From 16bc11e72ea4f95a64e76ae5e27f3e4042adbb85 Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Mon, 2 May 2022 09:27:35 -0700 Subject: [PATCH] fix: disallow newer policies, users & groups with space characters (#14845) space characters at the beginning or at the end can lead to confusion under various UI elements in differentiating the actual name of "policy, user or group" - to avoid this behavior this PR onwards we shall reject such inputs for newer entries. existing saved entries will behave as is and are going to be operable until they are removed/renamed to something more meaningful. --- cmd/admin-handlers-users.go | 27 +++++++++++++++++++++++++++ cmd/api-errors.go | 6 ++++++ cmd/apierrorcode_string.go | 13 +++++++------ cmd/iam-store.go | 3 +-- cmd/utils.go | 8 ++++++++ 5 files changed, 49 insertions(+), 8 deletions(-) diff --git a/cmd/admin-handlers-users.go b/cmd/admin-handlers-users.go index c21203ab3..5a0d7da11 100644 --- a/cmd/admin-handlers-users.go +++ b/cmd/admin-handlers-users.go @@ -241,6 +241,15 @@ func (a adminAPIHandlers) UpdateGroupMembers(w http.ResponseWriter, r *http.Requ if updReq.IsRemove { err = globalIAMSys.RemoveUsersFromGroup(ctx, updReq.Group, updReq.Members) } else { + // Check if group already exists + if _, gerr := globalIAMSys.GetGroupDescription(updReq.Group); gerr != nil { + // If group does not exist, then check if the group has beginning and end space characters + // we will reject such group names. + if errors.Is(gerr, errNoSuchGroup) && hasSpaceBE(updReq.Group) { + writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminResourceInvalidArgument), r.URL) + return + } + } err = globalIAMSys.AddUsersToGroup(ctx, updReq.Group, updReq.Members) } if err != nil { @@ -442,6 +451,12 @@ func (a adminAPIHandlers) AddUser(w http.ResponseWriter, r *http.Request) { return } + // Check if accessKey has beginning and end space characters, this only applies to new users. + if !exists && hasSpaceBE(accessKey) { + writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminResourceInvalidArgument), r.URL) + return + } + checkDenyOnly := false if accessKey == cred.AccessKey { // Check that there is no explicit deny - otherwise it's allowed @@ -533,6 +548,12 @@ func (a adminAPIHandlers) AddServiceAccount(w http.ResponseWriter, r *http.Reque return } + // service account access key cannot have space characters beginning and end of the string. + if hasSpaceBE(createReq.AccessKey) { + writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminResourceInvalidArgument), r.URL) + return + } + var ( targetUser string targetGroups []string @@ -1384,6 +1405,12 @@ func (a adminAPIHandlers) AddCannedPolicy(w http.ResponseWriter, r *http.Request vars := mux.Vars(r) policyName := vars["name"] + // Policy has space characters in begin and end reject such inputs. + if hasSpaceBE(policyName) { + writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminResourceInvalidArgument), r.URL) + return + } + // Error out if Content-Length is missing. if r.ContentLength <= 0 { writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrMissingContentLength), r.URL) diff --git a/cmd/api-errors.go b/cmd/api-errors.go index ed702c8c9..48336e89d 100644 --- a/cmd/api-errors.go +++ b/cmd/api-errors.go @@ -383,6 +383,7 @@ const ( ErrAdminProfilerNotEnabled ErrInvalidDecompressedSize ErrAddUserInvalidArgument + ErrAdminResourceInvalidArgument ErrAdminAccountNotEligible ErrAccountNotEligible ErrAdminServiceAccountNotFound @@ -1825,6 +1826,11 @@ var errorCodes = errorCodeMap{ Description: "User is not allowed to be same as admin access key", HTTPStatusCode: http.StatusForbidden, }, + ErrAdminResourceInvalidArgument: { + Code: "XMinioInvalidResource", + Description: "Policy, user or group names are not allowed to begin or end with space characters", + HTTPStatusCode: http.StatusBadRequest, + }, ErrAdminAccountNotEligible: { Code: "XMinioInvalidIAMCredentials", Description: "The administrator key is not eligible for this operation", diff --git a/cmd/apierrorcode_string.go b/cmd/apierrorcode_string.go index c1ce07510..d772faf4b 100644 --- a/cmd/apierrorcode_string.go +++ b/cmd/apierrorcode_string.go @@ -291,15 +291,16 @@ func _() { _ = x[ErrAdminProfilerNotEnabled-280] _ = x[ErrInvalidDecompressedSize-281] _ = x[ErrAddUserInvalidArgument-282] - _ = x[ErrAdminAccountNotEligible-283] - _ = x[ErrAccountNotEligible-284] - _ = x[ErrAdminServiceAccountNotFound-285] - _ = x[ErrPostPolicyConditionInvalidFormat-286] + _ = x[ErrAdminResourceInvalidArgument-283] + _ = x[ErrAdminAccountNotEligible-284] + _ = x[ErrAccountNotEligible-285] + _ = x[ErrAdminServiceAccountNotFound-286] + _ = x[ErrPostPolicyConditionInvalidFormat-287] } -const _APIErrorCode_name = "NoneAccessDeniedBadDigestEntityTooSmallEntityTooLargePolicyTooLargeIncompleteBodyInternalErrorInvalidAccessKeyIDAccessKeyDisabledInvalidBucketNameInvalidDigestInvalidRangeInvalidRangePartNumberInvalidCopyPartRangeInvalidCopyPartRangeSourceInvalidMaxKeysInvalidEncodingMethodInvalidMaxUploadsInvalidMaxPartsInvalidPartNumberMarkerInvalidPartNumberInvalidRequestBodyInvalidCopySourceInvalidMetadataDirectiveInvalidCopyDestInvalidPolicyDocumentInvalidObjectStateMalformedXMLMissingContentLengthMissingContentMD5MissingRequestBodyErrorMissingSecurityHeaderNoSuchBucketNoSuchBucketPolicyNoSuchBucketLifecycleNoSuchLifecycleConfigurationInvalidLifecycleWithObjectLockNoSuchBucketSSEConfigNoSuchCORSConfigurationNoSuchWebsiteConfigurationReplicationConfigurationNotFoundErrorRemoteDestinationNotFoundErrorReplicationDestinationMissingLockRemoteTargetNotFoundErrorReplicationRemoteConnectionErrorReplicationBandwidthLimitErrorBucketRemoteIdenticalToSourceBucketRemoteAlreadyExistsBucketRemoteLabelInUseBucketRemoteArnTypeInvalidBucketRemoteArnInvalidBucketRemoteRemoveDisallowedRemoteTargetNotVersionedErrorReplicationSourceNotVersionedErrorReplicationNeedsVersioningErrorReplicationBucketNeedsVersioningErrorReplicationDenyEditErrorReplicationNoMatchingRuleErrorObjectRestoreAlreadyInProgressNoSuchKeyNoSuchUploadInvalidVersionIDNoSuchVersionNotImplementedPreconditionFailedRequestTimeTooSkewedSignatureDoesNotMatchMethodNotAllowedInvalidPartInvalidPartOrderAuthorizationHeaderMalformedMalformedPOSTRequestPOSTFileRequiredSignatureVersionNotSupportedBucketNotEmptyAllAccessDisabledMalformedPolicyMissingFieldsMissingCredTagCredMalformedInvalidRegionInvalidServiceS3InvalidServiceSTSInvalidRequestVersionMissingSignTagMissingSignHeadersTagMalformedDateMalformedPresignedDateMalformedCredentialDateMalformedCredentialRegionMalformedExpiresNegativeExpiresAuthHeaderEmptyExpiredPresignRequestRequestNotReadyYetUnsignedHeadersMissingDateHeaderInvalidQuerySignatureAlgoInvalidQueryParamsBucketAlreadyOwnedByYouInvalidDurationBucketAlreadyExistsMetadataTooLargeUnsupportedMetadataMaximumExpiresSlowDownInvalidPrefixMarkerBadRequestKeyTooLongErrorInvalidBucketObjectLockConfigurationObjectLockConfigurationNotFoundObjectLockConfigurationNotAllowedNoSuchObjectLockConfigurationObjectLockedInvalidRetentionDatePastObjectLockRetainDateUnknownWORMModeDirectiveBucketTaggingNotFoundObjectLockInvalidHeadersInvalidTagDirectiveInvalidEncryptionMethodInsecureSSECustomerRequestSSEMultipartEncryptedSSEEncryptedObjectInvalidEncryptionParametersInvalidSSECustomerAlgorithmInvalidSSECustomerKeyMissingSSECustomerKeyMissingSSECustomerKeyMD5SSECustomerKeyMD5MismatchInvalidSSECustomerParametersIncompatibleEncryptionMethodKMSNotConfiguredKMSKeyNotFoundExceptionNoAccessKeyInvalidTokenEventNotificationARNNotificationRegionNotificationOverlappingFilterNotificationFilterNameInvalidFilterNamePrefixFilterNameSuffixFilterValueInvalidOverlappingConfigsUnsupportedNotificationContentSHA256MismatchReadQuorumWriteQuorumStorageFullRequestBodyParseObjectExistsAsDirectoryInvalidObjectNameInvalidObjectNamePrefixSlashInvalidResourceNameServerNotInitializedOperationTimedOutClientDisconnectedOperationMaxedOutInvalidRequestTransitionStorageClassNotFoundErrorInvalidStorageClassBackendDownMalformedJSONAdminNoSuchUserAdminNoSuchGroupAdminGroupNotEmptyAdminNoSuchPolicyAdminInvalidArgumentAdminInvalidAccessKeyAdminInvalidSecretKeyAdminConfigNoQuorumAdminConfigTooLargeAdminConfigBadJSONAdminConfigDuplicateKeysAdminCredentialsMismatchInsecureClientRequestObjectTamperedSiteReplicationInvalidRequestSiteReplicationPeerRespSiteReplicationBackendIssueSiteReplicationServiceAccountErrorSiteReplicationBucketConfigErrorSiteReplicationBucketMetaErrorSiteReplicationIAMErrorAdminBucketQuotaExceededAdminNoSuchQuotaConfigurationHealNotImplementedHealNoSuchProcessHealInvalidClientTokenHealMissingBucketHealAlreadyRunningHealOverlappingPathsIncorrectContinuationTokenEmptyRequestBodyUnsupportedFunctionInvalidExpressionTypeBusyUnauthorizedAccessExpressionTooLongIllegalSQLFunctionArgumentInvalidKeyPathInvalidCompressionFormatInvalidFileHeaderInfoInvalidJSONTypeInvalidQuoteFieldsInvalidRequestParameterInvalidDataTypeInvalidTextEncodingInvalidDataSourceInvalidTableAliasMissingRequiredParameterObjectSerializationConflictUnsupportedSQLOperationUnsupportedSQLStructureUnsupportedSyntaxUnsupportedRangeHeaderLexerInvalidCharLexerInvalidOperatorLexerInvalidLiteralLexerInvalidIONLiteralParseExpectedDatePartParseExpectedKeywordParseExpectedTokenTypeParseExpected2TokenTypesParseExpectedNumberParseExpectedRightParenBuiltinFunctionCallParseExpectedTypeNameParseExpectedWhenClauseParseUnsupportedTokenParseUnsupportedLiteralsGroupByParseExpectedMemberParseUnsupportedSelectParseUnsupportedCaseParseUnsupportedCaseClauseParseUnsupportedAliasParseUnsupportedSyntaxParseUnknownOperatorParseMissingIdentAfterAtParseUnexpectedOperatorParseUnexpectedTermParseUnexpectedTokenParseUnexpectedKeywordParseExpectedExpressionParseExpectedLeftParenAfterCastParseExpectedLeftParenValueConstructorParseExpectedLeftParenBuiltinFunctionCallParseExpectedArgumentDelimiterParseCastArityParseInvalidTypeParamParseEmptySelectParseSelectMissingFromParseExpectedIdentForGroupNameParseExpectedIdentForAliasParseUnsupportedCallWithStarParseNonUnaryAgregateFunctionCallParseMalformedJoinParseExpectedIdentForAtParseAsteriskIsNotAloneInSelectListParseCannotMixSqbAndWildcardInSelectListParseInvalidContextForWildcardInSelectListIncorrectSQLFunctionArgumentTypeValueParseFailureEvaluatorInvalidArgumentsIntegerOverflowLikeInvalidInputsCastFailedInvalidCastEvaluatorInvalidTimestampFormatPatternEvaluatorInvalidTimestampFormatPatternSymbolForParsingEvaluatorTimestampFormatPatternDuplicateFieldsEvaluatorTimestampFormatPatternHourClockAmPmMismatchEvaluatorUnterminatedTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternSymbolEvaluatorBindingDoesNotExistMissingHeadersInvalidColumnIndexAdminConfigNotificationTargetsFailedAdminProfilerNotEnabledInvalidDecompressedSizeAddUserInvalidArgumentAdminAccountNotEligibleAccountNotEligibleAdminServiceAccountNotFoundPostPolicyConditionInvalidFormat" +const _APIErrorCode_name = "NoneAccessDeniedBadDigestEntityTooSmallEntityTooLargePolicyTooLargeIncompleteBodyInternalErrorInvalidAccessKeyIDAccessKeyDisabledInvalidBucketNameInvalidDigestInvalidRangeInvalidRangePartNumberInvalidCopyPartRangeInvalidCopyPartRangeSourceInvalidMaxKeysInvalidEncodingMethodInvalidMaxUploadsInvalidMaxPartsInvalidPartNumberMarkerInvalidPartNumberInvalidRequestBodyInvalidCopySourceInvalidMetadataDirectiveInvalidCopyDestInvalidPolicyDocumentInvalidObjectStateMalformedXMLMissingContentLengthMissingContentMD5MissingRequestBodyErrorMissingSecurityHeaderNoSuchBucketNoSuchBucketPolicyNoSuchBucketLifecycleNoSuchLifecycleConfigurationInvalidLifecycleWithObjectLockNoSuchBucketSSEConfigNoSuchCORSConfigurationNoSuchWebsiteConfigurationReplicationConfigurationNotFoundErrorRemoteDestinationNotFoundErrorReplicationDestinationMissingLockRemoteTargetNotFoundErrorReplicationRemoteConnectionErrorReplicationBandwidthLimitErrorBucketRemoteIdenticalToSourceBucketRemoteAlreadyExistsBucketRemoteLabelInUseBucketRemoteArnTypeInvalidBucketRemoteArnInvalidBucketRemoteRemoveDisallowedRemoteTargetNotVersionedErrorReplicationSourceNotVersionedErrorReplicationNeedsVersioningErrorReplicationBucketNeedsVersioningErrorReplicationDenyEditErrorReplicationNoMatchingRuleErrorObjectRestoreAlreadyInProgressNoSuchKeyNoSuchUploadInvalidVersionIDNoSuchVersionNotImplementedPreconditionFailedRequestTimeTooSkewedSignatureDoesNotMatchMethodNotAllowedInvalidPartInvalidPartOrderAuthorizationHeaderMalformedMalformedPOSTRequestPOSTFileRequiredSignatureVersionNotSupportedBucketNotEmptyAllAccessDisabledMalformedPolicyMissingFieldsMissingCredTagCredMalformedInvalidRegionInvalidServiceS3InvalidServiceSTSInvalidRequestVersionMissingSignTagMissingSignHeadersTagMalformedDateMalformedPresignedDateMalformedCredentialDateMalformedCredentialRegionMalformedExpiresNegativeExpiresAuthHeaderEmptyExpiredPresignRequestRequestNotReadyYetUnsignedHeadersMissingDateHeaderInvalidQuerySignatureAlgoInvalidQueryParamsBucketAlreadyOwnedByYouInvalidDurationBucketAlreadyExistsMetadataTooLargeUnsupportedMetadataMaximumExpiresSlowDownInvalidPrefixMarkerBadRequestKeyTooLongErrorInvalidBucketObjectLockConfigurationObjectLockConfigurationNotFoundObjectLockConfigurationNotAllowedNoSuchObjectLockConfigurationObjectLockedInvalidRetentionDatePastObjectLockRetainDateUnknownWORMModeDirectiveBucketTaggingNotFoundObjectLockInvalidHeadersInvalidTagDirectiveInvalidEncryptionMethodInsecureSSECustomerRequestSSEMultipartEncryptedSSEEncryptedObjectInvalidEncryptionParametersInvalidSSECustomerAlgorithmInvalidSSECustomerKeyMissingSSECustomerKeyMissingSSECustomerKeyMD5SSECustomerKeyMD5MismatchInvalidSSECustomerParametersIncompatibleEncryptionMethodKMSNotConfiguredKMSKeyNotFoundExceptionNoAccessKeyInvalidTokenEventNotificationARNNotificationRegionNotificationOverlappingFilterNotificationFilterNameInvalidFilterNamePrefixFilterNameSuffixFilterValueInvalidOverlappingConfigsUnsupportedNotificationContentSHA256MismatchReadQuorumWriteQuorumStorageFullRequestBodyParseObjectExistsAsDirectoryInvalidObjectNameInvalidObjectNamePrefixSlashInvalidResourceNameServerNotInitializedOperationTimedOutClientDisconnectedOperationMaxedOutInvalidRequestTransitionStorageClassNotFoundErrorInvalidStorageClassBackendDownMalformedJSONAdminNoSuchUserAdminNoSuchGroupAdminGroupNotEmptyAdminNoSuchPolicyAdminInvalidArgumentAdminInvalidAccessKeyAdminInvalidSecretKeyAdminConfigNoQuorumAdminConfigTooLargeAdminConfigBadJSONAdminConfigDuplicateKeysAdminCredentialsMismatchInsecureClientRequestObjectTamperedSiteReplicationInvalidRequestSiteReplicationPeerRespSiteReplicationBackendIssueSiteReplicationServiceAccountErrorSiteReplicationBucketConfigErrorSiteReplicationBucketMetaErrorSiteReplicationIAMErrorAdminBucketQuotaExceededAdminNoSuchQuotaConfigurationHealNotImplementedHealNoSuchProcessHealInvalidClientTokenHealMissingBucketHealAlreadyRunningHealOverlappingPathsIncorrectContinuationTokenEmptyRequestBodyUnsupportedFunctionInvalidExpressionTypeBusyUnauthorizedAccessExpressionTooLongIllegalSQLFunctionArgumentInvalidKeyPathInvalidCompressionFormatInvalidFileHeaderInfoInvalidJSONTypeInvalidQuoteFieldsInvalidRequestParameterInvalidDataTypeInvalidTextEncodingInvalidDataSourceInvalidTableAliasMissingRequiredParameterObjectSerializationConflictUnsupportedSQLOperationUnsupportedSQLStructureUnsupportedSyntaxUnsupportedRangeHeaderLexerInvalidCharLexerInvalidOperatorLexerInvalidLiteralLexerInvalidIONLiteralParseExpectedDatePartParseExpectedKeywordParseExpectedTokenTypeParseExpected2TokenTypesParseExpectedNumberParseExpectedRightParenBuiltinFunctionCallParseExpectedTypeNameParseExpectedWhenClauseParseUnsupportedTokenParseUnsupportedLiteralsGroupByParseExpectedMemberParseUnsupportedSelectParseUnsupportedCaseParseUnsupportedCaseClauseParseUnsupportedAliasParseUnsupportedSyntaxParseUnknownOperatorParseMissingIdentAfterAtParseUnexpectedOperatorParseUnexpectedTermParseUnexpectedTokenParseUnexpectedKeywordParseExpectedExpressionParseExpectedLeftParenAfterCastParseExpectedLeftParenValueConstructorParseExpectedLeftParenBuiltinFunctionCallParseExpectedArgumentDelimiterParseCastArityParseInvalidTypeParamParseEmptySelectParseSelectMissingFromParseExpectedIdentForGroupNameParseExpectedIdentForAliasParseUnsupportedCallWithStarParseNonUnaryAgregateFunctionCallParseMalformedJoinParseExpectedIdentForAtParseAsteriskIsNotAloneInSelectListParseCannotMixSqbAndWildcardInSelectListParseInvalidContextForWildcardInSelectListIncorrectSQLFunctionArgumentTypeValueParseFailureEvaluatorInvalidArgumentsIntegerOverflowLikeInvalidInputsCastFailedInvalidCastEvaluatorInvalidTimestampFormatPatternEvaluatorInvalidTimestampFormatPatternSymbolForParsingEvaluatorTimestampFormatPatternDuplicateFieldsEvaluatorTimestampFormatPatternHourClockAmPmMismatchEvaluatorUnterminatedTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternSymbolEvaluatorBindingDoesNotExistMissingHeadersInvalidColumnIndexAdminConfigNotificationTargetsFailedAdminProfilerNotEnabledInvalidDecompressedSizeAddUserInvalidArgumentAdminResourceInvalidArgumentAdminAccountNotEligibleAccountNotEligibleAdminServiceAccountNotFoundPostPolicyConditionInvalidFormat" -var _APIErrorCode_index = [...]uint16{0, 4, 16, 25, 39, 53, 67, 81, 94, 112, 129, 146, 159, 171, 193, 213, 239, 253, 274, 291, 306, 329, 346, 364, 381, 405, 420, 441, 459, 471, 491, 508, 531, 552, 564, 582, 603, 631, 661, 682, 705, 731, 768, 798, 831, 856, 888, 918, 947, 972, 994, 1020, 1042, 1070, 1099, 1133, 1164, 1201, 1225, 1255, 1285, 1294, 1306, 1322, 1335, 1349, 1367, 1387, 1408, 1424, 1435, 1451, 1479, 1499, 1515, 1543, 1557, 1574, 1589, 1602, 1616, 1629, 1642, 1658, 1675, 1696, 1710, 1731, 1744, 1766, 1789, 1814, 1830, 1845, 1860, 1881, 1899, 1914, 1931, 1956, 1974, 1997, 2012, 2031, 2047, 2066, 2080, 2088, 2107, 2117, 2132, 2168, 2199, 2232, 2261, 2273, 2293, 2317, 2341, 2362, 2386, 2405, 2428, 2454, 2475, 2493, 2520, 2547, 2568, 2589, 2613, 2638, 2666, 2694, 2710, 2733, 2744, 2756, 2773, 2788, 2806, 2835, 2852, 2868, 2884, 2902, 2920, 2943, 2964, 2974, 2985, 2996, 3012, 3035, 3052, 3080, 3099, 3119, 3136, 3154, 3171, 3185, 3220, 3239, 3250, 3263, 3278, 3294, 3312, 3329, 3349, 3370, 3391, 3410, 3429, 3447, 3471, 3495, 3516, 3530, 3559, 3582, 3609, 3643, 3675, 3705, 3728, 3752, 3781, 3799, 3816, 3838, 3855, 3873, 3893, 3919, 3935, 3954, 3975, 3979, 3997, 4014, 4040, 4054, 4078, 4099, 4114, 4132, 4155, 4170, 4189, 4206, 4223, 4247, 4274, 4297, 4320, 4337, 4359, 4375, 4395, 4414, 4436, 4457, 4477, 4499, 4523, 4542, 4584, 4605, 4628, 4649, 4680, 4699, 4721, 4741, 4767, 4788, 4810, 4830, 4854, 