yinq
/
hwbm-cloud
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update 优化 生成 AWS S3 存储桶访问策略

Browse Source
dev
疯狂的狮子Li 2 years ago
parent e0cf338e48
commit d3878d03db
1 changed files with 63 additions and 25 deletions
Show Stats Download Patch File Download Diff File

86
ruoyi-common/ruoyi-common-oss/src/main/java/org/dromara/common/oss/core/OssClient.java
Unescape Escape View File

@ -501,31 +501,69 @@ public class OssClient {
* @return AWS S3 访 * @return AWS S3 访
*/ */
private static String getPolicy(String bucketName, PolicyType policyType) { private static String getPolicy(String bucketName, PolicyType policyType) {
StringBuilder builder = new StringBuilder(); String policy = switch (policyType) {
builder.append("{\n\"Statement\": [\n{\n\"Action\": [\n"); case WRITE -> """
builder.append(switch (policyType) { {
case WRITE -> "\"s3:GetBucketLocation\",\n\"s3:ListBucketMultipartUploads\"\n"; "Version": "2012-10-17",
case READ_WRITE -> "\"s3:GetBucketLocation\",\n\"s3:ListBucket\",\n\"s3:ListBucketMultipartUploads\"\n"; "Statement": []
default -> "\"s3:GetBucketLocation\"\n";
});
builder.append("],\n\"Effect\": \"Allow\",\n\"Principal\": \"*\",\n\"Resource\": \"arn:aws:s3:::");
builder.append(bucketName);
builder.append("\"\n},\n");
if (policyType == PolicyType.READ) {
builder.append("{\n\"Action\": [\n\"s3:ListBucket\"\n],\n\"Effect\": \"Deny\",\n\"Principal\": \"*\",\n\"Resource\": \"arn:aws:s3:::");
builder.append(bucketName);
builder.append("\"\n},\n");
} }
builder.append("{\n\"Action\": "); """;
builder.append(switch (policyType) { case READ_WRITE -> """
case WRITE -> "[\n\"s3:AbortMultipartUpload\",\n\"s3:DeleteObject\",\n\"s3:ListMultipartUploadParts\",\n\"s3:PutObject\"\n],\n"; {
case READ_WRITE -> "[\n\"s3:AbortMultipartUpload\",\n\"s3:DeleteObject\",\n\"s3:GetObject\",\n\"s3:ListMultipartUploadParts\",\n\"s3:PutObject\"\n],\n"; "Version": "2012-10-17",
default -> "\"s3:GetObject\",\n"; "Statement": [
}); {
builder.append("\"Effect\": \"Allow\",\n\"Principal\": \"*\",\n\"Resource\": \"arn:aws:s3:::"); "Effect": "Allow",
builder.append(bucketName); "Principal": "*",
builder.append("/*\"\n}\n],\n\"Version\": \"2012-10-17\"\n}\n"); "Action": [
return builder.toString(); "s3:GetBucketLocation",
"s3:ListBucket",
"s3:ListBucketMultipartUploads"
],
"Resource": "arn:aws:s3:::bucketName"
},
{
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:ListMultipartUploadParts",
"s3:PutObject"
],
"Resource": "arn:aws:s3:::bucketName/*"
}
]
}
""";
case READ -> """
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": ["s3:GetBucketLocation"],
"Resource": "arn:aws:s3:::bucketName"
},
{
"Effect": "Deny",
"Principal": "*",
"Action": ["s3:ListBucket"],
"Resource": "arn:aws:s3:::bucketName"
},
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::bucketName/*"
}
]
}
""";
};
return policy.replaceAll("bucketName", bucketName);
} }
} }

Write Preview
Loading…
Cancel
Save