From 35d19a4ae287179a0c7d6938b2b1c8e63b4747c1 Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Tue, 23 Apr 2019 15:55:41 -0700 Subject: [PATCH] Fix STS AssumeRole route conflict with MultipartUpload (#7574) Since AssumeRole API was introduced we have a wrong route match which results in certain clients failing to upload objects using multipart because, multipart POST conflicts with STS POST AssumeRole API. Write a proper matcher function which verifies the route more appropriately such that both can co-exist. --- cmd/sts-handlers.go | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/cmd/sts-handlers.go b/cmd/sts-handlers.go index 66c2c573b..88ac36add 100644 --- a/cmd/sts-handlers.go +++ b/cmd/sts-handlers.go @@ -25,6 +25,7 @@ import ( "github.com/minio/minio/cmd/logger" "github.com/minio/minio/pkg/auth" "github.com/minio/minio/pkg/iam/validator" + "github.com/minio/minio/pkg/wildcard" ) const ( @@ -49,13 +50,19 @@ func registerSTSRouter(router *mux.Router) { stsRouter := router.NewRoute().PathPrefix("/").Subrouter() // Assume roles with no JWT, handles AssumeRole. - stsRouter.Methods("POST").HeadersRegexp("Content-Type", "application/x-www-form-urlencoded*"). - HeadersRegexp("Authorization", "AWS4-HMAC-SHA256*"). - HandlerFunc(httpTraceAll(sts.AssumeRole)) + stsRouter.Methods("POST").MatcherFunc(func(r *http.Request, rm *mux.RouteMatch) bool { + ctypeOk := wildcard.MatchSimple("application/x-www-form-urlencoded*", r.Header.Get("Content-Type")) + authOk := wildcard.MatchSimple("AWS4-HMAC-SHA256*", r.Header.Get("Authorization")) + noQueries := len(r.URL.Query()) == 0 + return ctypeOk && authOk && noQueries + }).HandlerFunc(httpTraceAll(sts.AssumeRole)) // Assume roles with JWT handler, handles both ClientGrants and WebIdentity. - stsRouter.Methods("POST").HeadersRegexp("Content-Type", "application/x-www-form-urlencoded*"). - HandlerFunc(httpTraceAll(sts.AssumeRoleWithJWT)) + stsRouter.Methods("POST").MatcherFunc(func(r *http.Request, rm *mux.RouteMatch) bool { + ctypeOk := wildcard.MatchSimple("application/x-www-form-urlencoded*", r.Header.Get("Content-Type")) + noQueries := len(r.URL.Query()) == 0 + return ctypeOk && noQueries + }).HandlerFunc(httpTraceAll(sts.AssumeRoleWithJWT)) // AssumeRoleWithClientGrants stsRouter.Methods("POST").HandlerFunc(httpTraceAll(sts.AssumeRoleWithClientGrants)).