mirror of
https://github.com/minio/minio.git
synced 2025-01-12 15:33:22 -05:00
default to common conditions if conditions not present (#11546)
fixes #11544
This commit is contained in:
parent
7d4a2d2b68
commit
87cce344f6
@ -291,34 +291,20 @@ func (action Action) IsValid() bool {
|
|||||||
|
|
||||||
type actionConditionKeyMap map[Action]condition.KeySet
|
type actionConditionKeyMap map[Action]condition.KeySet
|
||||||
|
|
||||||
func (a actionConditionKeyMap) Lookup(action Action) (condition.KeySet, bool) {
|
func (a actionConditionKeyMap) Lookup(action Action) condition.KeySet {
|
||||||
var ckeysMerged = condition.KeySet{}
|
var ckeysMerged = condition.NewKeySet(condition.CommonKeys...)
|
||||||
var found bool
|
|
||||||
for act, ckey := range a {
|
for act, ckey := range a {
|
||||||
if action.Match(act) {
|
if action.Match(act) {
|
||||||
ckeysMerged.Merge(ckey)
|
ckeysMerged.Merge(ckey)
|
||||||
found = true
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return ckeysMerged, found
|
return ckeysMerged
|
||||||
}
|
}
|
||||||
|
|
||||||
// iamActionConditionKeyMap - holds mapping of supported condition key for an action.
|
// iamActionConditionKeyMap - holds mapping of supported condition key for an action.
|
||||||
var iamActionConditionKeyMap = actionConditionKeyMap{
|
var iamActionConditionKeyMap = actionConditionKeyMap{
|
||||||
AllActions: condition.NewKeySet(condition.AllSupportedKeys...),
|
AllActions: condition.NewKeySet(condition.AllSupportedKeys...),
|
||||||
|
|
||||||
AbortMultipartUploadAction: condition.NewKeySet(condition.CommonKeys...),
|
|
||||||
|
|
||||||
CreateBucketAction: condition.NewKeySet(condition.CommonKeys...),
|
|
||||||
|
|
||||||
DeleteBucketPolicyAction: condition.NewKeySet(condition.CommonKeys...),
|
|
||||||
|
|
||||||
GetBucketLocationAction: condition.NewKeySet(condition.CommonKeys...),
|
|
||||||
|
|
||||||
GetBucketNotificationAction: condition.NewKeySet(condition.CommonKeys...),
|
|
||||||
|
|
||||||
GetBucketPolicyAction: condition.NewKeySet(condition.CommonKeys...),
|
|
||||||
|
|
||||||
GetObjectAction: condition.NewKeySet(
|
GetObjectAction: condition.NewKeySet(
|
||||||
append([]condition.Key{
|
append([]condition.Key{
|
||||||
condition.S3XAmzServerSideEncryption,
|
condition.S3XAmzServerSideEncryption,
|
||||||
@ -326,10 +312,6 @@ var iamActionConditionKeyMap = actionConditionKeyMap{
|
|||||||
condition.S3VersionID,
|
condition.S3VersionID,
|
||||||
}, condition.CommonKeys...)...),
|
}, condition.CommonKeys...)...),
|
||||||
|
|
||||||
HeadBucketAction: condition.NewKeySet(condition.CommonKeys...),
|
|
||||||
|
|
||||||
ListAllMyBucketsAction: condition.NewKeySet(condition.CommonKeys...),
|
|
||||||
|
|
||||||
ListBucketAction: condition.NewKeySet(
|
ListBucketAction: condition.NewKeySet(
|
||||||
append([]condition.Key{
|
append([]condition.Key{
|
||||||
condition.S3Prefix,
|
condition.S3Prefix,
|
||||||
@ -344,18 +326,6 @@ var iamActionConditionKeyMap = actionConditionKeyMap{
|
|||||||
condition.S3MaxKeys,
|
condition.S3MaxKeys,
|
||||||
}, condition.CommonKeys...)...),
|
}, condition.CommonKeys...)...),
|
||||||
|
|
||||||
ListBucketMultipartUploadsAction: condition.NewKeySet(condition.CommonKeys...),
|
|
||||||
|
|
||||||
ListenNotificationAction: condition.NewKeySet(condition.CommonKeys...),
|
|
||||||
|
|
||||||
ListenBucketNotificationAction: condition.NewKeySet(condition.CommonKeys...),
|
|
||||||
|
|
||||||
ListMultipartUploadPartsAction: condition.NewKeySet(condition.CommonKeys...),
|
|
||||||
|
|
||||||
PutBucketNotificationAction: condition.NewKeySet(condition.CommonKeys...),
|
|
||||||
|
|
||||||
PutBucketPolicyAction: condition.NewKeySet(condition.CommonKeys...),
|
|
||||||
|
|
||||||
