minio

mirror of https://github.com/minio/minio.git synced 2024-12-26 15:15:55 -05:00

History

Harshavardhana 88714e7c8e bucketpolicy: Improve bucket policy validation, avoid nested rules. Bucket policy validation is more stricter now, to avoid nested rules. The reason to do this is keep the rules simpler and more meaningful avoiding conflicts. This patch implements stricter checks. Example policy to be generally avoided. ``` { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:GetObject", "s3:DeleteObject" ], "Effect": "Allow", "Principal": { "AWS": [ "" ] }, "Resource": [ "arn:aws:s3:::jarjarbing/" ] }, { "Action": [ "s3:GetObject", "s3:DeleteObject" ], "Effect": "Deny", "Principal": { "AWS": [ "" ] }, "Resource": [ "arn:aws:s3:::jarjarbing/restic/key/" ] } ] } ```	2016-03-15 17:50:23 -07:00
..
signature4	signature: Fix signature handling of parallel requests.	2016-03-02 11:49:50 -08:00

Harshavardhana 88714e7c8e bucketpolicy: Improve bucket policy validation, avoid nested rules.

Bucket policy validation is more stricter now, to avoid nested
rules. The reason to do this is keep the rules simpler and more
meaningful avoiding conflicts.

This patch implements stricter checks.

Example policy to be generally avoided.
```
{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Action": [
				"s3:GetObject",
				"s3:DeleteObject"
			],
			"Effect": "Allow",
			"Principal": {
				"AWS": [
					"*"
				]
			},
			"Resource": [
				"arn:aws:s3:::jarjarbing/*"
			]
		},
		{
			"Action": [
				"s3:GetObject",
				"s3:DeleteObject"
			],
			"Effect": "Deny",
			"Principal": {
				"AWS": [
					"*"
				]
			},
			"Resource": [
				"arn:aws:s3:::jarjarbing/restic/key/*"
			]
		}
	]
}
```

2016-03-15 17:50:23 -07:00

signature4

signature: Fix signature handling of parallel requests.

2016-03-02 11:49:50 -08:00