Add domain and subdomain support for MinioAPI

This change brings in domain and subdomain support - ./minio --domain "yourminiodomain.com" This change brings in a much needed feature by keeping bucketnames as part of your 'DNS' name. All your existing applications can be migrated off from s3 to Minio without little to no modifications. NOTE: Setting up DNS for your `buckets` is out of scope of this feature
2025-11-08 21:24:55 -05:00 · 2015-02-23 02:11:27 -08:00
parent 2d3b00b831
commit 51e80eaa6d
13 changed files with 236 additions and 148 deletions
--- a/pkg/utils/policy/policy.go
+++ b/pkg/utils/policy/policy.go
@@ -31,8 +31,8 @@ const (

 // TODO support canonical user
 const (
-	AwsPrincipal   = "arn:aws:iam::Account-ID:user/"
-	MinioPrincipal = "minio::Account-ID:user/"
+	AwsPrincipal   = "arn:aws:iam::"
+	MinioPrincipal = "minio::"
 )

 var SupportedActionMap = map[string]bool{
@@ -55,10 +55,13 @@ var SupportedEffectMap = map[string]bool{
 func isValidAction(action []string) bool {
 	var ok bool = false
 	for _, a := range action {
-		if SupportedActionMap[a] {
-			ok = true
+		if !SupportedActionMap[a] {
+			goto error
 		}
 	}
+	ok = true
+
+error:
 	return ok
 }

@@ -104,6 +107,7 @@ func isValidPrincipal(principal string) bool {
 		if len(username) == 0 {
 			ok = false
 		}
+
 	case strings.HasPrefix(principal, MinioPrincipal):
 		username := strings.SplitAfter(principal, MinioPrincipal)[1]
 		ok = true
@@ -160,6 +164,7 @@ func Parsepolicy(data io.Reader) (BucketPolicy, bool) {
 		if len(statement.Resource) == 0 {
 			goto error
 		}
+
 		if !isValidResource(statement.Resource) {
 			goto error
 		}