Add custom policy claim name (#8764)

In certain organizations policy claim names can be not just 'policy' but also things like 'roles', the value of this field might also be *string* or *[]string* support this as well In this PR we are still not supporting multiple policies per STS account which will require a more comprehensive change.
2025-11-09 05:34:56 -05:00 · 2020-01-08 17:21:58 -08:00
parent fd56aa42a6
commit abc1c1070a
8 changed files with 90 additions and 43 deletions
--- a/cmd/sts-handlers.go
+++ b/cmd/sts-handlers.go
@@ -214,7 +214,7 @@ func (sts *stsAPIHandlers) AssumeRole(w http.ResponseWriter, r *http.Request) {
 	// This policy is the policy associated with the user
 	// requesting for temporary credentials. The temporary
 	// credentials will inherit the same policy requirements.
-	m[iamPolicyName()] = policyName
+	m[iamPolicyClaimName()] = policyName

 	if len(sessionPolicyStr) > 0 {
 		m[iampolicy.SessionPolicyName] = base64.StdEncoding.EncodeToString([]byte(sessionPolicyStr))
@@ -350,7 +350,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithJWT(w http.ResponseWriter, r *http.Requ
 	// be set and configured on your identity provider as part of
 	// JWT custom claims.
 	var policyName string
-	if v, ok := m[iamPolicyName()]; ok {
+	if v, ok := m[iamPolicyClaimName()]; ok {
 		policyName, _ = v.(string)
 	}