fix: if OPA set do not enforce policy claim (#10149)

2025-11-07 21:02:58 -05:00 · 2020-07-28 11:47:57 -07:00
parent 1b6ba0d062
commit 27266f8a54
4 changed files with 5 additions and 10 deletions
--- a/cmd/sts-handlers.go
+++ b/cmd/sts-handlers.go
@@ -328,7 +328,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithJWT(w http.ResponseWriter, r *http.Requ
 		policyName = globalIAMSys.currentPolicies(strings.Join(policySet.ToSlice(), ","))
 	}

-	if policyName == "" {
+	if policyName == "" && globalPolicyOPA == nil {
 		writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, fmt.Errorf("%s claim missing from the JWT token, credentials will not be generated", iamPolicyClaimNameOpenID()))
 		return
 	}