mirror of https://github.com/minio/minio.git
add policy conditions support for signatureVersion and authType (#11947)
https://docs.aws.amazon.com/AmazonS3/latest/API/bucket-policy-s3-sigv4-conditions.html fixes #11944
This commit is contained in:
Harshavardhana
GitHub
parent
434e5c0cfe
commit
bf106453b8
|
|
@ -83,17 +83,38 @@ func getConditionValues(r *http.Request, lc string, username string, claims map[
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
authType := getRequestAuthType(r)
|
||||||
|
var signatureVersion string
|
||||||
|
switch authType {
|
||||||
|
case authTypeSignedV2, authTypePresignedV2:
|
||||||
|
signatureVersion = signV2Algorithm
|
||||||
|
case authTypeSigned, authTypePresigned, authTypeStreamingSigned, authTypePostPolicy:
|
||||||
|
signatureVersion = signV4Algorithm
|
||||||
|
}
|
||||||
|
|
||||||
|
var authtype string
|
||||||
|
switch authType {
|
||||||
|
case authTypePresignedV2, authTypePresigned:
|
||||||
|
authtype = "REST-QUERY-STRING"
|
||||||
|
case authTypeSignedV2, authTypeSigned, authTypeStreamingSigned:
|
||||||
|
authtype = "REST-HEADER"
|
||||||
|
case authTypePostPolicy:
|
||||||
|
authtype = "POST"
|
||||||
|
}
|
||||||
|
|
||||||
args := map[string][]string{
|
args := map[string][]string{
|
||||||
"CurrentTime": {currTime.Format(time.RFC3339)},
|
"CurrentTime": {currTime.Format(time.RFC3339)},
|
||||||
"EpochTime": {strconv.FormatInt(currTime.Unix(), 10)},
|
"EpochTime": {strconv.FormatInt(currTime.Unix(), 10)},
|
||||||
"SecureTransport": {strconv.FormatBool(r.TLS != nil)},
|
"SecureTransport": {strconv.FormatBool(r.TLS != nil)},
|
||||||
"SourceIp": {handlers.GetSourceIP(r)},
|
"SourceIp": {handlers.GetSourceIP(r)},
|
||||||
"UserAgent": {r.UserAgent()},
|
"UserAgent": {r.UserAgent()},
|
||||||
"Referer": {r.Referer()},
|
"Referer": {r.Referer()},
|
||||||
"principaltype": {principalType},
|
"principaltype": {principalType},
|
||||||
"userid": {username},
|
"userid": {username},
|
||||||
"username": {username},
|
"username": {username},
|
||||||
"versionid": {vid},
|
"versionid": {vid},
|
||||||
|
"signatureversion": {signatureVersion},
|
||||||
|
"authType": {authtype},
|
||||||
}
|
}
|
||||||
|
|
||||||
if lc != "" {
|
if lc != "" {
|
||||||
|
|
|
||||||
|
|
@ -110,10 +110,18 @@ const (
|
||||||
|
|
||||||
// AWSUsername - user friendly name, in MinIO this value is same as your user Access Key.
|
// AWSUsername - user friendly name, in MinIO this value is same as your user Access Key.
|
||||||
AWSUsername Key = "aws:username"
|
AWSUsername Key = "aws:username"
|
||||||
|
|
||||||
|
// S3SignatureVersion - identifies the version of AWS Signature that you want to support for authenticated requests.
|
||||||
|
S3SignatureVersion = "s3:signatureversion"
|
||||||
|
|
||||||
|
// S3AuthType - optionally use this condition key to restrict incoming requests to use a specific authentication method.
|
||||||
|
S3AuthType = "s3:authType"
|
||||||
)
|
)
|
||||||
|
|
||||||
// AllSupportedKeys - is list of all all supported keys.
|
// AllSupportedKeys - is list of all all supported keys.
|
||||||
var AllSupportedKeys = append([]Key{
|
var AllSupportedKeys = append([]Key{
|
||||||
|
S3SignatureVersion,
|
||||||
|
S3AuthType,
|
||||||
S3XAmzCopySource,
|
S3XAmzCopySource,
|
||||||
S3XAmzServerSideEncryption,
|
S3XAmzServerSideEncryption,
|
||||||
S3XAmzServerSideEncryptionCustomerAlgorithm,
|
S3XAmzServerSideEncryptionCustomerAlgorithm,
|
||||||
|
|
@ -144,6 +152,8 @@ var AllSupportedKeys = append([]Key{
|
||||||
|
|
||||||
// CommonKeys - is list of all common condition keys.
|
// CommonKeys - is list of all common condition keys.
|
||||||
var CommonKeys = append([]Key{
|
var CommonKeys = append([]Key{
|
||||||
|
S3SignatureVersion,
|
||||||
|
S3AuthType,
|
||||||
S3XAmzContentSha256,
|
S3XAmzContentSha256,
|
||||||
S3LocationConstraint,
|
S3LocationConstraint,
|
||||||
AWSReferer,
|
AWSReferer,
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue