MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 12:52:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

cleanup handling of STS isAllowed and simplifies the PolicyDBGet() (#18554)

Browse Source
This commit is contained in:
Harshavardhana
2023-11-29 16:07:35 -08:00
committed by GitHub
parent b7d11141e1
commit 0ee722f8c3
6 changed files with 32 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
cmd/iam.go
View File

@@ -1720,12 +1720,12 @@ func (sys *IAMSys) PolicyDBUpdateLDAP(ctx context.Context, isAttach bool,
// PolicyDBGet - gets policy set on a user or group. If a list of groups is
// given, policies associated with them are included as well.
func (sys *IAMSys) PolicyDBGet(name string, isGroup bool, groups ...string) ([]string, error) {
func (sys *IAMSys) PolicyDBGet(name string, groups ...string) ([]string, error) {
if !sys.Initialized() {
return nil, errServerNotInitialized
}
return sys.store.PolicyDBGet(name, isGroup, groups...)
return sys.store.PolicyDBGet(name, groups...)
}
const sessionPolicyNameExtracted = policy.SessionPolicyName + "-extracted"
@@ -1774,7 +1774,7 @@ func (sys *IAMSys) IsAllowedServiceAccount(args policy.Args, parentUser string)
default:
// Check policy for parent user of service account.
svcPolicies, err = sys.PolicyDBGet(parentUser, false, args.Groups...)
svcPolicies, err = sys.PolicyDBGet(parentUser, args.Groups...)
if err != nil {
logger.LogIf(GlobalContext, err)
return false
@@ -1882,7 +1882,7 @@ func (sys *IAMSys) IsAllowedSTS(args policy.Args, parentUser string) bool {
default:
// Otherwise, inherit parent user's policy
var err error
policies, err = sys.store.PolicyDBGet(parentUser, false, args.Groups...)
policies, err = sys.store.PolicyDBGet(parentUser, args.Groups...)
if err != nil {
logger.LogIf(GlobalContext, fmt.Errorf("error fetching policies on %s: %v", parentUser, err))
return false
@@ -2019,7 +2019,7 @@ func (sys *IAMSys) IsAllowed(args policy.Args) bool {
}
// Continue with the assumption of a regular user
policies, err := sys.PolicyDBGet(args.AccountName, false, args.Groups...)
policies, err := sys.PolicyDBGet(args.AccountName, args.Groups...)
if err != nil {
return false
}