MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 21:02:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

sa: Allow empty policy to indicate parent user's policy is inherited (#9185)

Browse Source
This commit is contained in:
Anis Elleuch
2020-03-23 22:17:18 +01:00
committed by GitHub
parent 9a951da881
commit 791821d590
4 changed files with 52 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/sts-handlers.go
View File

@@ -215,7 +215,7 @@ func (sts *stsAPIHandlers) AssumeRole(w http.ResponseWriter, r *http.Request) {
// This policy is the policy associated with the user
// requesting for temporary credentials. The temporary
// credentials will inherit the same policy requirements.
m[iamPolicyClaimName()] = policyName
m[iamPolicyClaimNameOpenID()] = policyName
if len(sessionPolicyStr) > 0 {
m[iampolicy.SessionPolicyName] = base64.StdEncoding.EncodeToString([]byte(sessionPolicyStr))
@@ -351,7 +351,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithJWT(w http.ResponseWriter, r *http.Requ
// be set and configured on your identity provider as part of
// JWT custom claims.
var policyName string
if v, ok := m[iamPolicyClaimName()]; ok {
if v, ok := m[iamPolicyClaimNameOpenID()]; ok {
policyName, _ = v.(string)
}