Comments (4)
migruiz4
commented on June 20, 2024
1
The "condition" section was not supported in the bitnami/minio chart.
I have created this PR (#25462) adding support for it, so please take a look and let me know if it works for your.
Some things to consider, I have to modify your values.yaml to match upstream JSON schema:
provisioning:
enabled: true
policies:
- name: my-bucket-policy
statements:
- resources:
- "arn:aws:s3:::my-bucket/*"
effect: "Allow"
actions:
- "s3:GetObject"
condition:
StringLike:
"aws:Referer":
- "https://localhost:3000/*"
- "http://localhost:3000/*"
Notes:
- I used
conditionnotconditions. - Format is object, not array.
- Removed
: |string modifier. - Keys containing special characters, such as
aws:Referermust be quoted to prevent syntax errors.
from charts.
ammirator-administrator
commented on June 20, 2024
Is there any workaround to provide our own policy in a raw format at least?
If I create in a extra deployment a second config map but with correct policy will that be applied??
from charts.
ammirator-administrator
commented on June 20, 2024
I've tried to add a secondary configMap but it doesn't get applied by provisioning job, seems that only one within the chart itself is allowed
So there is no workaround for this
from charts.
ammirator-administrator
commented on June 20, 2024
Found a workaround, but is not the best and looks ungly, but at least it adds the Condition field to policy
extraCommands:
- |
echo "-- Running extra commands"
- |
echo "-- Creating the policy /tmp/policy-$S3_BUCKET.json for $S3_BUCKET bucket"
- |
echo '{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Principal": "*","Action": "s3:GetObject","Resource": "arn:aws:s3:::$S3_BUCKET/*","Condition": {"StringLike": {"aws:Referer": ["https://localhost:3000/*","http://localhost:3000/*","https://my-syte.test/*","http://my-syte.test/*"]}}}]}' > /tmp/policy-$S3_BUCKET.json
- |
echo "-- Creating the policy in minio system for $S3_BUCKET Using same minioAlias as in the bitnami script 'provisioning'"
- |
mc anonymous set-json /tmp/policy-$S3_BUCKET.json provisioning/$S3_BUCKETfrom charts.
Related Issues (20)
- [bitnami/mastodon] Mastodon shows a blank page when the ingress otpion is enabled in the values file with traefik ingress controler
- [bitnami/keycloak] Keycloak parameters missing documentation for tag value HOT 3
- Back-off restarting failed container kafka-init in pod HOT 1
- [bitnami/keycloak] The default value of existingSecretHostKey, existingSecretUserKey, etc is not working HOT 5
- [bitnami/minio]Console web ui creating Access Keys failed, this causes the pod to restarted. HOT 3
- [bitnami/mongodb] replicaSetConfigurationSettings.sh script always has usernameAndPassword empty because we inject rootPassword from Vault HOT 1
- [bitnami/redis-cluster] Possibility to add labels on created PVC HOT 4
- Valkey: Metrics exporter uses wrong environment variables HOT 2
- [bitnami/redis] persistence.labels are ignored HOT 1
- helm upgrade: mediawikiPassword must not be empty HOT 3
- [bitnami/mlflow] MLFlow separate settings for Auth database HOT 1
- [bitnami/kafka] Could not find or load main class kafka.tools.StorageTool HOT 8
- Failing to helm repo update HOT 4
- [bitnami/keycloak] Admin URL no longer works for chart versions higher than 21.0.2 HOT 6
- MLFlow allow using other supported database backends as external database HOT 3
- [bitnami/mongodb] Allow templating for initdbScriptsConfigMap HOT 3
- External-DNS Chart Broken with 7.3.3 due to removal of protected CRD group annotation HOT 8
- [bitnami/thanos] receiveDistributor is not set up to work properly in the chart HOT 3
- [bitnami/kafka] accessing brokers from outside the cluster (GCP) via NodePort HOT 3
- Typo in postgresql-ha/templates/NOTES.txt causes deployment failure HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from charts.