MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 12:52:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

Pass groups claim into condition values (#15679)

Browse Source 
This allows using `jwt:groups` as a multi-valued condition key in policies.
This commit is contained in:
Aditya Manthramurthy
2022-09-13 09:45:36 -07:00
committed by GitHub
parent a71629d4dd
commit e152b2a975
3 changed files with 226 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
cmd/bucket-policy.go
View File

@@ -169,6 +169,8 @@ func getConditionValues(r *http.Request, lc string, username string, claims map[
}
// JWT specific values
//
// Add all string claims
for k, v := range claims {
vStr, ok := v.(string)
if ok {
@@ -183,6 +185,21 @@ func getConditionValues(r *http.Request, lc string, username string, claims map[
}
}
}
// Add groups claim which could be a list. This will ensure that the claim
// `jwt:groups` works.
if grpsVal, ok := claims["groups"]; ok {
if grpsIs, ok := grpsVal.([]interface{}); ok {
grps := []string{}
for _, gI := range grpsIs {
if g, ok := gI.(string); ok {
grps = append(grps, g)
}
}
if len(grps) > 0 {
args["groups"] = grps
}
}
}
return args
}