Comments (4)
The "condition" section was not supported in the bitnami/minio
chart.
I have created this PR (#25462) adding support for it, so please take a look and let me know if it works for your.
Some things to consider, I have to modify your values.yaml to match upstream JSON schema:
provisioning:
enabled: true
policies:
- name: my-bucket-policy
statements:
- resources:
- "arn:aws:s3:::my-bucket/*"
effect: "Allow"
actions:
- "s3:GetObject"
condition:
StringLike:
"aws:Referer":
- "https://localhost:3000/*"
- "http://localhost:3000/*"
Notes:
- I used
condition
notconditions
. - Format is object, not array.
- Removed
: |
string modifier. - Keys containing special characters, such as
aws:Referer
must be quoted to prevent syntax errors.
from charts.
Is there any workaround to provide our own policy in a raw format at least?
If I create in a extra deployment a second config map but with correct policy will that be applied??
from charts.
I've tried to add a secondary configMap but it doesn't get applied by provisioning job, seems that only one within the chart itself is allowed
So there is no workaround for this
from charts.
Found a workaround, but is not the best and looks ungly, but at least it adds the Condition field to policy
extraCommands:
- |
echo "-- Running extra commands"
- |
echo "-- Creating the policy /tmp/policy-$S3_BUCKET.json for $S3_BUCKET bucket"
- |
echo '{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Principal": "*","Action": "s3:GetObject","Resource": "arn:aws:s3:::$S3_BUCKET/*","Condition": {"StringLike": {"aws:Referer": ["https://localhost:3000/*","http://localhost:3000/*","https://my-syte.test/*","http://my-syte.test/*"]}}}]}' > /tmp/policy-$S3_BUCKET.json
- |
echo "-- Creating the policy in minio system for $S3_BUCKET Using same minioAlias as in the bitnami script 'provisioning'"
- |
mc anonymous set-json /tmp/policy-$S3_BUCKET.json provisioning/$S3_BUCKET
from charts.
Related Issues (20)
- [bitnami/mongodb-sharded] Deployment very unstable when defining custom root credentials HOT 5
- [bitnami/vault] Allow to disable auth delegator HOT 3
- [bitnami/vault] RBAC Rules for Vault HOT 1
- [bitnami/keycloak] KC_HOSTNAME_ADMIN_URL seems incorrect in proxy=edge HOT 4
- RabbitMQ: version 3.13.3 won't run due to invalid user credentials HOT 1
- [bitnami/apisix] JSONSchema too strict for extraEnvVars HOT 4
- multus broken HOT 7
- [bitnami/harbor] Setting `internalTLS.enabled: true` results in all harbor pods going into a crash loop.
- [bitnami/rabbitmq-cluster-operator] INSTALLATION FAILED: "rabbitmq-cluster-operator-rabbitmq-messaging-topology-operator" already exists HOT 2
- [bitnami/mongodb-sharded] Capacity to create non-root users on chart installation HOT 1
- [bitnami/postgresql] k8s 1.27.0 problem with tolerate-unready-endpoints HOT 1
- [bitnami/argo-workflows] pods forbidden cannot patch resource "pods" HOT 3
- [bitnami/thanos] 15.7.9 chart broken from pdb schema HOT 2
- [bitnami/rabbitmq-cluster-operator] Uninstall incorrect HOT 2
- Missing liblog.sh file in rabbitmq initContainers HOT 1
- [bitnami/apisix] Apisix ETCD going into Crash loop back off HOT 1
- redis replicas template does not have variable substitution for redis-data mountPath HOT 1
- [bitnami/minio] add event provisiong HOT 1
- [bitnami/argo-cd] Argo-CD Cluster Roles to support multiple namespaces, Dynamic Cluster Distribution issue with controller. HOT 1
- charts.bitnami.com provider DNSSEC configuration invalid HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from charts.