mirror of
https://github.com/minio/minio.git
synced 2024-12-25 14:45:54 -05:00
88714e7c8e
Bucket policy validation is more stricter now, to avoid nested rules. The reason to do this is keep the rules simpler and more meaningful avoiding conflicts. This patch implements stricter checks. Example policy to be generally avoided. ``` { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:GetObject", "s3:DeleteObject" ], "Effect": "Allow", "Principal": { "AWS": [ "*" ] }, "Resource": [ "arn:aws:s3:::jarjarbing/*" ] }, { "Action": [ "s3:GetObject", "s3:DeleteObject" ], "Effect": "Deny", "Principal": { "AWS": [ "*" ] }, "Resource": [ "arn:aws:s3:::jarjarbing/restic/key/*" ] } ] } ```
733 B
733 B
Access Policy
This package implements parsing and validating bucket access policies based on Access Policy Language specification - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Supports following effects.
Allow
Deny
Supports following set of operations.
s3:GetObject
s3:ListBucket
s3:PutObject
s3:GetBucketLocation
s3:DeleteObject
s3:AbortMultipartUpload
s3:ListBucketMultipartUploads
s3:ListMultipartUploadParts
Supports following conditions.
StringEquals
StringNotEquals
Supported applicable condition keys for each conditions.
s3:prefix
s3:max-keys
Nested policy support.
Nested policies are not allowed.