MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-01-27 06:33:18 -05:00
Code Issues Packages Projects Releases Wiki Activity

Remove s3:ListObjects policy action to be in sync with AWS-S3 (#5875)

Browse Source
This commit is contained in:
Krishna Srinivas 2018-05-01 23:43:17 -07:00 committed by Nitish Tiwari
parent 7f207156ec
commit 0ad0969d61
2 changed files with 2 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
cmd/auth-handler.go
View File

@ -183,24 +183,6 @@ func checkRequestAuthType(ctx context.Context, r *http.Request, action policy.Ac
return ErrNone return ErrNone
} }
// As policy.ListBucketAction and policy.ListObjectsAction are same but different names,
// policy.ListBucketAction is used across the code but user may used policy.ListObjectsAction
// in bucket policy to denote the same. In below try again with policy.ListObjectsAction.
if action != policy.ListBucketAction {
return ErrAccessDenied
}
if globalPolicySys.IsAllowed(policy.Args{
AccountName: accountName,
Action: policy.ListObjectsAction,
BucketName: bucketName,
ConditionValues: getConditionValues(r, locationConstraint),
IsOwner: isOwner,
ObjectName: objectName,
}) {
return ErrNone
}
return ErrAccessDenied return ErrAccessDenied
} }

15
pkg/policy/action.go
View File

@ -24,7 +24,7 @@ import (
) )
// Action - policy action. // Action - policy action.
// Refer https://docs.aws.amazon.com/IAM/latest/UserGuide/list_s3.html // Refer https://docs.aws.amazon.com/IAM/latest/UserGuide/list_amazons3.html
// for more information about available actions. // for more information about available actions.
type Action string type Action string
@ -75,9 +75,6 @@ const (
// ListMultipartUploadPartsAction - ListParts Rest API action. // ListMultipartUploadPartsAction - ListParts Rest API action.
ListMultipartUploadPartsAction = "s3:ListMultipartUploadParts" ListMultipartUploadPartsAction = "s3:ListMultipartUploadParts"
// ListObjectsAction - ListObjects Rest API action exactly same behavior as ListBucketAction.
ListObjectsAction = "s3:ListObjects"
// PutBucketNotificationAction - PutObjectNotification Rest API action. // PutBucketNotificationAction - PutObjectNotification Rest API action.
PutBucketNotificationAction = "s3:PutBucketNotification" PutBucketNotificationAction = "s3:PutBucketNotification"
@ -113,7 +110,7 @@ func (action Action) IsValid() bool {
fallthrough fallthrough
case ListBucketMultipartUploadsAction, ListenBucketNotificationAction: case ListBucketMultipartUploadsAction, ListenBucketNotificationAction:
fallthrough fallthrough
case ListMultipartUploadPartsAction, ListObjectsAction, PutBucketNotificationAction: case ListMultipartUploadPartsAction, PutBucketNotificationAction:
fallthrough fallthrough
case PutBucketPolicyAction, PutObjectAction: case PutBucketPolicyAction, PutObjectAction:
return true return true
@ -237,14 +234,6 @@ var actionConditionKeyMap = map[Action]condition.KeySet{
condition.AWSSourceIP, condition.AWSSourceIP,
), ),
ListObjectsAction: condition.NewKeySet(
condition.S3Prefix,
condition.S3Delimiter,
condition.S3MaxKeys,
condition.AWSReferer,
condition.AWSSourceIP,
),
PutBucketNotificationAction: condition.NewKeySet( PutBucketNotificationAction: condition.NewKeySet(
condition.AWSReferer, condition.AWSReferer,
condition.AWSSourceIP, condition.AWSSourceIP,