examples: support configuration of a session policy file (#15078)

2022-06-13 18:36:58 -04:00 · 2022-06-13 18:36:58 -04:00 · ce894665a8
parent 0d00f3a55b
commit ce894665a8
3 changed files with 21 additions and 20 deletions
--- a/docs/sts/assume-role.go
+++ b/docs/sts/assume-role.go
@ -24,8 +24,10 @@ import (
 	"context"
 	"flag"
 	"fmt"
+	"io/ioutil"
 	"log"
 	"net/url"
+	"os"
 	"time"

 	"github.com/minio/minio-go/v7"
@ -60,7 +62,7 @@ func init() {
 	flag.BoolVar(&displayCreds, "d", false, "Only show generated credentials")
 	flag.DurationVar(&expiryDuration, "e", 0, "Request a duration of validity for the generated credential")
 	flag.StringVar(&bucketToList, "b", "", "Bucket to list (defaults to username)")
-	// flag.StringVar(&sessionPolicyFile, "s", "", "File containing session policy to apply to the STS request")
+	flag.StringVar(&sessionPolicyFile, "s", "", "File containing session policy to apply to the STS request")
 }

 func main() {
@ -77,21 +79,20 @@ func main() {
 	var stsOpts cr.STSAssumeRoleOptions
 	stsOpts.AccessKey = minioUsername
 	stsOpts.SecretKey = minioPassword
-	// FIXME: add support for passing this in minio-go
-	// if sessionPolicyFile != "" {
-	// 	var policy string
-	// 	if f, err := os.Open(sessionPolicyFile); err != nil {
-	// 		log.Fatalf("Unable to open session policy file: %v", sessionPolicyFile, err)
-	// 	} else {
-	// 		bs, err := ioutil.ReadAll(f)
-	// 		if err != nil {
-	// 			log.Fatalf("Error reading session policy file: %v", err)
-	// 		}
-	// 		policy = string(bs)
-	// 	}
-	// 	opts
-	// 	ldapOpts = append(ldapOpts, cr.LDAPIdentityPolicyOpt(policy))
-	// }
+
+	if sessionPolicyFile != "" {
+		var policy string
+		if f, err := os.Open(sessionPolicyFile); err != nil {
+			log.Fatalf("Unable to open session policy file: %v", err)
+		} else {
+			bs, err := ioutil.ReadAll(f)
+			if err != nil {
+				log.Fatalf("Error reading session policy file: %v", err)
+			}
+			policy = string(bs)
+		}
+		stsOpts.Policy = policy
+	}
 	if expiryDuration != 0 {
 		stsOpts.DurationSeconds = int(expiryDuration.Seconds())
 	}
@ -126,7 +127,7 @@ func main() {
 	// Use generated credentials to authenticate with MinIO server
 	minioClient, err := minio.New(stsEndpointURL.Host, opts)
 	if err != nil {
-		log.Fatalf("Error initializing client: ", err)
+		log.Fatalf("Error initializing client: %v", err)
 	}

 	// Use minIO Client object normally like the regular client.
--- a/go.mod
+++ b/go.mod
@ -49,7 +49,7 @@ require (
 	github.com/minio/highwayhash v1.0.2
 	github.com/minio/kes v0.19.2
 	github.com/minio/madmin-go v1.3.14
-	github.com/minio/minio-go/v7 v7.0.27
+	github.com/minio/minio-go/v7 v7.0.28
 	github.com/minio/pkg v1.1.24
 	github.com/minio/selfupdate v0.4.0
 	github.com/minio/sha256-simd v1.0.0
--- a/go.sum
+++ b/go.sum
@ -633,8 +633,8 @@ github.com/minio/md5-simd v1.1.0/go.mod h1:XpBqgZULrMYD3R+M28PcmP0CkI7PEMzB3U77Z
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
 github.com/minio/minio-go/v7 v7.0.23/go.mod h1:ei5JjmxwHaMrgsMrn4U/+Nmg+d8MKS1U2DAn1ou4+Do=
-github.com/minio/minio-go/v7 v7.0.27 h1:yJCvm78B+2+ll1PqO9eSD1as6Ibw3IYnnD8PyBEB2zo=
-github.com/minio/minio-go/v7 v7.0.27/go.mod h1:x81+AX5gHSfCSqw7jxRKHvxUXMlE5uKX0Vb75Xk5yYg=
+github.com/minio/minio-go/v7 v7.0.28 h1:VMr3K5qGIEt+/KW3poopRh8mzi5RwuCjmrmstK196Fg=
+github.com/minio/minio-go/v7 v7.0.28/go.mod h1:x81+AX5gHSfCSqw7jxRKHvxUXMlE5uKX0Vb75Xk5yYg=
 github.com/minio/pkg v1.1.20/go.mod h1:Xo7LQshlxGa9shKwJ7NzQbgW4s8T/Wc1cOStR/eUiMY=
 github.com/minio/pkg v1.1.24 h1:a2RCb6LgsCi9DvrripuvlFQRCNb5Hp1HIssnsUqLoZY=
 github.com/minio/pkg v1.1.24/go.mod h1:z9PfmEI804KFkF6eY4LoGe8IDVvTCsYGVuaf58Dr0WI=