MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-06 20:33:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add support for Access Management Plugin (#14875)

Browse Source 
- This change renames the OPA integration as Access Management Plugin - there is
nothing specific to OPA in the integration, it is just a webhook.

- OPA configuration is automatically migrated to Access Management Plugin and
OPA specific configuration is marked as deprecated.

- OPA doc is updated and moved.
This commit is contained in:
Aditya Manthramurthy
2022-05-10 17:14:55 -07:00
committed by GitHub
parent edf364bf21
commit 83071a3459
13 changed files with 572 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/iam.go
View File

@@ -681,7 +681,7 @@ func (sys *IAMSys) SetTempUser(ctx context.Context, accessKey string, cred auth.
return errServerNotInitialized
}
if globalPolicyOPA != nil {
if globalAuthZPlugin != nil {
// If OPA is set, we do not need to set a policy mapping.
policyName = ""
}
@@ -1693,8 +1693,8 @@ func (sys *IAMSys) GetCombinedPolicy(policies ...string) iampolicy.Policy {
// IsAllowed - checks given policy args is allowed to continue the Rest API.
func (sys *IAMSys) IsAllowed(args iampolicy.Args) bool {
// If opa is configured, use OPA always.
if globalPolicyOPA != nil {
ok, err := globalPolicyOPA.IsAllowed(args)
if globalAuthZPlugin != nil {
ok, err := globalAuthZPlugin.IsAllowed(args)
if err != nil {
logger.LogIf(GlobalContext, err)
}