minio-js: Cannot find valid syntax to set policy on local bucket
Hi,
I try to set a policy on a local bucket (dockerized). My test code :
const Minio = require('minio');
const async = require('async');
const name = 'test2';
const policy = JSON.stringify({
Version: '2018-05-25',
Statement: [
{
Sid: 'Set entirely public',
Effect: 'Allow',
Principal: '*',
Action: 's3:*',
Resource: `arn:aws:s3:::${name}/*`,
},
],
});
const client = new Minio.Client({
endPoint: 'storage.local',
port: 9000,
secure: false,
accessKey: 'IAUA01JNL863NQWTY18D',
secretKey: 'rY7NAcwKIrKJ4jera5udCzO5UBBsmlDjCY6uboTN',
});
async.waterfall(
[
next => client.bucketExists(name, next),
(exists, next) => {
if (exists) return next();
return client.makeBucket(name, next);
},
next => {
console.log('Try to add policy', policy);
client.setBucketPolicy(name, policy, next);
},
],
(err, ...args) => {
if (err) console.error(err);
else console.log(args);
process.exit(0);
}
);
And the response :
Try to add this policy {"Version":"2018-05-25","Statement":[{"Sid":"Set entirely public","Effect":"Allow","Principal":"*","Action":"s3:*","Resource":"arn:aws:s3:::test2/*"}]}
{ S3Error: Policy has invalid resource.
at Object.parseError (/Users/justin/Documents/Lemonde/cms/node_modules/minio/dist/main/xml-parsers.js:56:11)
at /Users/justin/Documents/Lemonde/cms/node_modules/minio/dist/main/transformers.js:117:22
at DestroyableTransform._flush (/Users/justin/Documents/Lemonde/cms/node_modules/minio/dist/main/transformers.js:48:26)
at DestroyableTransform.<anonymous> (/Users/justin/Documents/Lemonde/cms/node_modules/minio/node_modules/readable-stream/lib/_stream_transform.js:135:12)
at Object.onceWrapper (events.js:313:30)
at emitNone (events.js:111:20)
at DestroyableTransform.emit (events.js:208:7)
at finishMaybe (/Users/justin/Documents/Lemonde/cms/node_modules/minio/node_modules/readable-stream/lib/_stream_writable.js:371:12)
at endWritable (/Users/justin/Documents/Lemonde/cms/node_modules/minio/node_modules/readable-stream/lib/_stream_writable.js:378:3)
at DestroyableTransform.Writable.end (/Users/justin/Documents/Lemonde/cms/node_modules/minio/node_modules/readable-stream/lib/_stream_writable.js:356:5)
code: 'MalformedPolicy',
key: '',
bucketname: '',
resource: '/test2',
requestid: '3L137',
hostid: '3L137',
amzRequestid: null,
amzId2: null,
amzBucketRegion: null }
I try a lot of things, with different bucket name or specific action, it always failed. Pliz help !
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 36 (21 by maintainers)
You’ve removed
"s3:ListBucket"which will list objects, from the policy. Why did you need to remove it?This is how your policy is supposed to look like:
or if you’d like you can use the following more comprehensive policy:
Because you’ve added another action,
's3:GetBucketLocation', you need to add bucket name,arn:aws:s3:::${name}, into your resource definition.