If role policy is configured, require that role ARN be set in STS (#13814)

2025-11-06 20:33:07 -05:00 · 2021-12-02 15:43:39 -08:00
parent f840080e5b
commit b14527b7af
2 changed files with 16 additions and 17 deletions
--- a/cmd/iam.go
+++ b/cmd/iam.go
@@ -26,6 +26,7 @@ import (
 	"fmt"
 	"math/rand"
 	"path"
+	"sort"
 	"strings"
 	"sync"
 	"time"
@@ -338,12 +339,14 @@ func (sys *IAMSys) Init(ctx context.Context, objAPI ObjectLayer, etcdClient *etc

 // Prints IAM role ARNs.
 func (sys *IAMSys) printIAMRoles() {
-	arns := sys.GetRoleARNs()
-
-	if len(arns) == 0 {
+	if len(sys.rolesMap) == 0 {
 		return
 	}
-
+	var arns []string
+	for arn := range sys.rolesMap {
+		arns = append(arns, arn.String())
+	}
+	sort.Strings(arns)
 	msgs := make([]string, 0, len(arns))
 	for _, arn := range arns {
 		msgs = append(msgs, color.Bold(arn))
@@ -430,13 +433,9 @@ func (sys *IAMSys) loadWatchedEvent(ctx context.Context, event iamWatchEvent) (e
 	return err
 }

-// GetRoleARNs - returns a list of enabled role ARNs.
-func (sys *IAMSys) GetRoleARNs() []string {
-	var res []string
-	for arn := range sys.rolesMap {
-		res = append(res, arn.String())
-	}
-	return res
+// HasRolePolicy - returns if a role policy is configured for IAM.
+func (sys *IAMSys) HasRolePolicy() bool {
+	return len(sys.rolesMap) > 0
 }

 // GetRolePolicy - returns policies associated with a role ARN.