MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-10 05:59:43 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add support for new policy conditions (#7024)

Browse Source 
This PR implements following condition types

- StringEqualsIgnoreCase and StringNotEqualsIgnoreCase
- BinaryEquals
This commit is contained in:
Harshavardhana
2018-12-26 17:39:30 -08:00
committed by GitHub
parent 2db22deb93
commit 4e4f855b30
14 changed files with 1593 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
pkg/iam/policy/action.go
View File

@@ -174,39 +174,55 @@ func parseAction(s string) (Action, error) {
// actionConditionKeyMap - holds mapping of supported condition key for an action.
var actionConditionKeyMap = map[Action]condition.KeySet{
AllActions: condition.NewKeySet(condition.AllSupportedKeys...),
AbortMultipartUploadAction: condition.NewKeySet(
condition.AWSReferer,
condition.AWSSourceIP,
condition.AWSUserAgent,
condition.AWSSecureTransport,
),
CreateBucketAction: condition.NewKeySet(
condition.AWSReferer,
condition.AWSSourceIP,
condition.AWSUserAgent,
condition.AWSSecureTransport,
),
DeleteBucketPolicyAction: condition.NewKeySet(
condition.AWSReferer,
condition.AWSSourceIP,
condition.AWSUserAgent,
condition.AWSSecureTransport,
),
DeleteObjectAction: condition.NewKeySet(
condition.AWSReferer,
condition.AWSSourceIP,
condition.AWSUserAgent,
condition.AWSSecureTransport,
),
GetBucketLocationAction: condition.NewKeySet(
condition.AWSReferer,
condition.AWSSourceIP,
condition.AWSUserAgent,
condition.AWSSecureTransport,
),
GetBucketNotificationAction: condition.NewKeySet(
condition.AWSReferer,
condition.AWSSourceIP,
condition.AWSUserAgent,
condition.AWSSecureTransport,
),
GetBucketPolicyAction: condition.NewKeySet(
condition.AWSReferer,
condition.AWSSourceIP,
condition.AWSUserAgent,
condition.AWSSecureTransport,
),
GetObjectAction: condition.NewKeySet(
@@ -215,16 +231,22 @@ var actionConditionKeyMap = map[Action]condition.KeySet{
condition.S3XAmzStorageClass,
condition.AWSReferer,
condition.AWSSourceIP,
condition.AWSUserAgent,
condition.AWSSecureTransport,
),
HeadBucketAction: condition.NewKeySet(
condition.AWSReferer,
condition.AWSSourceIP,
condition.AWSUserAgent,
condition.AWSSecureTransport,
),
ListAllMyBucketsAction: condition.NewKeySet(
condition.AWSReferer,
condition.AWSSourceIP,
condition.AWSUserAgent,
condition.AWSSecureTransport,
),
ListBucketAction: condition.NewKeySet(
@@ -233,31 +255,43 @@ var actionConditionKeyMap = map[Action]condition.KeySet{
condition.S3MaxKeys,
condition.AWSReferer,
condition.AWSSourceIP,
condition.AWSUserAgent,
condition.AWSSecureTransport,
),
ListBucketMultipartUploadsAction: condition.NewKeySet(
condition.AWSReferer,
condition.AWSSourceIP,
condition.AWSUserAgent,
condition.AWSSecureTransport,
),
ListenBucketNotificationAction: condition.NewKeySet(
condition.AWSReferer,
condition.AWSSourceIP,
condition.AWSUserAgent,
condition.AWSSecureTransport,
),
ListMultipartUploadPartsAction: condition.NewKeySet(
condition.AWSReferer,
condition.AWSSourceIP,
condition.AWSUserAgent,
condition.AWSSecureTransport,
),
PutBucketNotificationAction: condition.NewKeySet(
condition.AWSReferer,
condition.AWSSourceIP,
condition.AWSUserAgent,
condition.AWSSecureTransport,
),
PutBucketPolicyAction: condition.NewKeySet(
condition.AWSReferer,
condition.AWSSourceIP,
condition.AWSUserAgent,
condition.AWSSecureTransport,
),
PutObjectAction: condition.NewKeySet(
@@ -268,5 +302,7 @@ var actionConditionKeyMap = map[Action]condition.KeySet{
condition.S3XAmzStorageClass,
condition.AWSReferer,
condition.AWSSourceIP,
condition.AWSUserAgent,
condition.AWSSecureTransport,
),
}