0a224654c2
fix: progagation of service accounts for site replication ( #14054 )
...
- Only non-root-owned service accounts are replicated for now.
- Add integration tests for OIDC with site replication
2022-01-07 17:41:43 -08:00
526e10a2e0
Fix regression in STS permissions via group in internal IDP ( #13955 )
...
- When using MinIO's internal IDP, STS credential permissions did not check the
groups of a user.
- Also fix bug in policy checking in AccountInfo call
2021-12-20 14:07:16 -08:00
1f4e0bd17c
fix: access for root user's STS credential ( #13947 )
...
add a test to cover this case
2021-12-19 23:05:20 -08:00
de400f3473
Allow setting non-existent policy on a user/group ( #13898 )
2021-12-13 15:55:52 -08:00
f2bd026d0e
Allow OIDC user to query user info if policies permit ( #13882 )
2021-12-10 15:03:39 -08:00
a02e17f15c
Add tests to ensure that OIDC user can create IAM users ( #13881 )
2021-12-10 13:04:21 -08:00
85d2df02b9
fix: user listing with LDAP ( #13872 )
...
Users listing was showing just a weird policy
mapping output which does not make sense here.
2021-12-09 15:55:28 -08:00
12b63061c2
Fix LDAP service account creation ( #13849 )
...
- when a user has only group permissions
- fixes regression from ac74237f0#13657 )
- fixes https://github.com/minio/console/issues/1291
2021-12-06 15:55:11 -08:00
4f35054d29
Ensure that role ARNs don't collide ( #13817 )
...
This is to prepare for multiple providers enhancement.
2021-12-03 13:15:56 -08:00
4c0f48c548
Add role ARN support for OIDC identity provider ( #13651 )
...
- Allows setting a role policy parameter when configuring OIDC provider
- When role policy is set, the server prints a role ARN usable in STS API requests
- The given role policy is applied to STS API requests when the roleARN parameter is provided.
- Service accounts for role policy are also possible and work as expected.
2021-11-26 19:22:40 -08:00
61029fe20b
fix: returning invalid account-not-exists error for LDAP svc acc ( #13756 )
2021-11-24 15:19:33 -08:00
9739e55d0f
tests: add OpenID service accounts creation and update ( #13708 )
...
- service account creation for STS accounts
- service account session policy update for STS accounts
- refactor svc acc tests and add them for OpenID
2021-11-20 02:07:16 -08:00
087c1b98dc
Add tests for OpenID STS creds and add to CI ( #13638 )
2021-11-11 11:23:30 -08:00
1946922de3
Add CI for etcd IAM backend ( #13614 )
...
Runs when ETCD_SERVER env var is set
2021-11-09 09:25:13 -08:00
01b9ff54d9
Add LDAP STS tests and workflow for CI ( #13576 )
...
Runs LDAP tests with openldap container on GH Actions
2021-11-04 08:16:30 -07:00
ecd54b4cba
Move all IAM storage functionality into iam store type ( #13567 )
...
This reverts commit 091a7ae359
2021-11-03 19:47:49 -07:00
091a7ae359
Revert "Move all IAM storage functionality into iam store type ( #13541 )"
...
This reverts commit caadcc3ed8
2021-11-02 13:51:42 -07:00
caadcc3ed8
Move all IAM storage functionality into iam store type ( #13541 )
...
- Ensure all actions accessing storage lock properly.
- Behavior change: policies can be deleted only when they
are not associated with any active credentials.
2021-11-01 21:58:07 -07:00
2f1ee25f50
Add test for AssumeRole with internal IDP ( #13527 )
2021-10-28 09:05:51 -07:00
Aditya Manthramurthy
Harshavardhana