0aabc1d8d9
Use Peer RPC to propagate bucket policy changes ( #2891 )
8 years ago
b5a6dd1395
Avoid path-cleaning policy resources for a better compliance with S3 ( #2823 )
8 years ago
ef3c807b4a
policies: Parser should handle Principals with various forms. ( #2733 )
...
Handles cases for these three combinations
- "Principal": "*",
- "Principal": { "AWS" : "*" }
- "Principal": { "AWS" : [ "*" ]}
Fixes #2732
8 years ago
975eb31973
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. ( #2506 )
...
Current master has a regression 'mc policy <policy-type> alias/bucket/prefix'
does not work anymore, due to the way new minio-go changes do json marshalling.
This led to a regression on server side when a ``prefix`` is provided
policy is rejected as malformed from th server which is not the case with
AWS S3.
This patch uses the new ``minio-go/pkg/set`` package to address the
unmarshalling problems.
Fixes #2503
8 years ago
bccf549463
server: Move all the top level files into cmd folder. ( #2490 )
...
This change brings a change which was done for the 'mc'
package to allow for clean repo and have a cleaner
github drop in experience.
8 years ago
d1bb8a5b21
api: refactor the bucket policy reading and writing. ( #2395 )
...
Policies are read once during server startup and subsequently
managed through in memory map. In-memory map is updated as
and when there are new changes coming in.
8 years ago
48aa5f2199
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. ( #2055 )
...
Changes to ResourceMatch logic.
Test for action match function.
8 years ago
6f3bd76754
api: Add new bucket policy nesting error ( #1883 )
...
* Added ErrPolicyNesting which is returned when nesting of policies has occured
* Replaces ErrMalformedPolicy in the case of nesting
* Changed test case in bucket-policy-parser_test.go (ErrMalformedPolicy -> ErrPolicyNesting)
9 years ago
ba5805e60a
bucketPolicy: Do not use regexes, just do prefix matches. ( #1497 )
...
AWS arn supports wildcards and this is flat namespace, simple
prefix matching is fine.
Fixes #1481
Fixes #1482
9 years ago
188bb92d8a
bucket-policy parset tests, and bug fixes ( #1317 )
9 years ago
996d2e2a10
bucketpolicy: checkBucketPolicy should keep resources in map.
...
This is done to make sure to avoid appending duplicates for
resources for each actions.
9 years ago
88714e7c8e
bucketpolicy: Improve bucket policy validation, avoid nested rules.
...
Bucket policy validation is more stricter now, to avoid nested
rules. The reason to do this is keep the rules simpler and more
meaningful avoiding conflicts.
This patch implements stricter checks.
Example policy to be generally avoided.
```
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:DeleteObject"
],
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Resource": [
"arn:aws:s3:::jarjarbing/*"
]
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject"
],
"Effect": "Deny",
"Principal": {
"AWS": [
"*"
]
},
"Resource": [
"arn:aws:s3:::jarjarbing/restic/key/*"
]
}
]
}
```
9 years ago
d5057b3c51
accessPolicy: Implement Put, Get, Delete access policy.
...
This patch implements Get,Put,Delete bucket policies
Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Currently supports following actions.
"*": true,
"s3:*": true,
"s3:GetObject": true,
"s3:ListBucket": true,
"s3:PutObject": true,
"s3:CreateBucket": true,
"s3:GetBucketLocation": true,
"s3:DeleteBucket": true,
"s3:DeleteObject": true,
"s3:AbortMultipartUpload": true,
"s3:ListBucketMultipartUploads": true,
"s3:ListMultipartUploadParts": true,
following conditions for "StringEquals" and "StringNotEquals"
"s3:prefix", "s3:max-keys"
9 years ago
Aditya Manthramurthy