MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-10 05:59:43 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add support for {jwt:sub} substitutions for policies (#8393)

Browse Source 
Fixes #8345
This commit is contained in:
Harshavardhana
2019-10-16 08:59:59 -07:00
committed by GitHub
parent f2cc97a44c
commit 5afb1b6747
7 changed files with 83 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
pkg/policy/condition/key.go
View File

@@ -85,6 +85,18 @@ const (
// AWSUsername - user friendly name, in MinIO this value is same as your user Access Key.
AWSUsername Key = "aws:username"
// JWTSub - JWT subject claim substitution.
JWTSub Key = "jwt:sub"
// JWTIss issuer claim substitution.
JWTIss Key = "jwt:iss"
// JWTAud audience claim substitution.
JWTAud Key = "jwt:aud"
// JWTJti JWT unique identifier claim substitution.
JWTJti Key = "jwt:jti"
)
// AllSupportedKeys - is list of all all supported keys.
@@ -107,6 +119,10 @@ var AllSupportedKeys = []Key{
AWSPrincipalType,
AWSUserID,
AWSUsername,
JWTSub,
JWTIss,
JWTAud,
JWTJti,
// Add new supported condition keys.
}
@@ -121,6 +137,10 @@ var CommonKeys = []Key{
AWSPrincipalType,
AWSUserID,
AWSUsername,
JWTSub,
JWTIss,
JWTAud,
JWTJti,
}
func substFuncFromValues(values map[string][]string) func(string) string {
@@ -166,8 +186,9 @@ func (key Key) Name() string {
if strings.HasPrefix(keyString, "aws:") {
return strings.TrimPrefix(keyString, "aws:")
} else if strings.HasPrefix(keyString, "jwt:") {
return strings.TrimPrefix(keyString, "jwt:")
}
return strings.TrimPrefix(keyString, "s3:")
}