Merge pull request #61 from makeplane/minio-policy-limitation

Troubleshoot: Bucket policy exceeds size limit

Author: danciaclara

mint.json

@@ -116,7 +116,8 @@
       "pages": [
         "self-hosting/troubleshoot/installation-errors",
         "self-hosting/troubleshoot/license-errors",
-        "self-hosting/troubleshoot/cli-errors"
+        "self-hosting/troubleshoot/cli-errors",
+        "self-hosting/troubleshoot/storage-errors"
       ]
     },
     {

self-hosting/govern/private-bucket.mdx

@@ -117,4 +117,8 @@ To migrate from public to private bucket storage, follow the instructions below:
     docker cp <api_container>:/code/permissions.json .
     ```
 
-    </Tip>
+    </Tip>
+
+## Troubleshoot
+
+- [Bucket policy exceeds size limit](/self-hosting/troubleshoot/storage-errors#minio-buckey-policy-limitation)

self-hosting/manage/prime-cli.mdx

@@ -153,4 +153,8 @@ Select a Action you want to perform:
 - **Exit**  
   Closes the setup script and returns you to the command line.
 
-</Accordion>
+</Accordion>
+
+## Troubleshoot
+
+- [Failed to update Prime CLI](/self-hosting/troubleshoot/cli-errors#failed-to-update-prime-cli)

self-hosting/methods/docker-compose.mdx

@@ -132,4 +132,8 @@ If you want to upgrade to a paid plan, see [Plan upgrades](https://docs.plane.so
 
          If all goes well, you will see something like this:
          ![Restart Services](/images/docker-compose/restart-docker.png)
-</Accordion>
+</Accordion>
+
+## Troubleshoot
+- [Error during Docker Compose execution](/self-hosting/troubleshoot/installation-errors#error-during-docker-compose-execution)
+- [Migrator container exited](/self-hosting/troubleshoot/installation-errors#migrator-container-exited)

self-hosting/troubleshoot/storage-errors.mdx

@@ -0,0 +1,92 @@
+---
+title: Storage errors
+---
+
+This guide is designed to help you resolve common issues encountered while configuring storage in Plane. Each section includes potential causes and step-by-step solutions for identified problems.
+
+## Bucket policy exceeds size limit
+
+<div style={{color:"red"}}> 
+    Error: An error occurred (PolicyTooLarge) when calling the PutBucketPolicy operation: Policy exceeds the maximum allowed document size.
+</div>
+
+This error occurs when the bucket policy exceeds the 20KB size limit allowed by MinIO. It typically happens when trying to add complex policies or when unnecessary data bloats the policy size.
+
+To resolve this issue, you can define a streamlined bucket policy file and apply it correctly within the MinIO container. Follow these steps:
+
+1. **Create a bucket policy JSON file**  
+    - On your local machine, create a file named `bucket-policy.json` with the following content:
+        ```json
+        {
+            "Version": "2012-10-17",
+            "Statement": [
+                {
+                    "Effect": "Allow",
+                    "Principal": {
+                        "AWS": ["*"]
+                    },
+                    "Action": ["s3:GetObject"],
+                    "Resource": ["arn:aws:s3:::uploads/*"],
+                    "Condition": {
+                        "StringEquals": {
+                            "s3:ExistingObjectTag/publicAccess": ["true"]
+                        }
+                    }
+                }
+            ]
+        }
+        ```
+
+    - Save this file in an accessible location.
+
+2. **Set up and apply the policy**  
+<Warning>
+    **IMPORTANT**  
+    Make sure to execute all the `mc` commands **within the MinIO container** (either by attaching to it or using `docker exec`).
+</Warning>
+
+    - Configure MinIO alias:
+        ```bash
+        mc alias set myminio http://plane-plane-minio:9000 <minio-username> <minio-password>
+        ```
+    
+        Replace `plane-plane-minio:9000` with your MinIO server address.
+
+    - Tag existing objects:
+        ```bash
+        mc find myminio/uploads --exec "mc tag set {} publicAccess=true"
+        ```
+    
+    - Copy the policy file to the MinIO container:
+        ```bash
+        docker cp bucket-policy.json <minio-container-id>:/tmp
+        ```
+
+        Replace `<minio-container-id>` with the actual ID of your MinIO container. You can find the container ID by running `docker ps`.
+
+    - Apply the policy to the bucket:
+        ```bash
+        mc anonymous set-json /tmp/bucket-policy.json myminio/uploads
+        ```
+
+3. **Verification**  
+
+    - Verify that objects are correctly tagged:
+        ```bash
+        mc tag list myminio/uploads/<object-name>
+        ```
+
+    - Test public access using:
+        ```bash
+        curl http://<minio-server>:9000/uploads/<object-name>
+        ```
+
+### Notes
+- Verify that the `access-key` and `secret-key` used for setting up the alias have adequate permissions to manage the bucket.
+- If your MinIO server is hosted on a different machine or address, replace `plane-plane-minio:9000`     with the appropriate server URL.
+- After applying the policy, test the setup to confirm it is working as expected.
+
+
+
+
+