MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2024-12-26 15:15:55 -05:00
Code Issues Packages Projects Releases Wiki Activity
3d318bae76
minio/pkg/iam/policy/constants.go
Harshavardhana 1af6e8cb72
Add support for session policies in STS APIs (#7747) 
This PR adds support for adding session policies
for further restrictions on STS credentials, useful
in situations when applications want to generate
creds for multiple interested parties with different
set of policy restrictions.

This session policy is not mandatory, but optional.

Fixes #7732
2019-06-20 15:28:33 -07:00

67 lines
1.6 KiB
Go
Raw Blame History

/*
* MinIO Cloud Storage, (C) 2018 MinIO, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package iampolicy
import (
"github.com/minio/minio/pkg/policy"
)
// Policy claim constants
const (
PolicyName = "policy"
SessionPolicyName = "sessionPolicy"
)
// ReadWrite - provides full access to all buckets and all objects
var ReadWrite = Policy{
Version: DefaultVersion,
Statements: []Statement{
{
SID: policy.ID(""),
Effect: policy.Allow,
Actions: NewActionSet(AllActions),
Resources: NewResourceSet(NewResource("*", "")),
},
},
}
// ReadOnly - read only.
var ReadOnly = Policy{
Version: DefaultVersion,
Statements: []Statement{
{
SID: policy.ID(""),
Effect: policy.Allow,
Actions: NewActionSet(GetBucketLocationAction, GetObjectAction),
Resources: NewResourceSet(NewResource("*", "")),
},
},
}
// WriteOnly - provides write access.
var WriteOnly = Policy{
Version: DefaultVersion,
Statements: []Statement{
{
SID: policy.ID(""),
Effect: policy.Allow,
Actions: NewActionSet(PutObjectAction),
Resources: NewResourceSet(NewResource("*", "")),
},
},
}
Reference in New Issue View Git Blame Copy Permalink