workaround to provide our own policy in a raw format at least?
If I create in a extra deployment a second config map but with correct policy will that be applied??

from charts.

ammirator-administrator avatar ammirator-administrator commented on June 20, 2024

I've tried to add a secondary configMap but it doesn't get applied by provisioning job, seems that only one within the chart itself is allowed

So there is no workaround for this

from charts.

ammirator-administrator avatar ammirator-administrator commented on June 20, 2024

Found a workaround, but is not the best and looks ungly, but at least it adds the Condition field to policy

  extraCommands:
    - |
      echo "-- Running extra commands"
    - |
      echo "-- Creating the policy /tmp/policy-$S3_BUCKET.json for $S3_BUCKET bucket"
    - |
      echo '{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Principal": "*","Action": "s3:GetObject","Resource": "arn:aws:s3:::$S3_BUCKET/*","Condition": {"StringLike": {"aws:Referer": ["https://localhost:3000/*","http://localhost:3000/*","https://my-syte.test/*","http://my-syte.test/*"]}}}]}' > /tmp/policy-$S3_BUCKET.json
    - |
      echo "-- Creating the policy in minio system for $S3_BUCKET Using same minioAlias as in the bitnami script 'provisioning'"
    - |
      mc anonymous set-json /tmp/policy-$S3_BUCKET.json provisioning/$S3_BUCKET

from charts.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.