Add consoleAdmin as a default canned policy (#11770)

This commit is contained in:
Nitish Tiwari 2021-03-13 02:21:43 +05:30 committed by GitHub
parent 75db500e85
commit 7fa3e4106b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 26 additions and 0 deletions

View File

@ -2089,6 +2089,10 @@ func setDefaultCannedPolicies(policies map[string]iampolicy.Policy) {
if !ok {
policies["diagnostics"] = iampolicy.AdminDiagnostics
}
_, ok = policies["consoleAdmin"]
if !ok {
policies["consoleAdmin"] = iampolicy.Admin
}
}
// buildUserGroupMemberships - builds the memberships map. IMPORTANT:

View File

@ -18,6 +18,7 @@ package iampolicy
import (
"github.com/minio/minio/pkg/bucket/policy"
"github.com/minio/minio/pkg/bucket/policy/condition"
)
// Policy claim constants
@ -80,3 +81,24 @@ var AdminDiagnostics = Policy{
},
},
}
// Admin - provides admin all-access canned policy
var Admin = Policy{
Version: DefaultVersion,
Statements: []Statement{
{
SID: policy.ID(""),
Effect: policy.Allow,
Actions: NewActionSet(AllAdminActions),
Resources: NewResourceSet(),
Conditions: condition.NewFunctions(),
},
{
SID: policy.ID(""),
Effect: policy.Allow,
Actions: NewActionSet(AllActions),
Resources: NewResourceSet(NewResource("*", "")),
Conditions: condition.NewFunctions(),
},
},
}