Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support groups conditions for ldap and minio #55

Merged
merged 1 commit into from
Feb 2, 2023
Merged

support groups conditions for ldap and minio #55

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 22 additions & 5 deletions bucket/policy/condition/keyname.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ import (
// for more information about available condition keys.
type KeyName string

// Name - returns key name which is stripped value of prefixes "aws:" and "s3:"
// Name - returns key name which is stripped value of prefixes "aws:", "s3:", "jwt:" and "ldap:"
func (key KeyName) Name() string {
name := string(key)
switch {
Expand Down Expand Up @@ -137,6 +137,9 @@ const (
// AWSUsername - user friendly name, in MinIO this value is same as your user Access Key.
AWSUsername KeyName = "aws:username"

// AWSGroups - groups for any authenticating Access Key.
AWSGroups KeyName = "aws:groups"

// S3SignatureVersion - identifies the version of AWS Signature that you want to support for authenticated requests.
S3SignatureVersion KeyName = "s3:signatureversion"

Expand Down Expand Up @@ -185,11 +188,14 @@ const (
)

const (
// LDAPUser - LDAP username, in MinIO this value is equal to your authenticating LDAP user.
// LDAPUser - LDAP username, in MinIO this value is equal to your authenticating LDAP user DN.
LDAPUser KeyName = "ldap:user"

// LDAPUsername - LDAP username, in MinIO is the authenticated simply user.
// LDAPUsername - LDAP username, in MinIO is the authenticated simple user.
LDAPUsername KeyName = "ldap:username"

// LDAPGroups - LDAP groups, in MinIO this value is equal LDAP Group DNs for the authenticating user.
LDAPGroups KeyName = "ldap:groups"
)

// JWTKeys - Supported JWT keys, non-exhaustive list please
Expand Down Expand Up @@ -247,8 +253,10 @@ var AllSupportedKeys = append([]KeyName{
AWSPrincipalType,
AWSUserID,
AWSUsername,
AWSGroups,
LDAPUser,
LDAPUsername,
LDAPGroups,
RequestObjectTag,
ExistingObjectTag,
RequestObjectTagKeys,
Expand All @@ -270,17 +278,26 @@ var CommonKeys = append([]KeyName{
AWSPrincipalType,
AWSUserID,
AWSUsername,
AWSGroups,
LDAPUser,
LDAPUsername,
LDAPGroups,
}, JWTKeys...)

// AllSupportedAdminKeys - is list of all admin supported keys.
var AllSupportedAdminKeys = []KeyName{
var AllSupportedAdminKeys = append([]KeyName{
AWSReferer,
AWSSourceIP,
AWSUserAgent,
AWSSecureTransport,
AWSCurrentTime,
AWSEpochTime,
AWSPrincipalType,
AWSUserID,
AWSUsername,
AWSGroups,
LDAPUser,
LDAPUsername,
LDAPGroups,
// Add new supported condition keys.
}
}, JWTKeys...)