4877, 4896, 4916, 4938, 4961, 4992, 5030, 5071, 5101, 5115, 5136, 5152, 5174, 5204, 5230, 5258, 5291, 5309, 5332, 5367, 5407, 5449, 5481, 5498, 5523, 5538, 5555, 5565, 5576, 5614, 5668, 5714, 5766, 5814, 5857, 5901, 5929, 5943, 5961, 5997, 6020, 6043, 6065, 6088, 6106, 6133, 6165} +var _APIErrorCode_index = [...]uint16{0, 4, 16, 25, 39, 53, 67, 81, 94, 112, 129, 146, 159, 171, 193, 213, 239, 253, 274, 291, 306, 329, 346, 364, 381, 405, 420, 441, 459, 471, 491, 508, 531, 552, 564, 582, 603, 631, 661, 682, 705, 731, 768, 798, 831, 856, 888, 918, 947, 972, 994, 1020, 1042, 1070, 1099, 1133, 1164, 1201, 1225, 1255, 1285, 1294, 1306, 1322, 1335, 1349, 1367, 1387, 1408, 1424, 1435, 1451, 1479, 1499, 1515, 1543, 1557, 1574, 1589, 1602, 1616, 1629, 1642, 1658, 1675, 1696, 1710, 1731, 1744, 1766, 1789, 1814, 1830, 1845, 1860, 1881, 1899, 1914, 1931, 1956, 1974, 1997, 2012, 2031, 2047, 2066, 2080, 2088, 2107, 2117, 2132, 2168, 2199, 2232, 2261, 2273, 2293, 2317, 2341, 2362, 2386, 2405, 2428, 2454, 2475, 2493, 2520, 2547, 2568, 2589, 2613, 2638, 2666, 2694, 2710, 2733, 2744, 2756, 2773, 2788, 2806, 2835, 2852, 2868, 2884, 2902, 2920, 2943, 2964, 2974, 2985, 2996, 3012, 3035, 3052, 3080, 3099, 3119, 3136, 3154, 3171, 3185, 3220, 3239, 3250, 3263, 3278, 3294, 3312, 3329, 3349, 3370, 3391, 3410, 3429, 3447, 3471, 3495, 3516, 3530, 3559, 3582, 3609, 3643, 3675, 3705, 3728, 3752, 3781, 3799, 3816, 3838, 3855, 3873, 3893, 3919, 3935, 3954, 3975, 3979, 3997, 4014, 4040, 4054, 4078, 4099, 4114, 4132, 4155, 4170, 4189, 4206, 4223, 4247, 4274, 4297, 4320, 4337, 4359, 4375, 4395, 4414, 4436, 4457, 4477, 4499, 4523, 4542, 4584, 4605, 4628, 4649, 4680, 4699, 4721, 4741, 4767, 4788, 4810, 4830, 4854, 4877, 4896, 4916, 4938, 4961, 4992, 5030, 5071, 5101, 5115, 5136, 5152, 5174, 5204, 5230, 5258, 5291, 5309, 5332, 5367, 5407, 5449, 5481, 5498, 5523, 5538, 5555, 5565, 5576, 5614, 5668, 5714, 5766, 5814, 5857, 5901, 5929, 5943, 5961, 5997, 6020, 6043, 6065, 6093, 6116, 6134, 6161, 6193} func (i APIErrorCode) String() string { if i < 0 || i >= APIErrorCode(len(_APIErrorCode_index)-1) { diff --git a/cmd/iam-store.go b/cmd/iam-store.go index b308c643d..afde1a5b4 100644 --- a/cmd/iam-store.go +++ b/cmd/iam-store.go @@ -158,8 +158,7 @@ type MappedPolicy struct { func (mp MappedPolicy) toSlice() []string { var policies []string for _, policy := range strings.Split(mp.Policies, ",") { - policy = strings.TrimSpace(policy) - if policy == "" { + if strings.TrimSpace(policy) == "" { continue } policies = append(policies, policy) diff --git a/cmd/utils.go b/cmd/utils.go index 544c20d99..cdabf15c5 100644 --- a/cmd/utils.go +++ b/cmd/utils.go @@ -88,6 +88,14 @@ func IsErr(err error, errs ...error) bool { return false } +// returns 'true' if either string has space in the +// - beginning of a string +// OR +// - end of a string +func hasSpaceBE(s string) bool { + return strings.TrimSpace(s) != s +} + func request2BucketObjectName(r *http.Request) (bucketName, objectName string) { path, err := getResource(r.URL.Path, r.Host, globalDomainNames) if err != nil {