From ce894665a851a5018fe5fb4de4f9788aa7649847 Mon Sep 17 00:00:00 2001 From: George Costea Date: Mon, 13 Jun 2022 18:36:58 -0400 Subject: [PATCH] examples: support configuration of a session policy file (#15078) --- docs/sts/assume-role.go | 35 ++++++++++++++++++----------------- go.mod | 2 +- go.sum | 4 ++-- 3 files changed, 21 insertions(+), 20 deletions(-) diff --git a/docs/sts/assume-role.go b/docs/sts/assume-role.go index 861870a93..03d01e2c6 100644 --- a/docs/sts/assume-role.go +++ b/docs/sts/assume-role.go @@ -24,8 +24,10 @@ import ( "context" "flag" "fmt" + "io/ioutil" "log" "net/url" + "os" "time" "github.com/minio/minio-go/v7" @@ -60,7 +62,7 @@ func init() { flag.BoolVar(&displayCreds, "d", false, "Only show generated credentials") flag.DurationVar(&expiryDuration, "e", 0, "Request a duration of validity for the generated credential") flag.StringVar(&bucketToList, "b", "", "Bucket to list (defaults to username)") - // flag.StringVar(&sessionPolicyFile, "s", "", "File containing session policy to apply to the STS request") + flag.StringVar(&sessionPolicyFile, "s", "", "File containing session policy to apply to the STS request") } func main() { @@ -77,21 +79,20 @@ func main() { var stsOpts cr.STSAssumeRoleOptions stsOpts.AccessKey = minioUsername stsOpts.SecretKey = minioPassword - // FIXME: add support for passing this in minio-go - // if sessionPolicyFile != "" { - // var policy string - // if f, err := os.Open(sessionPolicyFile); err != nil { - // log.Fatalf("Unable to open session policy file: %v", sessionPolicyFile, err) - // } else { - // bs, err := ioutil.ReadAll(f) - // if err != nil { - // log.Fatalf("Error reading session policy file: %v", err) - // } - // policy = string(bs) - // } - // opts - // ldapOpts = append(ldapOpts, cr.LDAPIdentityPolicyOpt(policy)) - // } + + if sessionPolicyFile != "" { + var policy string + if f, err := os.Open(sessionPolicyFile); err != nil { + log.Fatalf("Unable to open session policy file: %v", err) + } else { + bs, err := ioutil.ReadAll(f) + if err != nil { + log.Fatalf("Error reading session policy file: %v", err) + } + policy = string(bs) + } + stsOpts.Policy = policy + } if expiryDuration != 0 { stsOpts.DurationSeconds = int(expiryDuration.Seconds()) } @@ -126,7 +127,7 @@ func main() { // Use generated credentials to authenticate with MinIO server minioClient, err := minio.New(stsEndpointURL.Host, opts) if err != nil { - log.Fatalf("Error initializing client: ", err) + log.Fatalf("Error initializing client: %v", err) } // Use minIO Client object normally like the regular client. diff --git a/go.mod b/go.mod index f682a2dc7..e28cb48b4 100644 --- a/go.mod +++ b/go.mod @@ -49,7 +49,7 @@ require ( github.com/minio/highwayhash v1.0.2 github.com/minio/kes v0.19.2 github.com/minio/madmin-go v1.3.14 - github.com/minio/minio-go/v7 v7.0.27 + github.com/minio/minio-go/v7 v7.0.28 github.com/minio/pkg v1.1.24 github.com/minio/selfupdate v0.4.0 github.com/minio/sha256-simd v1.0.0 diff --git a/go.sum b/go.sum index b68312ba1..00f14a14a 100644 --- a/go.sum +++ b/go.sum @@ -633,8 +633,8 @@ github.com/minio/md5-simd v1.1.0/go.mod h1:XpBqgZULrMYD3R+M28PcmP0CkI7PEMzB3U77Z github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34= github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM= github.com/minio/minio-go/v7 v7.0.23/go.mod h1:ei5JjmxwHaMrgsMrn4U/+Nmg+d8MKS1U2DAn1ou4+Do= -github.com/minio/minio-go/v7 v7.0.27 h1:yJCvm78B+2+ll1PqO9eSD1as6Ibw3IYnnD8PyBEB2zo= -github.com/minio/minio-go/v7 v7.0.27/go.mod h1:x81+AX5gHSfCSqw7jxRKHvxUXMlE5uKX0Vb75Xk5yYg= +github.com/minio/minio-go/v7 v7.0.28 h1:VMr3K5qGIEt+/KW3poopRh8mzi5RwuCjmrmstK196Fg= +github.com/minio/minio-go/v7 v7.0.28/go.mod h1:x81+AX5gHSfCSqw7jxRKHvxUXMlE5uKX0Vb75Xk5yYg= github.com/minio/pkg v1.1.20/go.mod h1:Xo7LQshlxGa9shKwJ7NzQbgW4s8T/Wc1cOStR/eUiMY= github.com/minio/pkg v1.1.24 h1:a2RCb6LgsCi9DvrripuvlFQRCNb5Hp1HIssnsUqLoZY= github.com/minio/pkg v1.1.24/go.mod h1:z9PfmEI804KFkF6eY4LoGe8IDVvTCsYGVuaf58Dr0WI=