How to test PostPolicy - cniackz/public GitHub Wiki
Explain how you can test PostPolicy with MinIO SDK and also explain what PostPolicy is.
PostPolicy is a feature from Amazon, documented in https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html the idea is to upload a file via HTML Form so that you can create a Web Page and upload file to s3.
- https://github.com/minio/minio-py/pull/1272
- https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html
- https://min.io/docs/minio/linux/developers/java/minio-java.html
- Get the
JARfile from: https://min.io/docs/minio/linux/developers/java/minio-java.html#jar-download - Get file from: https://github.com/minio/minio-java/blob/master/examples/GetPresignedPostFormData.java
- Then Compile file as in: https://min.io/docs/minio/linux/developers/java/minio-java.html#compile-fileuploader
javac -cp minio-8.5.2-all.jar GetPresignedPostFormData.java- Execute it:
java -cp minio-8.5.2-all.jar:. GetPresignedPostFormData- Get file: https://github.com/minio/minio-py/blob/master/examples/presigned_post_policy.py
- With pip install MinIO module
- Run it:
$ python3 presigned_post_policy.py
curl -X POST https://play.min.io/my-bucket -F x-amz-algorithm=AWS4-HMAC-SHA256 -F x-amz-credential=Q3AM3UQ867SPQQA43P2F/20230330/us-east-1/s3/aws4_request -F x-amz-date=20230330T161038Z -F policy=eyJleHBpcmF0aW9uIjogIjIwMjMtMDQtMDlUMTY6MTA6MzguMjE1WiIsICJjb25kaXRpb25zIjogW1siZXEiLCAiJGJ1Y2tldCIsICJteS1idWNrZXQiXSwgWyJzdGFydHMtd2l0aCIsICIka2V5IiwgIm15L29iamVjdC9wcmVmaXgvIl0sIFsiY29udGVudC1sZW5ndGgtcmFuZ2UiLCAxMDQ4NTc2LCAxMDQ4NTc2MF0sIFsiZXEiLCAiJHgtYW16LWFsZ29yaXRobSIsICJBV1M0LUhNQUMtU0hBMjU2Il0sIFsiZXEiLCAiJHgtYW16LWNyZWRlbnRpYWwiLCAiUTNBTTNVUTg2N1NQUVFBNDNQMkYvMjAyMzAzMzAvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJdLCBbImVxIiwgIiR4LWFtei1kYXRlIiwgIjIwMjMwMzMwVDE2MTAzOFoiXV19 -F x-amz-signature=2e0e4930f065a22f50dbfdba95bc76ab5f65ee60ff69faf0940f0827a20a4ef6 -F file=@<FILE> -F key=<OBJECT-NAME>- Create a file of 1 MB and replace it under
<FILE>and for the<OBJECT-NAME>replace it withmy/object/prefixand add verbose output-v:
dd if=/dev/zero of=output.txt bs=1M count=1curl -X POST https://play.min.io/my-bucket -F x-amz-algorithm=AWS4-HMAC-SHA256 -F x-amz-credential=Q3AM3UQ867SPQQA43P2F/20230330/us-east-1/s3/aws4_request -F x-amz-date=20230330T161038Z -F policy=eyJleHBpcmF0aW9uIjogIjIwMjMtMDQtMDlUMTY6MTA6MzguMjE1WiIsICJjb25kaXRpb25zIjogW1siZXEiLCAiJGJ1Y2tldCIsICJteS1idWNrZXQiXSwgWyJzdGFydHMtd2l0aCIsICIka2V5IiwgIm15L29iamVjdC9wcmVmaXgvIl0sIFsiY29udGVudC1sZW5ndGgtcmFuZ2UiLCAxMDQ4NTc2LCAxMDQ4NTc2MF0sIFsiZXEiLCAiJHgtYW16LWFsZ29yaXRobSIsICJBV1M0LUhNQUMtU0hBMjU2Il0sIFsiZXEiLCAiJHgtYW16LWNyZWRlbnRpYWwiLCAiUTNBTTNVUTg2N1NQUVFBNDNQMkYvMjAyMzAzMzAvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJdLCBbImVxIiwgIiR4LWFtei1kYXRlIiwgIjIwMjMwMzMwVDE2MTAzOFoiXV19 -F x-amz-signature=2e0e4930f065a22f50dbfdba95bc76ab5f65ee60ff69faf0940f0827a20a4ef6 -F [email protected] -F key=my/object/prefix/ -vYou should get
204
$ curl -X POST https://play.min.io/my-bucket -F x-amz-algorithm=AWS4-HMAC-SHA256 -F x-amz-cred/20230330/us-east-1/s3/aws4_request -F x-amz-date=20230330T161038Z -F policy=eyJleHBpcmF0aW9uIjogIjIwMjMtMDQtMDlUMTY6MTA6MzguMjE1WiIsICJjb25kaXRpb25zIjogW1siZXEiLCAiJGJ1Y2tldCIsICJteS1idWNrZXQiXSwgWyJzdGFydHMtd2l0aCIsICIka2V5IiwgIm15L29iamVjdC9wcmVmaXgvIl0sIFsiY29udGVudC1sZW5ndGgtcmFuZ2UiLCAxMDQ4NTc2LCAxMDQ4NTc2MF0sIFsiZXEiLCAiJHgtYW16LWFsZ29yaXRobSIsICJBV1M0LUhNQUMtU0hBMjU2Il0sIFsiZXEiLCAiJHgtYW16LWNyZWRlbnRpYWwiLCAiUTNBTTNVUTg2N1NQUVFBNDNQMkYvMjAyMzAzMzAvdXMtZWFzdC0xL3MzL2F3czRfcmVxdWVzdCJdLCBbImVxIiwgIiR4LWFtei1kYXRlIiwgIjIwMjMwMzMwVDE2MTAzOFoiXV19 -F x-amz-signature=2e0e4930f065a22f50dbfdba95bc76ab5f65ee60ff69faf0940f0827a20a4ef6 -F [email protected] -F key=my/object/prefix/ -v
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 65.49.37.6:443...
* Connected to play.min.io (65.49.37.6) port 443 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=play.min.io
* start date: Mar 20 23:03:54 2023 GMT
* expire date: Jun 18 23:03:53 2023 GMT
* subjectAltName: host "play.min.io" matched cert's "play.min.io"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
> POST /my-bucket HTTP/1.1
> Host: play.min.io
> User-Agent: curl/7.86.0
> Accept: */*
> Content-Length: 1050011
> Content-Type: multipart/form-data; boundary=------------------------cb8587e85b322d6b
> Expect: 100-continue
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 100 Continue
* We are completely uploaded and fine
* Mark bundle as not supporting multiuse
< HTTP/1.1 204 No Content
< Server: nginx/1.18.0 (Ubuntu)
< Date: Thu, 30 Mar 2023 16:14:16 GMT
< Connection: keep-alive
< Accept-Ranges: bytes
< Content-Security-Policy: block-all-mixed-content
< ETag: "b6d81b360a5672d80c27430f39153e2c"
< Location: https://play.min.io/my-bucket/my/object/prefix
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Vary: Origin
< Vary: Accept-Encoding
< X-Amz-Bucket-Region: us-east-1
< X-Amz-Id-2: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
< X-Amz-Request-Id: 17513E804CE04D52
< X-Content-Type-Options: nosniff
< X-Xss-Protection: 1; mode=block
<
* Connection #0 to host play.min.io left intactAnd object should be located at play:
$ mc cat play/my-bucket/my/object/prefix/ > output-2.txt
$ diff output.txt output-2.txt - Notice object is saved in
play/my-bucket/my/object/prefix/but you can put some name to the object but you will need to change the key in the policy and in the filled form added in curl, so two spots to add object name next to the prefix.