Add custom policy claim name (#8764)

In certain organizations policy claim names can be not just 'policy' but also things like 'roles', the value of this field might also be *string* or *[]string* support this as well In this PR we are still not supporting multiple policies per STS account which will require a more comprehensive change.
2025-11-09 21:49:46 -05:00 · 2020-01-08 17:21:58 -08:00
parent fd56aa42a6
commit abc1c1070a
8 changed files with 90 additions and 43 deletions
--- a/pkg/iam/policy/policy.go
+++ b/pkg/iam/policy/policy.go
@@ -19,6 +19,7 @@ package iampolicy
 import (
 	"encoding/json"
 	"io"
+	"strings"

 	"github.com/minio/minio/pkg/policy"
 )
@@ -37,6 +38,20 @@ type Args struct {
 	Claims          map[string]interface{} `json:"claims"`
 }

+// GetPolicies get policies
+func (a Args) GetPolicies(policyClaimName string) ([]string, bool) {
+	pname, ok := a.Claims[policyClaimName]
+	if !ok {
+		return nil, false
+	}
+	pnameStr, ok := pname.(string)
+	if ok {
+		return strings.Split(pnameStr, ","), true
+	}
+	pnameSlice, ok := pname.([]string)
+	return pnameSlice, ok
+}
+
 // Policy - iam bucket iamp.
 type Policy struct {
 	ID         policy.ID `json:"ID,omitempty"`