MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-12-08 16:53:11 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: pass proper username (simple) string as expected (#16555)

Browse Source
This commit is contained in:
Harshavardhana
2023-02-07 03:43:08 -08:00
committed by GitHub
parent 11c7ecb5cf
commit 0319ae756a
4 changed files with 111 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
cmd/iam.go
View File

@@ -1693,9 +1693,6 @@ func (sys *IAMSys) IsAllowedServiceAccount(args iampolicy.Args, parentUser strin
parentArgs := args
parentArgs.AccountName = parentUser
// These are dynamic values set them appropriately.
parentArgs.ConditionValues["username"] = []string{parentUser}
parentArgs.ConditionValues["userid"] = []string{parentUser}
saPolicyClaim, ok := args.Claims[iamPolicyClaimNameSA()]
if !ok {
@@ -1822,10 +1819,6 @@ func (sys *IAMSys) IsAllowedSTS(args iampolicy.Args, parentUser string) bool {
// 3. If an inline session-policy is present, evaluate it.
// These are dynamic values set them appropriately.
args.ConditionValues["username"] = []string{parentUser}
args.ConditionValues["userid"] = []string{parentUser}
// Now check if we have a sessionPolicy.
hasSessionPolicy, isAllowedSP := isAllowedBySessionPolicy(args)
if hasSessionPolicy {