MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-09 05:34:56 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add role ARN support for OIDC identity provider (#13651)

Browse Source 
- Allows setting a role policy parameter when configuring OIDC provider

- When role policy is set, the server prints a role ARN usable in STS API requests

- The given role policy is applied to STS API requests when the roleARN parameter is provided.

- Service accounts for role policy are also possible and work as expected.
This commit is contained in:
Aditya Manthramurthy
2021-11-26 19:22:40 -08:00
committed by GitHub
parent 4ce6d35e30
commit 4c0f48c548
12 changed files with 582 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cmd/auth-handler.go
View File

@@ -245,9 +245,10 @@ func getClaimsFromToken(token string) (map[string]interface{}, error) {
// Session token must have a policy, reject requests without policy
// claim.
_, pokOpenID := claims.MapClaims[iamPolicyClaimNameOpenID()]
_, pokOpenIDClaimName := claims.MapClaims[iamPolicyClaimNameOpenID()]
_, pokOpenIDRoleArn := claims.MapClaims[roleArnClaim]
_, pokSA := claims.MapClaims[iamPolicyClaimNameSA()]
if !pokOpenID && !pokSA {
if !pokOpenIDClaimName && !pokOpenIDRoleArn && !pokSA {
return nil, errAuthentication
}