mirror of
https://github.com/minio/minio.git
synced 2024-12-25 06:35:56 -05:00
default to common conditions if conditions not present (#11546)
fixes #11544
This commit is contained in:
parent
7d4a2d2b68
commit
87cce344f6
@ -291,34 +291,20 @@ func (action Action) IsValid() bool {
|
||||
|
||||
type actionConditionKeyMap map[Action]condition.KeySet
|
||||
|
||||
func (a actionConditionKeyMap) Lookup(action Action) (condition.KeySet, bool) {
|
||||
var ckeysMerged = condition.KeySet{}
|
||||
var found bool
|
||||
func (a actionConditionKeyMap) Lookup(action Action) condition.KeySet {
|
||||
var ckeysMerged = condition.NewKeySet(condition.CommonKeys...)
|
||||
for act, ckey := range a {
|
||||
if action.Match(act) {
|
||||
ckeysMerged.Merge(ckey)
|
||||
found = true
|
||||
}
|
||||
}
|
||||
return ckeysMerged, found
|
||||
return ckeysMerged
|
||||
}
|
||||
|
||||
// iamActionConditionKeyMap - holds mapping of supported condition key for an action.
|
||||
var iamActionConditionKeyMap = actionConditionKeyMap{
|
||||
AllActions: condition.NewKeySet(condition.AllSupportedKeys...),
|
||||
|
||||
AbortMultipartUploadAction: condition.NewKeySet(condition.CommonKeys...),
|
||||
|
||||
CreateBucketAction: condition.NewKeySet(condition.CommonKeys...),
|
||||
|
||||
DeleteBucketPolicyAction: condition.NewKeySet(condition.CommonKeys...),
|
||||
|
||||
GetBucketLocationAction: condition.NewKeySet(condition.CommonKeys...),
|
||||
|
||||
GetBucketNotificationAction: condition.NewKeySet(condition.CommonKeys...),
|
||||
|
||||
GetBucketPolicyAction: condition.NewKeySet(condition.CommonKeys...),
|
||||
|
||||
GetObjectAction: condition.NewKeySet(
|
||||
append([]condition.Key{
|
||||
condition.S3XAmzServerSideEncryption,
|
||||
@ -326,10 +312,6 @@ var iamActionConditionKeyMap = actionConditionKeyMap{
|
||||
condition.S3VersionID,
|
||||
}, condition.CommonKeys...)...),
|
||||
|
||||
HeadBucketAction: condition.NewKeySet(condition.CommonKeys...),
|
||||
|
||||
ListAllMyBucketsAction: condition.NewKeySet(condition.CommonKeys...),
|
||||
|
||||
ListBucketAction: condition.NewKeySet(
|
||||
append([]condition.Key{
|
||||
condition.S3Prefix,
|
||||
@ -344,18 +326,6 @@ var iamActionConditionKeyMap = actionConditionKeyMap{
|
||||
condition.S3MaxKeys,
|
||||
}, condition.CommonKeys...)...),
|
||||
|
||||
ListBucketMultipartUploadsAction: condition.NewKeySet(condition.CommonKeys...),
|
||||
|
||||
ListenNotificationAction: condition.NewKeySet(condition.CommonKeys...),
|
||||
|
||||
ListenBucketNotificationAction: condition.NewKeySet(condition.CommonKeys...),
|
||||
|
||||
ListMultipartUploadPartsAction: condition.NewKeySet(condition.CommonKeys...),
|
||||
|
||||
PutBucketNotificationAction: condition.NewKeySet(condition.CommonKeys...),
|
||||
|
||||
PutBucketPolicyAction: condition.NewKeySet(condition.CommonKeys...),
|
||||
|
||||
DeleteObjectAction: condition.NewKeySet(
|
||||
append([]condition.Key{
|
||||
condition.S3VersionID,
|
||||
@ -385,12 +355,14 @@ var iamActionConditionKeyMap = actionConditionKeyMap{
|
||||
condition.S3ObjectLockMode,
|
||||
condition.S3VersionID,
|
||||
}, condition.CommonKeys...)...),
|
||||
|
||||
GetObjectRetentionAction: condition.NewKeySet(
|
||||
append([]condition.Key{
|
||||
condition.S3XAmzServerSideEncryption,
|
||||
condition.S3XAmzServerSideEncryptionCustomerAlgorithm,
|
||||
condition.S3VersionID,
|
||||
}, condition.CommonKeys...)...),
|
||||
|
||||
PutObjectLegalHoldAction: condition.NewKeySet(
|
||||
append([]condition.Key{
|
||||
condition.S3XAmzServerSideEncryption,
|
||||
@ -410,11 +382,6 @@ var iamActionConditionKeyMap = actionConditionKeyMap{
|
||||
condition.S3ObjectLockLegalHold,
|
||||
}, condition.CommonKeys...)...),
|
||||
|
||||
GetBucketObjectLockConfigurationAction: condition.NewKeySet(condition.CommonKeys...),
|
||||
PutBucketObjectLockConfigurationAction: condition.NewKeySet(condition.CommonKeys...),
|
||||
GetBucketTaggingAction: condition.NewKeySet(condition.CommonKeys...),
|
||||
PutBucketTaggingAction: condition.NewKeySet(condition.CommonKeys...),
|
||||
|
||||
PutObjectTaggingAction: condition.NewKeySet(
|
||||
append([]condition.Key{
|
||||
condition.S3VersionID,
|
||||
@ -448,8 +415,6 @@ var iamActionConditionKeyMap = actionConditionKeyMap{
|
||||
append([]condition.Key{
|
||||
condition.S3VersionID,
|
||||
}, condition.CommonKeys...)...),
|
||||
GetReplicationConfigurationAction: condition.NewKeySet(condition.CommonKeys...),
|
||||
PutReplicationConfigurationAction: condition.NewKeySet(condition.CommonKeys...),
|
||||
ReplicateObjectAction: condition.NewKeySet(
|
||||
append([]condition.Key{
|
||||
condition.S3VersionID,
|
||||
|
@ -114,13 +114,8 @@ func (statement Statement) isValid() error {
|
||||
return Errorf("unsupported Resource found %v for action %v", statement.Resources, action)
|
||||
}
|
||||
|
||||
condKeys, ok := iamActionConditionKeyMap.Lookup(action)
|
||||
if !ok {
|
||||
return Errorf("conditions are not supported for action %v", action)
|
||||
}
|
||||
|
||||
keys := statement.Conditions.Keys()
|
||||
keyDiff := keys.Difference(condKeys)
|
||||
keyDiff := keys.Difference(iamActionConditionKeyMap.Lookup(action))
|
||||
if !keyDiff.IsEmpty() {
|
||||
return Errorf("unsupported condition keys '%v' used for action '%v'", keyDiff, action)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user