mirror of
https://github.com/minio/minio.git
synced 2025-01-25 21:53:16 -05:00
88714e7c8e
Bucket policy validation is more stricter now, to avoid nested rules. The reason to do this is keep the rules simpler and more meaningful avoiding conflicts. This patch implements stricter checks. Example policy to be generally avoided. ``` { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:GetObject", "s3:DeleteObject" ], "Effect": "Allow", "Principal": { "AWS": [ "*" ] }, "Resource": [ "arn:aws:s3:::jarjarbing/*" ] }, { "Action": [ "s3:GetObject", "s3:DeleteObject" ], "Effect": "Deny", "Principal": { "AWS": [ "*" ] }, "Resource": [ "arn:aws:s3:::jarjarbing/restic/key/*" ] } ] } ```
34 lines
733 B
Markdown
34 lines
733 B
Markdown
## Access Policy
|
|
|
|
This package implements parsing and validating bucket access policies based on Access Policy Language specification - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
|
|
|
|
### Supports following effects.
|
|
|
|
Allow
|
|
Deny
|
|
|
|
### Supports following set of operations.
|
|
|
|
s3:GetObject
|
|
s3:ListBucket
|
|
s3:PutObject
|
|
s3:GetBucketLocation
|
|
s3:DeleteObject
|
|
s3:AbortMultipartUpload
|
|
s3:ListBucketMultipartUploads
|
|
s3:ListMultipartUploadParts
|
|
|
|
### Supports following conditions.
|
|
|
|
StringEquals
|
|
StringNotEquals
|
|
|
|
Supported applicable condition keys for each conditions.
|
|
|
|
s3:prefix
|
|
s3:max-keys
|
|
|
|
### Nested policy support.
|
|
|
|
Nested policies are not allowed.
|