Introduce STS client grants API and OPA policy integration (#6168)

This PR introduces two new features - AWS STS compatible STS API named AssumeRoleWithClientGrants ``` POST /?Action=AssumeRoleWithClientGrants&Token=<jwt> ``` This API endpoint returns temporary access credentials, access tokens signature types supported by this API - RSA keys - ECDSA keys Fetches the required public key from the JWKS endpoints, provides them as rsa or ecdsa public keys. - External policy engine support, in this case OPA policy engine - Credentials are stored on disks
2025-11-20 18:06:10 -05:00 · 2018-10-09 14:00:01 -07:00
parent 16a100b597
commit 54ae364def
76 changed files with 7249 additions and 713 deletions
--- a/pkg/madmin/generic-commands.go
+++ b/pkg/madmin/generic-commands.go
@@ -28,16 +28,16 @@ type SetCredsReq struct {
 	SecretKey string `json:"secretKey"`
 }

-// SetCredentials - Call Set Credentials API to set new access and
+// SetAdminCredentials - Call Set Credentials API to set new access and
 // secret keys in the specified Minio server
-func (adm *AdminClient) SetCredentials(access, secret string) error {
+func (adm *AdminClient) SetAdminCredentials(access, secret string) error {
 	// Setup request's body
 	body, err := json.Marshal(SetCredsReq{access, secret})
 	if err != nil {
 		return err
 	}

-	ebody, err := EncryptServerConfigData(adm.secretAccessKey, body)
+	ebody, err := EncryptData(adm.secretAccessKey, body)
 	if err != nil {
 		return err
 	}