minio

2586 commits 18 branches 277 tags 146 MiB

Author	SHA1	Message	Date
Harshavardhana	88714e7c8e	bucketpolicy: Improve bucket policy validation, avoid nested rules. Bucket policy validation is more stricter now, to avoid nested rules. The reason to do this is keep the rules simpler and more meaningful avoiding conflicts. This patch implements stricter checks. Example policy to be generally avoided. ``` { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:GetObject", "s3:DeleteObject" ], "Effect": "Allow", "Principal": { "AWS": [ "" ] }, "Resource": [ "arn:aws:s3:::jarjarbing/" ] }, { "Action": [ "s3:GetObject", "s3:DeleteObject" ], "Effect": "Deny", "Principal": { "AWS": [ "" ] }, "Resource": [ "arn:aws:s3:::jarjarbing/restic/key/" ] } ] } ```	2016-03-15 17:50:23 -07:00

Author

SHA1

Message

Date

Harshavardhana

88714e7c8e

bucketpolicy: Improve bucket policy validation, avoid nested rules.

Bucket policy validation is more stricter now, to avoid nested
rules. The reason to do this is keep the rules simpler and more
meaningful avoiding conflicts.

This patch implements stricter checks.

Example policy to be generally avoided.
```
{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Action": [
				"s3:GetObject",
				"s3:DeleteObject"
			],
			"Effect": "Allow",
			"Principal": {
				"AWS": [
					"*"
				]
			},
			"Resource": [
				"arn:aws:s3:::jarjarbing/*"
			]
		},
		{
			"Action": [
				"s3:GetObject",
				"s3:DeleteObject"
			],
			"Effect": "Deny",
			"Principal": {
				"AWS": [
					"*"
				]
			},
			"Resource": [
				"arn:aws:s3:::jarjarbing/restic/key/*"
			]
		}
	]
}
```

2016-03-15 17:50:23 -07:00

Renamed from pkg/s3/access/README.md (Browse further)

1 commit