Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

checkKeyValid() should return owner true for rootCreds #13422

Merged
merged 1 commit into from Oct 12, 2021

Conversation

harshavardhana
Copy link
Member

@harshavardhana harshavardhana commented Oct 12, 2021

Description

checkKeyValid() should return owner true for rootCreds

Motivation and Context

Looks like policy restriction was not working properly
for normal users when they are not svc or STS accounts.

  • svc accounts are now properly fixed to get
    right permissions when its inherited, so
    we do not have to set 'owner = true'

  • sts accounts have always been using right
    permissions, do not need an explicit lookup

  • regular users always have proper policy mapping

How to test this PR?

Nothing special just create a user and add a policy with the latest
master branch - following snippet shouldn't work.

minio server /tmp/xl/{1..4}
mc admin user add myminio/ foo foo12345
mc admin policy set myminio/ readwrite user=foo
mc alias set foo http://localhost:9000 foo foo12345
mc admin info foo

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Optimization (provides speedup with no functional changes)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

Copy link
Member

@vadmeste vadmeste left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Looks like policy restriction was not working properly
for normal users when they are not svc or STS accounts.

- svc accounts are now properly fixed to get
  right permissions when its inherited, so
  we do not have to set 'owner = true'

- sts accounts have always been using right
  permissions, do not need an explicit lookup

- regular users always have proper policy mapping
@minio-trusted
Copy link
Contributor

Mint Automation

Test Result
mint-large-bucket.sh ✔️
mint-fs.sh ✔️
mint-gateway-s3.sh ✔️
mint-erasure.sh ✔️
mint-dist-erasure.sh ✔️
mint-zoned.sh ✔️
mint-gateway-nas.sh ✔️
mint-compress-encrypt-dist-erasure.sh ✔️
Deleting image on docker hub
Deleting image locally

@harshavardhana harshavardhana merged commit 415bbc7 into minio:master Oct 12, 2021
8 checks passed
@harshavardhana harshavardhana deleted the check-key-valid branch October 12, 2021 20:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

5 participants