MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 12:52:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: Filter out cust. AssumeRole Token for audit (#19646)

Browse Source 
The `Token` parameter is a sensitive value that should not be output in the Audit log for STS AssumeRoleWithCustomToken API.

Bonus: Add a simple tool that echoes audit logs to the console.
This commit is contained in:
Aditya Manthramurthy
2024-05-01 14:31:13 -07:00
committed by GitHub
parent 0cde17ae5d
commit f3d61c51fc
4 changed files with 83 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/sts-handlers.go
View File

@@ -929,7 +929,9 @@ func (sts *stsAPIHandlers) AssumeRoleWithCustomToken(w http.ResponseWriter, r *h
ctx := newContext(r, w, "AssumeRoleWithCustomToken")
claims := make(map[string]interface{})
defer logger.AuditLog(ctx, w, r, claims)
auditLogFilterKeys := []string{stsToken}
defer logger.AuditLog(ctx, w, r, claims, auditLogFilterKeys...)
if !globalIAMSys.Initialized() {
writeSTSErrorResponse(ctx, w, ErrSTSIAMNotInitialized, errIAMNotInitialized)