MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-04 03:40:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

add missing ListBucketVersions from policy actions (#10414)

Browse Source
This commit is contained in:
Harshavardhana 2020-09-03 18:25:06 -07:00 committed by GitHub
parent b4e3956e69
commit 1c6781757c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 57 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
cmd/auth-handler.go
View File

@ -346,8 +346,26 @@ func checkRequestAuthTypeToAccessKey(ctx context.Context, r *http.Request, actio
// Request is allowed return the appropriate access key. // Request is allowed return the appropriate access key.
return cred.AccessKey, owner, ErrNone return cred.AccessKey, owner, ErrNone
} }
if action == policy.ListBucketVersionsAction {
// In AWS S3 s3:ListBucket permission is same as s3:ListBucketVersions permission
// verify as a fallback.
if globalPolicySys.IsAllowed(policy.Args{
AccountName: cred.AccessKey,
Action: policy.ListBucketAction,
BucketName: bucketName,
ConditionValues: getConditionValues(r, locationConstraint, "", nil),
IsOwner: false,
ObjectName: objectName,
}) {
// Request is allowed return the appropriate access key.
return cred.AccessKey, owner, ErrNone
}
}
return cred.AccessKey, owner, ErrAccessDenied return cred.AccessKey, owner, ErrAccessDenied
} }
if globalIAMSys.IsAllowed(iampolicy.Args{ if globalIAMSys.IsAllowed(iampolicy.Args{
AccountName: cred.AccessKey, AccountName: cred.AccessKey,
Action: iampolicy.Action(action), Action: iampolicy.Action(action),
@ -360,6 +378,22 @@ func checkRequestAuthTypeToAccessKey(ctx context.Context, r *http.Request, actio
// Request is allowed return the appropriate access key. // Request is allowed return the appropriate access key.
return cred.AccessKey, owner, ErrNone return cred.AccessKey, owner, ErrNone
} }
if action == policy.ListBucketVersionsAction {
// In AWS S3 s3:ListBucket permission is same as s3:ListBucketVersions permission
// verify as a fallback.
if globalIAMSys.IsAllowed(iampolicy.Args{
AccountName: cred.AccessKey,
Action: iampolicy.Action(policy.ListBucketAction),
BucketName: bucketName,
ConditionValues: getConditionValues(r, "", cred.AccessKey, claims),
ObjectName: objectName,
IsOwner: owner,
Claims: claims,
}) {
// Request is allowed return the appropriate access key.
return cred.AccessKey, owner, ErrNone
}
}
return cred.AccessKey, owner, ErrAccessDenied return cred.AccessKey, owner, ErrAccessDenied
} }

2
cmd/bucket-listobjects-handlers.go
View File

@ -93,7 +93,7 @@ func (api objectAPIHandlers) ListObjectVersionsHandler(w http.ResponseWriter, r
return return
} }
if s3Error := checkRequestAuthType(ctx, r, policy.ListBucketAction, bucket, ""); s3Error != ErrNone { if s3Error := checkRequestAuthType(ctx, r, policy.ListBucketVersionsAction, bucket, ""); s3Error != ErrNone {
writeErrorResponse(ctx, w, errorCodes.ToAPIErr(s3Error), r.URL, guessIsBrowserReq(r)) writeErrorResponse(ctx, w, errorCodes.ToAPIErr(s3Error), r.URL, guessIsBrowserReq(r))
return return
} }

11
pkg/bucket/policy/action.go
View File

@ -71,6 +71,9 @@ const (
// ListBucketMultipartUploadsAction - ListMultipartUploads Rest API action. // ListBucketMultipartUploadsAction - ListMultipartUploads Rest API action.
ListBucketMultipartUploadsAction = "s3:ListBucketMultipartUploads" ListBucketMultipartUploadsAction = "s3:ListBucketMultipartUploads"
// ListBucketVersionsAction - ListBucket versions Rest API action.
ListBucketVersionsAction = "s3:ListBucketVersions"
// ListenNotificationAction - ListenNotification Rest API action. // ListenNotificationAction - ListenNotification Rest API action.
// This is MinIO extension. // This is MinIO extension.
ListenNotificationAction = "s3:ListenNotification" ListenNotificationAction = "s3:ListenNotification"
@ -215,6 +218,7 @@ var supportedActions = map[Action]struct{}{
HeadBucketAction: {}, HeadBucketAction: {},
ListAllMyBucketsAction: {}, ListAllMyBucketsAction: {},
ListBucketAction: {}, ListBucketAction: {},
ListBucketVersionsAction: {},
ListBucketMultipartUploadsAction: {}, ListBucketMultipartUploadsAction: {},
ListenNotificationAction: {}, ListenNotificationAction: {},
ListenBucketNotificationAction: {}, ListenBucketNotificationAction: {},
@ -323,6 +327,13 @@ var actionConditionKeyMap = map[Action]condition.KeySet{
condition.S3MaxKeys, condition.S3MaxKeys,
}, condition.CommonKeys...)...), }, condition.CommonKeys...)...),
ListBucketVersionsAction: condition.NewKeySet(
append([]condition.Key{
condition.S3Prefix,
condition.S3Delimiter,
condition.S3MaxKeys,
}, condition.CommonKeys...)...),
ListBucketMultipartUploadsAction: condition.NewKeySet(condition.CommonKeys...), ListBucketMultipartUploadsAction: condition.NewKeySet(condition.CommonKeys...),
ListenNotificationAction: condition.NewKeySet(condition.CommonKeys...), ListenNotificationAction: condition.NewKeySet(condition.CommonKeys...),

11
pkg/iam/policy/action.go
View File

@ -67,6 +67,9 @@ const (
// ListBucketAction - ListBucket Rest API action. // ListBucketAction - ListBucket Rest API action.
ListBucketAction = "s3:ListBucket" ListBucketAction = "s3:ListBucket"
// ListBucketVersionsAction - ListBucketVersions Rest API action.
ListBucketVersionsAction = "s3:ListBucketVersions"
// ListBucketMultipartUploadsAction - ListMultipartUploads Rest API action. // ListBucketMultipartUploadsAction - ListMultipartUploads Rest API action.
ListBucketMultipartUploadsAction = "s3:ListBucketMultipartUploads" ListBucketMultipartUploadsAction = "s3:ListBucketMultipartUploads"
@ -194,6 +197,7 @@ var supportedActions = map[Action]struct{}{
HeadBucketAction: {}, HeadBucketAction: {},
ListAllMyBucketsAction: {}, ListAllMyBucketsAction: {},
ListBucketAction: {}, ListBucketAction: {},
ListBucketVersionsAction: {},
ListBucketMultipartUploadsAction: {}, ListBucketMultipartUploadsAction: {},
ListenNotificationAction: {}, ListenNotificationAction: {},
ListenBucketNotificationAction: {}, ListenBucketNotificationAction: {},
@ -312,6 +316,13 @@ var actionConditionKeyMap = map[Action]condition.KeySet{
condition.S3MaxKeys, condition.S3MaxKeys,
}, condition.CommonKeys...)...), }, condition.CommonKeys...)...),
ListBucketVersionsAction: condition.NewKeySet(
append([]condition.Key{
condition.S3Prefix,
condition.S3Delimiter,
condition.S3MaxKeys,
}, condition.CommonKeys...)...),
ListBucketMultipartUploadsAction: condition.NewKeySet(condition.CommonKeys...), ListBucketMultipartUploadsAction: condition.NewKeySet(condition.CommonKeys...),
ListenNotificationAction: condition.NewKeySet(condition.CommonKeys...), ListenNotificationAction: condition.NewKeySet(condition.CommonKeys...),