mirror of
https://github.com/minio/minio.git
synced 2024-12-24 22:25:54 -05:00
Fix STS AssumeRole route conflict with MultipartUpload (#7574)
Since AssumeRole API was introduced we have a wrong route match which results in certain clients failing to upload objects using multipart because, multipart POST conflicts with STS POST AssumeRole API. Write a proper matcher function which verifies the route more appropriately such that both can co-exist.
This commit is contained in:
parent
f767a2538a
commit
35d19a4ae2
@ -25,6 +25,7 @@ import (
|
|||||||
"github.com/minio/minio/cmd/logger"
|
"github.com/minio/minio/cmd/logger"
|
||||||
"github.com/minio/minio/pkg/auth"
|
"github.com/minio/minio/pkg/auth"
|
||||||
"github.com/minio/minio/pkg/iam/validator"
|
"github.com/minio/minio/pkg/iam/validator"
|
||||||
|
"github.com/minio/minio/pkg/wildcard"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
@ -49,13 +50,19 @@ func registerSTSRouter(router *mux.Router) {
|
|||||||
stsRouter := router.NewRoute().PathPrefix("/").Subrouter()
|
stsRouter := router.NewRoute().PathPrefix("/").Subrouter()
|
||||||
|
|
||||||
// Assume roles with no JWT, handles AssumeRole.
|
// Assume roles with no JWT, handles AssumeRole.
|
||||||
stsRouter.Methods("POST").HeadersRegexp("Content-Type", "application/x-www-form-urlencoded*").
|
stsRouter.Methods("POST").MatcherFunc(func(r *http.Request, rm *mux.RouteMatch) bool {
|
||||||
HeadersRegexp("Authorization", "AWS4-HMAC-SHA256*").
|
ctypeOk := wildcard.MatchSimple("application/x-www-form-urlencoded*", r.Header.Get("Content-Type"))
|
||||||
HandlerFunc(httpTraceAll(sts.AssumeRole))
|
authOk := wildcard.MatchSimple("AWS4-HMAC-SHA256*", r.Header.Get("Authorization"))
|
||||||
|
noQueries := len(r.URL.Query()) == 0
|
||||||
|
return ctypeOk && authOk && noQueries
|
||||||
|
}).HandlerFunc(httpTraceAll(sts.AssumeRole))
|
||||||
|
|
||||||
// Assume roles with JWT handler, handles both ClientGrants and WebIdentity.
|
// Assume roles with JWT handler, handles both ClientGrants and WebIdentity.
|
||||||
stsRouter.Methods("POST").HeadersRegexp("Content-Type", "application/x-www-form-urlencoded*").
|
stsRouter.Methods("POST").MatcherFunc(func(r *http.Request, rm *mux.RouteMatch) bool {
|
||||||
HandlerFunc(httpTraceAll(sts.AssumeRoleWithJWT))
|
ctypeOk := wildcard.MatchSimple("application/x-www-form-urlencoded*", r.Header.Get("Content-Type"))
|
||||||
|
noQueries := len(r.URL.Query()) == 0
|
||||||
|
return ctypeOk && noQueries
|
||||||
|
}).HandlerFunc(httpTraceAll(sts.AssumeRoleWithJWT))
|
||||||
|
|
||||||
// AssumeRoleWithClientGrants
|
// AssumeRoleWithClientGrants
|
||||||
stsRouter.Methods("POST").HandlerFunc(httpTraceAll(sts.AssumeRoleWithClientGrants)).
|
stsRouter.Methods("POST").HandlerFunc(httpTraceAll(sts.AssumeRoleWithClientGrants)).
|
||||||
|
Loading…
Reference in New Issue
Block a user