You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
minio/pkg/madmin/examples/add-user-and-policy.go

70 lines
2.0 KiB

// +build ignore
/*
* MinIO Cloud Storage, (C) 2017 MinIO, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package main
import (
"context"
"log"
"github.com/minio/minio/pkg/bucket/policy"
"github.com/minio/minio/pkg/bucket/policy/condition"
iampolicy "github.com/minio/minio/pkg/iam/policy"
"github.com/minio/minio/pkg/madmin"
)
func main() {
// Note: YOUR-ACCESSKEYID, YOUR-SECRETACCESSKEY are
// dummy values, please replace them with original values.
// Note: YOUR-ACCESSKEYID, YOUR-SECRETACCESSKEY are
// dummy values, please replace them with original values.
// API requests are secure (HTTPS) if secure=true and insecure (HTTP) otherwise.
// New returns an MinIO Admin client object.
madmClnt, err := madmin.New("your-minio.example.com:9000", "YOUR-ACCESSKEYID", "YOUR-SECRETACCESSKEY", true)
if err != nil {
log.Fatalln(err)
}
if err = madmClnt.AddUser(context.Background(), "newuser", "newstrongpassword"); err != nil {
log.Fatalln(err)
}
// Create policy
p := iampolicy.Policy{
Version: iampolicy.DefaultVersion,
Statements: []iampolicy.Statement{
iampolicy.NewStatement(
policy.Allow,
iampolicy.NewActionSet(iampolicy.GetObjectAction),
iampolicy.NewResourceSet(iampolicy.NewResource("testbucket/*", "")),
condition.NewFunctions(),
)},
}
if err = madmClnt.AddCannedPolicy(context.Background(), "get-only", &p); err != nil {
log.Fatalln(err)
}
if err = madmClnt.SetUserPolicy(context.Background(), "newuser", "get-only"); err != nil {
log.Fatalln(err)
}
}