poornas
1011d21416
Fix credential parsing in signature v4 ( #7377 )
...
Fixes #7376
2019-03-16 22:45:42 -07:00
Harshavardhana
c3ca954684
Implement AssumeRole API for Minio users ( #7267 )
...
For actual API reference read here
https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html
Documentation is added and updated as well at docs/sts/assume-role.md
Fixes #6381
2019-02-27 17:46:55 -08:00
Harshavardhana
df35d7db9d
Introduce staticcheck for stricter builds ( #7035 )
2019-02-13 18:29:36 +05:30
Harshavardhana
bf414068a3
Parse and return proper errors with x-amz-security-token ( #6766 )
...
This PR also simplifies the token and access key validation
across our signature handling.
2018-11-07 20:10:03 +05:30
Harshavardhana
54ae364def
Introduce STS client grants API and OPA policy integration ( #6168 )
...
This PR introduces two new features
- AWS STS compatible STS API named AssumeRoleWithClientGrants
```
POST /?Action=AssumeRoleWithClientGrants&Token=<jwt>
```
This API endpoint returns temporary access credentials, access
tokens signature types supported by this API
- RSA keys
- ECDSA keys
Fetches the required public key from the JWKS endpoints, provides
them as rsa or ecdsa public keys.
- External policy engine support, in this case OPA policy engine
- Credentials are stored on disks
2018-10-09 14:00:01 -07:00
Andreas Auernhammer
267a0a3dfa
fix X-Amz-Credential
parsing for V4 policy signature ( #6451 )
...
This commit fixes an AWS S3 incompatibility issue.
The AccessKeyID may contain one or more `/` which caused
the server to interpret parts of the AccessKeyID as
other `X-Amz-Credential` parameters (like date, region, ...)
This commit fixes this by allowing 5 or more
`X-Amz-Credential` parameter strings and only interpreting
the last 5.
Fixes #6443
2018-09-11 11:17:23 -07:00
Harshavardhana
d90985b6d8
Return authHeaderMalformed for an incorrect region in signature ( #5618 )
2018-03-09 18:18:57 -08:00
kannappanr
f460eceb6d
Check for value > 7 days in X-Amz-Expires header. ( #5163 )
...
Add a check to see if the X-Amz-Expires header in the presigned URL is less than 7 days.
Fixes #5162
2017-11-13 12:54:03 -08:00
Bala FA
32c6b62932
move credentials as separate package ( #5115 )
2017-10-31 11:54:32 -07:00
Frank Wessels
46897b1100
Name return values to prevent the need (and unnecessary code bloat) ( #4576 )
...
This is done to explicitly instantiate objects for every return statement.
2017-06-21 19:53:09 -07:00
Krishna Srinivas
5db1e9f3dd
signature: use region from Auth header if server's region not configured ( #4329 )
2017-05-15 18:17:02 -07:00
Krishna Srinivas
45d9cfa0c5
signature-v4: stringToSign and signingKey should use Scope's date. ( #3688 )
...
fixes #3676
2017-02-06 13:09:09 -08:00
Bala FA
e8ce3b64ed
Generate and use access/secret keys properly ( #3498 )
2016-12-26 10:21:23 -08:00
Harshavardhana
a8ab02a73a
v4/presign: Fix presign requests when there are more signed headers. ( #3222 )
...
This fix removes a wrong logic which fails for requests which
have more signed headers in a presign request.
Fixes #3217
2016-11-10 21:57:15 -08:00
Harshavardhana
9161016962
tests: Improve coverage on signature v4 tests. ( #3188 )
...
Fixes #3065
2016-11-06 11:47:16 -08:00
Harshavardhana
d9674f7524
Improve coverage of web-handlers.go ( #3157 )
...
This patch additionally relaxes the requirement for
accesskeys to be in a regexy set of values.
Fixes #3063
2016-11-02 14:45:11 -07:00
Harshavardhana
bccf549463
server: Move all the top level files into cmd folder. ( #2490 )
...
This change brings a change which was done for the 'mc'
package to allow for clean repo and have a cleaner
github drop in experience.
2016-08-18 16:23:42 -07:00