Python MinioAdmin.add_policy示例

示例#1

文件： test_groups.py 项目： samuelkimuli/stager

def minio_admin():
    madmin = MinioAdmin(
        endpoint=TestConfig.MINIO_ENDPOINT,
        access_key=TestConfig.MINIO_ACCESS_KEY,
        secret_key=TestConfig.MINIO_SECRET_KEY,
    )
    # To match test_database on the minio side
    madmin.add_user("user", "useruser")
    madmin.add_user("admin", "adminadmin")
    madmin.group_add("ach", "user")
    madmin.add_policy("ach", stager_buckets_policy("ach"))
    madmin.set_policy("ach", group="ach")
    yield madmin
    # Teardown
    try:
        madmin.remove_user("user")
    except:
        pass
    try:
        madmin.remove_user("admin")
    except:
        pass
    try:
        madmin.group_remove("ach")
    except:
        pass
    try:
        madmin.remove_policy("ach")
    except:
        pass

示例#2

def minio_policy():
    # Under normal operations this would already be created by precondition
    madmin = MinioAdmin(
        endpoint=TestConfig.MINIO_ENDPOINT,
        access_key=TestConfig.MINIO_ACCESS_KEY,
        secret_key=TestConfig.MINIO_SECRET_KEY,
    )
    madmin.add_policy("ach", stager_buckets_policy("ach"))
    yield madmin
    try:
        madmin.remove_policy("ach")
    except:
        pass
    for user in madmin.list_users():
        try:
            madmin.remove_user(user["accessKey"])
        except:
            pass

示例#3

文件： test_madmin.py 项目： samuelkimuli/stager

def test_apply_policy(mc: MinioAdmin):
    readonly = readonly_buckets_policy("abc")
    readwrite_buckets = readwrite_buckets_policy("def", "ghi")
    readwrite = """
        {
            "Version": "2012-10-17",
            "Statement": [{
                "Effect": "Allow",
                "Action": ["s3:*"],
                "Resource": ["arn:aws:s3:::*"]
            }]
        }"""

    with pytest.raises(ValueError):
        mc.set_policy("missing_argument")
    with pytest.raises(ValueError):
        mc.set_policy("too", "many", "arguments")

    mc.add_policy("reader", readonly)
    assert len(mc.list_policies()) == 5
    mc.add_policy("fullaccess", readwrite)
    assert len(mc.list_policies()) == 6
    mc.add_policy("rw", readwrite_buckets)
    assert len(mc.list_policies()) == 7

    mc.add_user("foo", "barbarbar")
    mc.group_add("yeet", "foo")
    mc.set_policy("reader", user="******")
    assert mc.get_user("foo")["policyName"] == "reader"

    mc.set_policy("fullaccess", group="yeet")
    assert mc.get_group("yeet")["groupPolicy"] == "fullaccess"

    mc.remove_policy("fullaccess")
    assert "groupPolicy" not in mc.get_group("yeet")

    mc.remove_policy("reader")
    assert "policyName" not in mc.get_user("foo")

    mc.remove_policy("rw")
    mc.remove_user("foo")
    mc.group_remove("yeet")
    assert len(mc.list_policies()) == 4