MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-19 18:17:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: AccountInfo API for roleARN based accounts (#15907)

Browse Source
This commit is contained in:
Aditya Manthramurthy 2022-10-19 17:54:41 -07:00 committed by GitHub
parent 2d16e74f38
commit 3dbef72dc7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
cmd/admin-handlers-users.go
View File

@ -1189,31 +1189,42 @@ func (a adminAPIHandlers) AccountInfoHandler(w http.ResponseWriter, r *http.Requ
accountName = cred.ParentUser accountName = cred.ParentUser
} }
roleArn := iampolicy.Args{Claims: claims}.GetRoleArn()
var effectivePolicy iampolicy.Policy
var buf []byte var buf []byte
if accountName == globalActiveCred.AccessKey { switch {
case accountName == globalActiveCred.AccessKey:
for _, policy := range iampolicy.DefaultPolicies { for _, policy := range iampolicy.DefaultPolicies {
if policy.Name == "consoleAdmin" { if policy.Name == "consoleAdmin" {
buf, err = json.MarshalIndent(policy.Definition, "", " ") effectivePolicy = policy.Definition
if err != nil {
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
return
}
break break
} }
} }
} else { case roleArn != "":
_, policy, err := globalIAMSys.GetRolePolicy(roleArn)
if err != nil {
logger.LogIf(ctx, err)
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
return
}
policySlice := newMappedPolicy(policy).toSlice()
effectivePolicy = globalIAMSys.GetCombinedPolicy(policySlice...)
default:
policies, err := globalIAMSys.PolicyDBGet(accountName, false, cred.Groups...) policies, err := globalIAMSys.PolicyDBGet(accountName, false, cred.Groups...)
if err != nil { if err != nil {
logger.LogIf(ctx, err) logger.LogIf(ctx, err)
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
return return
} }
effectivePolicy = globalIAMSys.GetCombinedPolicy(policies...)
buf, err = json.MarshalIndent(globalIAMSys.GetCombinedPolicy(policies...), "", " ") }
if err != nil { buf, err = json.MarshalIndent(effectivePolicy, "", " ")
writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) if err != nil {
return writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
} return
} }
acctInfo := madmin.AccountInfo{ acctInfo := madmin.AccountInfo{