support multiple policies for temporary users (#9550)

2025-11-09 05:34:56 -05:00 · 2020-05-11 13:04:11 -07:00
parent 337c2a7cb4
commit f8edc233ab
3 changed files with 86 additions and 29 deletions
--- a/pkg/iam/policy/policy.go
+++ b/pkg/iam/policy/policy.go
@@ -21,6 +21,7 @@ import (
 	"io"
 	"strings"

+	"github.com/minio/minio-go/v6/pkg/set"
 	"github.com/minio/minio/pkg/bucket/policy"
 )

@@ -39,17 +40,31 @@ type Args struct {
 }

 // GetPolicies get policies
-func (a Args) GetPolicies(policyClaimName string) ([]string, bool) {
+func (a Args) GetPolicies(policyClaimName string) (set.StringSet, bool) {
+	s := set.NewStringSet()
 	pname, ok := a.Claims[policyClaimName]
 	if !ok {
-		return nil, false
+		return s, false
 	}
-	pnameStr, ok := pname.(string)
-	if ok {
-		return strings.Split(pnameStr, ","), true
+	pnames, ok := pname.([]string)
+	if !ok {
+		pnameStr, ok := pname.(string)
+		if ok {
+			pnames = strings.Split(pnameStr, ",")
+		} else {
+			return s, false
+		}
 	}
-	pnameSlice, ok := pname.([]string)
-	return pnameSlice, ok
+	for _, pname := range pnames {
+		pname = strings.TrimSpace(pname)
+		if pname == "" {
+			// ignore any empty strings, considerate
+			// towards some user errors.
+			continue
+		}
+		s.Add(pname)
+	}
+	return s, true
 }

 // Policy - iam bucket iamp.