admin管理员组文章数量:1311743
I am using Python MinIO SDK, but there are admin operations that it cannot do, and then we use the mc binary instead.
But the binary has all these files on disk that we can't have in our ENV so we need to kick it out.
I'm trying to simulate what the binary does, and while reviewing the --debug option I noticed that it access the following:
<DEBUG> PUT /minio/admin/v3/add-service-account HTTP/1.1
Host: myminio.server:9000
User-Agent: MinIO (linux; amd64) madmin-go/3.0.70 mc/RELEASE.2025-01-17T23-25-50Z
Content-Length: 254
Accept-Encoding: zstd,gzip
Authorization: AWS4-HMAC-SHA256 Credential=myuser/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED**
X-Amz-Content-Sha256: 2......
X-Amz-Date: 2...
(edited based on comment) Then, I tried taking the parameters to some requests.put example, but I'm unable to make it work
import requests
from requests_aws4auth import AWS4Auth
auth = AWS4Auth(ak, sk, '', 's3')
headers = {
"MINIO_ACCESS_KEY": "a...",
"MINIO_SECRET_KEY": "m...",
"MINIO_PATH": "auto",
"MINIO_API": "s3v4"
}
res = requests.get(":9000/minio/admin/v3/list-access-keys-bulk?all=true&listType=all",
auth=auth,
verify=False)
The headers look great, yet i'm unable to match the signature
{
"Code": "SignatureDoesNotMatch",
"Message": "The request signature we calculated does not match the signature you provided. Check your key and signing method.",
"Resource": "/minio/admin/v3/list-access-keys-bulk",
"RequestId": "1...",
"HostId": "d..."
}
# request headers looks the same as the `mc` binary
'x-amz-date': '20250203T094648Z',
'x-amz-content-sha256': 'e3b0...',
'Authorization': 'AWS4-HMAC-SHA256 Credential=myuser/20250203//s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED**'
Error I get makes me believe it's not that simple to implement. Anyone knows how to make it work?
I am using Python MinIO SDK, but there are admin operations that it cannot do, and then we use the mc binary instead.
But the binary has all these files on disk that we can't have in our ENV so we need to kick it out.
I'm trying to simulate what the binary does, and while reviewing the --debug option I noticed that it access the following:
<DEBUG> PUT /minio/admin/v3/add-service-account HTTP/1.1
Host: myminio.server:9000
User-Agent: MinIO (linux; amd64) madmin-go/3.0.70 mc/RELEASE.2025-01-17T23-25-50Z
Content-Length: 254
Accept-Encoding: zstd,gzip
Authorization: AWS4-HMAC-SHA256 Credential=myuser/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED**
X-Amz-Content-Sha256: 2......
X-Amz-Date: 2...
(edited based on comment) Then, I tried taking the parameters to some requests.put example, but I'm unable to make it work
import requests
from requests_aws4auth import AWS4Auth
auth = AWS4Auth(ak, sk, '', 's3')
headers = {
"MINIO_ACCESS_KEY": "a...",
"MINIO_SECRET_KEY": "m...",
"MINIO_PATH": "auto",
"MINIO_API": "s3v4"
}
res = requests.get("https://myminio.server:9000/minio/admin/v3/list-access-keys-bulk?all=true&listType=all",
auth=auth,
verify=False)
The headers look great, yet i'm unable to match the signature
{
"Code": "SignatureDoesNotMatch",
"Message": "The request signature we calculated does not match the signature you provided. Check your key and signing method.",
"Resource": "/minio/admin/v3/list-access-keys-bulk",
"RequestId": "1...",
"HostId": "d..."
}
# request headers looks the same as the `mc` binary
'x-amz-date': '20250203T094648Z',
'x-amz-content-sha256': 'e3b0...',
'Authorization': 'AWS4-HMAC-SHA256 Credential=myuser/20250203//s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED**'
Error I get makes me believe it's not that simple to implement. Anyone knows how to make it work?
Share Improve this question edited Feb 3 at 20:15 globglogabgalab 4493 silver badges14 bronze badges asked Feb 2 at 16:50 Ricky LeviRicky Levi 8,0072 gold badges64 silver badges70 bronze badges 6 | Show 1 more comment1 Answer
Reset to default 0Found an undocumented script that does what I need, called minioadmin
import urllib3
from minio import minioadmin
from minio import Minio
access_key = 'myAdminUser'
secret_key = 'myAdminPassword'
endpoint = 'myminio.server:9000'
CA = '/path/to/my/ca.pem'
http_client = urllib3.PoolManager(cert_reqs='CERT_REQUIRED', ca_certs=CA)
client = Minio(endpoint, access_key, secret_key, secure=True, http_client=http_client)
# Special object Credentials that is generated inside
credentials = client._provider
madmin = minioadmin.MinioAdmin(endpoint, credentials=credentials, secure=True, cert_check=True, http_client=http_client)
res = madmin.add_service_account('new_user', 'newhashpass', name='new_user_token', expiration='2025-02-03T17:04:05Z', description='My New User')
# ^^^
# This is: /bin/mc admin accesskey create ....
token = json.loads(res['credentials'])
# token['accessKey'], token['secretKey']
本文标签: Generate a token using Python requests vs mc binaryStack Overflow
版权声明:本文标题:Generate a token using Python requests vs mc binary? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741840848a2400487.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
{"Code":"SignatureDoesNotMatch","Message":"The request signature we calculated does not match the signature you provided. Check your key and signing method.}i'll update my example above – Ricky Levi Commented Feb 3 at 9:44auth = AWS4Auth(ak, sk, '', 's3')– Rakesh B Sirvi Commented Feb 3 at 13:14miniowhich isn't documented, called: github/minio/minio-py/blob/master/minio/minioadmin.py, and I was able to create users as admin ! i'll update my answer – Ricky Levi Commented Feb 3 at 19:47