fix: optimize ListBuckets for anonymous users (#12182)

anonymous users are never allowed to listBuckets(), we do not need to further validate the policy, we can simply reject if credentials are empty.
2021-04-28 21:37:02 -07:00 · 2021-04-28 21:37:02 -07:00 · b3c8a1864f
parent c301027942
commit b3c8a1864f
2 changed files with 6 additions and 1 deletions
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@ -46,4 +46,3 @@ jobs:
          make crosscompile
          make verify
          make verify-healing
-          bash -c 'shopt -s globstar; shellcheck mint/**/*.sh'
--- a/cmd/bucket-handlers.go
+++ b/cmd/bucket-handlers.go
@ -299,6 +299,12 @@ func (api objectAPIHandlers) ListBucketsHandler(w http.ResponseWriter, r *http.R
 		return
 	}

+	// Anonymous users, should be rejected.
+	if cred.AccessKey == "" {
+		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrAccessDenied), r.URL)
+		return
+	}
+
 	// If etcd, dns federation configured list buckets from etcd.
 	var bucketsInfo []BucketInfo
 	if globalDNSConfig != nil && globalBucketFederation {