oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4862 Commits
1 Branch
0 Tags
89 MiB
Tag: Branch: Tree: 0dc3d7ac18
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0dc3d7ac18'
${ noResults }
minio/docs/bucket/policy/README.md

40 lines
830 B
Raw Normal View History Unescape

accessPolicy: Implement Put, Get, Delete access policy. This patch implements Get,Put,Delete bucket policies Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html Currently supports following actions. "*": true, "s3:*": true, "s3:GetObject": true, "s3:ListBucket": true, "s3:PutObject": true, "s3:CreateBucket": true, "s3:GetBucketLocation": true, "s3:DeleteBucket": true, "s3:DeleteObject": true, "s3:AbortMultipartUpload": true, "s3:ListBucketMultipartUploads": true, "s3:ListMultipartUploadParts": true, following conditions for "StringEquals" and "StringNotEquals" "s3:prefix", "s3:max-keys"
9 years ago
## Access Policy
This package implements parsing and validating bucket access policies based on Access Policy Language specification - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
### Supports following effects.
Allow
Deny
### Supports following set of operations.
s3:GetObject
s3:ListBucket
s3:PutObject
s3:GetBucketLocation
s3:DeleteObject
s3:AbortMultipartUpload
s3:ListBucketMultipartUploads
s3:ListMultipartUploadParts
### Supports following conditions.
StringEquals
StringNotEquals
Add aws:Referer condition key support. (#3641) This change implements bucket policy enhancements required to restrict access based on HTTP referer. See https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-4 for more information. Fixes #3540
8 years ago
StringLike
StringNotLike
bucket-policy: Add IPAddress/NotIPAddress conditions support (#4736)
7 years ago
IpAddress
NotIpAddress
accessPolicy: Implement Put, Get, Delete access policy. This patch implements Get,Put,Delete bucket policies Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html Currently supports following actions. "*": true, "s3:*": true, "s3:GetObject": true, "s3:ListBucket": true, "s3:PutObject": true, "s3:CreateBucket": true, "s3:GetBucketLocation": true, "s3:DeleteBucket": true, "s3:DeleteObject": true, "s3:AbortMultipartUpload": true, "s3:ListBucketMultipartUploads": true, "s3:ListMultipartUploadParts": true, following conditions for "StringEquals" and "StringNotEquals" "s3:prefix", "s3:max-keys"
9 years ago
Supported applicable condition keys for each conditions.
s3:prefix
s3:max-keys
Add aws:Referer condition key support. (#3641) This change implements bucket policy enhancements required to restrict access based on HTTP referer. See https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-4 for more information. Fixes #3540
8 years ago
aws:Referer
bucket-policy: Add IPAddress/NotIPAddress conditions support (#4736)
7 years ago
aws:SourceIp
bucketpolicy: Improve bucket policy validation, avoid nested rules. Bucket policy validation is more stricter now, to avoid nested rules. The reason to do this is keep the rules simpler and more meaningful avoiding conflicts. This patch implements stricter checks. Example policy to be generally avoided. ``` { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:GetObject", "s3:DeleteObject" ], "Effect": "Allow", "Principal": { "AWS": [ "*" ] }, "Resource": [ "arn:aws:s3:::jarjarbing/*" ] }, { "Action": [ "s3:GetObject", "s3:DeleteObject" ], "Effect": "Deny", "Principal": { "AWS": [ "*" ] }, "Resource": [ "arn:aws:s3:::jarjarbing/restic/key/*" ] } ] } ```
9 years ago
### Nested policy support.
Nested policies are not allowed.