Introduce STS client grants API and OPA policy integration (#6168)

This PR introduces two new features - AWS STS compatible STS API named AssumeRoleWithClientGrants ``` POST /?Action=AssumeRoleWithClientGrants&Token=<jwt> ``` This API endpoint returns temporary access credentials, access tokens signature types supported by this API - RSA keys - ECDSA keys Fetches the required public key from the JWKS endpoints, provides them as rsa or ecdsa public keys. - External policy engine support, in this case OPA policy engine - Credentials are stored on disks
2025-11-26 04:26:12 -05:00 · 2018-10-09 14:00:01 -07:00
parent 16a100b597
commit 54ae364def
76 changed files with 7249 additions and 713 deletions
--- a/pkg/madmin/examples/set-credentials.go
+++ b/pkg/madmin/examples/set-credentials.go
@@ -36,7 +36,7 @@ func main() {
 		log.Fatalln(err)
 	}

-	err = madmClnt.SetCredentials("YOUR-NEW-ACCESSKEY", "YOUR-NEW-SECRETKEY")
+	err = madmClnt.SetAdminCredentials("YOUR-NEW-ACCESSKEY", "YOUR-NEW-SECRETKEY")
 	if err != nil {
 		log.Fatalln(err)
 	}