DeleteObjectAction: condition.NewKeySet(
|
DeleteObjectAction: condition.NewKeySet(
|
||||||
append([]condition.Key{
|
append([]condition.Key{
|
||||||
condition.S3VersionID,
|
condition.S3VersionID,
|
||||||
@ -385,12 +355,14 @@ var iamActionConditionKeyMap = actionConditionKeyMap{
|
|||||||
condition.S3ObjectLockMode,
|
condition.S3ObjectLockMode,
|
||||||
condition.S3VersionID,
|
condition.S3VersionID,
|
||||||
}, condition.CommonKeys...)...),
|
}, condition.CommonKeys...)...),
|
||||||
|
|
||||||
GetObjectRetentionAction: condition.NewKeySet(
|
GetObjectRetentionAction: condition.NewKeySet(
|
||||||
append([]condition.Key{
|
append([]condition.Key{
|
||||||
condition.S3XAmzServerSideEncryption,
|
condition.S3XAmzServerSideEncryption,
|
||||||
condition.S3XAmzServerSideEncryptionCustomerAlgorithm,
|
condition.S3XAmzServerSideEncryptionCustomerAlgorithm,
|
||||||
condition.S3VersionID,
|
condition.S3VersionID,
|
||||||
}, condition.CommonKeys...)...),
|
}, condition.CommonKeys...)...),
|
||||||
|
|
||||||
PutObjectLegalHoldAction: condition.NewKeySet(
|
PutObjectLegalHoldAction: condition.NewKeySet(
|
||||||
append([]condition.Key{
|
append([]condition.Key{
|
||||||
condition.S3XAmzServerSideEncryption,
|
condition.S3XAmzServerSideEncryption,
|
||||||
@ -410,11 +382,6 @@ var iamActionConditionKeyMap = actionConditionKeyMap{
|
|||||||
condition.S3ObjectLockLegalHold,
|
condition.S3ObjectLockLegalHold,
|
||||||
}, condition.CommonKeys...)...),
|
}, condition.CommonKeys...)...),
|
||||||
|
|
||||||
GetBucketObjectLockConfigurationAction: condition.NewKeySet(condition.CommonKeys...),
|
|
||||||
PutBucketObjectLockConfigurationAction: condition.NewKeySet(condition.CommonKeys...),
|
|
||||||
GetBucketTaggingAction: condition.NewKeySet(condition.CommonKeys...),
|
|
||||||
PutBucketTaggingAction: condition.NewKeySet(condition.CommonKeys...),
|
|
||||||
|
|
||||||
PutObjectTaggingAction: condition.NewKeySet(
|
PutObjectTaggingAction: condition.NewKeySet(
|
||||||
append([]condition.Key{
|
append([]condition.Key{
|
||||||
condition.S3VersionID,
|
condition.S3VersionID,
|
||||||
@ -448,8 +415,6 @@ var iamActionConditionKeyMap = actionConditionKeyMap{
|
|||||||
append([]condition.Key{
|
append([]condition.Key{
|
||||||
condition.S3VersionID,
|
condition.S3VersionID,
|
||||||
}, condition.CommonKeys...)...),
|
}, condition.CommonKeys...)...),
|
||||||
GetReplicationConfigurationAction: condition.NewKeySet(condition.CommonKeys...),
|
|
||||||
PutReplicationConfigurationAction: condition.NewKeySet(condition.CommonKeys...),
|
|
||||||
ReplicateObjectAction: condition.NewKeySet(
|
ReplicateObjectAction: condition.NewKeySet(
|
||||||
append([]condition.Key{
|
append([]condition.Key{
|
||||||
condition.S3VersionID,
|
condition.S3VersionID,
|
||||||
|
@ -114,13 +114,8 @@ func (statement Statement) isValid() error {
|
|||||||
return Errorf("unsupported Resource found %v for action %v", statement.Resources, action)
|
return Errorf("unsupported Resource found %v for action %v", statement.Resources, action)
|
||||||
}
|
}
|
||||||
|
|
||||||
condKeys, ok := iamActionConditionKeyMap.Lookup(action)
|
|
||||||
if !ok {
|
|
||||||
return Errorf("conditions are not supported for action %v", action)
|
|
||||||
}
|
|
||||||
|
|
||||||
keys := statement.Conditions.Keys()
|
keys := statement.Conditions.Keys()
|
||||||
keyDiff := keys.Difference(condKeys)
|
keyDiff := keys.Difference(iamActionConditionKeyMap.Lookup(action))
|
||||||
if !keyDiff.IsEmpty() {
|
if !keyDiff.IsEmpty() {
|
||||||
return Errorf("unsupported condition keys '%v' used for action '%v'", keyDiff, action)
|
return Errorf("unsupported condition keys '%v' used for action '%v'", keyDiff, action)
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user