mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
support 'ldap:user' variable replacement properly (#10391)
also update `ldap.go` examples with latest minio-go changes Fixes #10367
This commit is contained in:
parent
9ffad7fceb
commit
4b6585d249
@ -151,9 +151,10 @@ func getConditionValues(r *http.Request, lc string, username string, claims map[
|
||||
if ok {
|
||||
// Special case for AD/LDAP STS users
|
||||
if k == ldapUser {
|
||||
args[ldapUserPolicyVariable] = []string{vStr}
|
||||
args["user"] = []string{vStr}
|
||||
} else {
|
||||
args[k] = []string{vStr}
|
||||
}
|
||||
args[k] = []string{vStr}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -61,8 +61,7 @@ const (
|
||||
parentClaim = "parent"
|
||||
|
||||
// LDAP claim keys
|
||||
ldapUser = "ldapUser"
|
||||
ldapUserPolicyVariable = "ldap:user"
|
||||
ldapUser = "ldapUser"
|
||||
)
|
||||
|
||||
// stsAPIHandlers implements and provides http handlers for AWS STS API.
|
||||
|
@ -18,12 +18,13 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"context"
|
||||
"flag"
|
||||
"fmt"
|
||||
"log"
|
||||
"net/url"
|
||||
|
||||
miniogo "github.com/minio/minio-go/v7"
|
||||
"github.com/minio/minio-go/v7"
|
||||
cr "github.com/minio/minio-go/v7/pkg/credentials"
|
||||
)
|
||||
|
||||
@ -53,39 +54,34 @@ func main() {
|
||||
// LDAP STS API.
|
||||
|
||||
// Initialize LDAP credentials
|
||||
li, err := cr.NewLDAPIdentity(stsEndpoint, ldapUsername, ldapPassword)
|
||||
if err != nil {
|
||||
log.Fatalf("INIT Err: %v", err)
|
||||
}
|
||||
li, _ := cr.NewLDAPIdentity(stsEndpoint, ldapUsername, ldapPassword)
|
||||
|
||||
// Generate temporary STS credentials
|
||||
v, err := li.Get()
|
||||
if err != nil {
|
||||
log.Fatalf("GET Err: %v", err)
|
||||
}
|
||||
fmt.Printf("%#v\n", v)
|
||||
|
||||
stsEndpointUrl, err := url.Parse(stsEndpoint)
|
||||
stsEndpointURL, err := url.Parse(stsEndpoint)
|
||||
if err != nil {
|
||||
log.Fatalf("Err: %v", err)
|
||||
}
|
||||
|
||||
secure := false
|
||||
if stsEndpointUrl.Scheme == "https" {
|
||||
secure = true
|
||||
opts := &minio.Options{
|
||||
Creds: li,
|
||||
Secure: stsEndpointURL.Scheme == "https",
|
||||
}
|
||||
|
||||
fmt.Println(li.Get())
|
||||
// Use generated credentials to authenticate with MinIO server
|
||||
minioClient, err := miniogo.NewWithCredentials(stsEndpointUrl.Host, li, secure, "")
|
||||
minioClient, err := minio.New(stsEndpointURL.Host, opts)
|
||||
if err != nil {
|
||||
log.Fatalln(err)
|
||||
}
|
||||
|
||||
// Use minIO Client object normally like the regular client.
|
||||
fmt.Println("Calling list buckets with temp creds:")
|
||||
b, err := minioClient.ListBuckets()
|
||||
if err != nil {
|
||||
log.Fatalln(err)
|
||||
fmt.Println("Calling list objects with temp creds: ")
|
||||
objCh := minioClient.ListObjects(context.Background(), ldapUsername, minio.ListObjectsOptions{})
|
||||
for obj := range objCh {
|
||||
if obj.Err != nil {
|
||||
if err != nil {
|
||||
log.Fatalln(err)
|
||||
}
|
||||
}
|
||||
fmt.Println(obj)
|
||||
}
|
||||
fmt.Println(b)
|
||||
}
|
||||
|
14
docs/sts/list-objects-with-ldap-user.json
Normal file
14
docs/sts/list-objects-with-ldap-user.json
Normal file
@ -0,0 +1,14 @@
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"s3:ListBucket"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:s3:::${ldap:user}"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
Loading…
Reference in New Issue
Block a user