MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-02-25 12:29:15 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: do not allow removal of inbuilt policies unless they are already persisted (#17264)

Browse Source 
Dont allow removal of inbuilt policies such as `readwrite, readonly, writeonly and diagnostics`
This commit is contained in:
Shubhendu 2023-06-13 23:36:17 +05:30 committed by GitHub
parent 3d6b88a60e
commit 35d71682f6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/iam.go
View File

@ -532,6 +532,14 @@ func (sys *IAMSys) DeletePolicy(ctx context.Context, policyName string, notifyPe
return errServerNotInitialized return errServerNotInitialized
} }
for _, v := range iampolicy.DefaultPolicies {
if v.Name == policyName {
if err := checkConfig(ctx, globalObjectAPI, getPolicyDocPath(policyName)); err != nil && err == errConfigNotFound {
return fmt.Errorf("inbuilt policy `%s` not allowed to be deleted", policyName)
}
}
}
err := sys.store.DeletePolicy(ctx, policyName) err := sys.store.DeletePolicy(ctx, policyName)
if err != nil { if err != nil {
return err return err