maxmustermann/minio
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
5422 commits 18 branches 277 tags 146 MiB
Commit graph

10 commits

Author SHA1 Message Date
Harshavardhana 4f31a9a33b Reload users upon AddUser on peers (#6975) 
Also migrate ReloadFormat to notification subsystem,
remove GetConfig() we do not use this API anymore
 2018-12-18 14:39:21 -08:00
Harshavardhana 7e879a45d5 Add policy claim support for JWT (#6660) 
This way temporary credentials can use canned
policies on the server without configuring OPA.
 2018-10-29 11:08:59 -07:00
Harshavardhana bf66e9a529 Reload etcd users and policies properly (#6694) 
Currently there was a bug in how we reload users and policies
which leads to users/policies going missing due to wrong path
construction.

Fixes #6693
 2018-10-24 17:40:06 -07:00
Harshavardhana fde8c38638 Add default canned policies (#6690) 2018-10-24 17:14:27 -07:00
Harshavardhana b251454dd6 Fix toggling users status (#6640) 2018-10-16 14:55:23 -07:00
Harshavardhana 1e7e5e297c
Add canned policy support (#6637) 
This PR adds an additional API where we can create
a new set of canned policies which can be used with one
or many users.
 2018-10-16 12:48:19 -07:00
Harshavardhana 23b166b318 Remove applying custom policies with STS access keys (#6626) 
Move away from allowing custom policies, all policies in
STS come from OPA otherwise they fail.
 2018-10-15 12:44:03 -07:00
Harshavardhana 3ef3fefd54 Add ListUsers API to list all configured users in IAM (#6619) 2018-10-13 12:48:43 +05:30
Harshavardhana 143e7fe300 Add etcd support to support STS on gateway mode (#6531) 2018-10-12 11:32:18 -07:00
Harshavardhana 54ae364def Introduce STS client grants API and OPA policy integration (#6168) 
This PR introduces two new features

- AWS STS compatible STS API named AssumeRoleWithClientGrants

```
POST /?Action=AssumeRoleWithClientGrants&Token=<jwt>
```

This API endpoint returns temporary access credentials, access
tokens signature types supported by this API

  - RSA keys
  - ECDSA keys

Fetches the required public key from the JWKS endpoints, provides
them as rsa or ecdsa public keys.

- External policy engine support, in this case OPA policy engine

- Credentials are stored on disks
 2018-10-09 14:00:01 -07:00