From b3c8a1864f0436635eab25631f14aa6ab4efde8f Mon Sep 17 00:00:00 2001
From: Harshavardhana <harsha@minio.io>
Date: Wed, 28 Apr 2021 21:37:02 -0700
Subject: [PATCH] fix: optimize ListBuckets for anonymous users (#12182)

anonymous users are never allowed to listBuckets(),
we do not need to further validate the policy, we can
simply reject if credentials are empty.
---
 .github/workflows/go.yml | 1 -
 cmd/bucket-handlers.go   | 6 ++++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 96a01ff48..e93bf3cda 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -46,4 +46,3 @@ jobs:
           make crosscompile
           make verify
           make verify-healing
-          bash -c 'shopt -s globstar; shellcheck mint/**/*.sh'
diff --git a/cmd/bucket-handlers.go b/cmd/bucket-handlers.go
index a70ed6299..610af1b69 100644
--- a/cmd/bucket-handlers.go
+++ b/cmd/bucket-handlers.go
@@ -299,6 +299,12 @@ func (api objectAPIHandlers) ListBucketsHandler(w http.ResponseWriter, r *http.R
 		return
 	}
 
+	// Anonymous users, should be rejected.
+	if cred.AccessKey == "" {
+		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrAccessDenied), r.URL)
+		return
+	}
+
 	// If etcd, dns federation configured list buckets from etcd.
 	var bucketsInfo []BucketInfo
 	if globalDNSConfig != nil && globalBucketFederation {