MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-01-11 15:03:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

allow OPA fallback for STS requests (#12568)

Browse Source 
fixes #12547
This commit is contained in:
Harshavardhana 2021-06-24 12:00:06 -07:00 committed by GitHub
parent 41caf89cf4
commit cc5656f6d5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/iam.go
View File

@ -1583,7 +1583,7 @@ func (sys *IAMSys) GetUser(accessKey string) (cred auth.Credentials, ok bool) {
} }
policies = append(policies, ps...) policies = append(policies, ps...)
} }
ok = len(policies) > 0 ok = len(policies) > 0 || globalPolicyOPA != nil
} }
} }
return cred, ok && cred.IsValid() return cred, ok && cred.IsValid()

2
cmd/sts-handlers.go
View File

@ -517,7 +517,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithLDAPIdentity(w http.ResponseWriter, r *
// Check if this user or their groups have a policy applied. // Check if this user or their groups have a policy applied.
ldapPolicies, _ := globalIAMSys.PolicyDBGet(ldapUserDN, false, groupDistNames...) ldapPolicies, _ := globalIAMSys.PolicyDBGet(ldapUserDN, false, groupDistNames...)
if len(ldapPolicies) == 0 { if len(ldapPolicies) == 0 && globalPolicyOPA == nil {
writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue, writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue,
fmt.Errorf("expecting a policy to be set for user `%s` or one of their groups: `%s` - rejecting this request", fmt.Errorf("expecting a policy to be set for user `%s` or one of their groups: `%s` - rejecting this request",
ldapUserDN, strings.Join(groupDistNames, "`,`"))) ldapUserDN, strings.Join(groupDistNames, "`,`")))