maxmustermann/minio
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
2819 commits 18 branches 277 tags 146 MiB
Commit graph

4 commits

Author SHA1 Message Date
Harshavardhana ba5805e60a bucketPolicy: Do not use regexes, just do prefix matches. (#1497) 
AWS arn supports wildcards and this is flat namespace, simple
prefix matching is fine.

Fixes #1481
Fixes #1482
 2016-05-05 19:58:48 -07:00
karthic rao 188bb92d8a bucket-policy parset tests, and bug fixes (#1317) 2016-04-15 18:23:19 -07:00
Harshavardhana 996d2e2a10 bucketpolicy: checkBucketPolicy should keep resources in map. 
This is done to make sure to avoid appending duplicates for
resources for each actions.
 2016-03-22 17:04:39 -07:00
Harshavardhana 88714e7c8e bucketpolicy: Improve bucket policy validation, avoid nested rules. 
Bucket policy validation is more stricter now, to avoid nested
rules. The reason to do this is keep the rules simpler and more
meaningful avoiding conflicts.

This patch implements stricter checks.

Example policy to be generally avoided.
```
{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Action": [
				"s3:GetObject",
				"s3:DeleteObject"
			],
			"Effect": "Allow",
			"Principal": {
				"AWS": [
					"*"
				]
			},
			"Resource": [
				"arn:aws:s3:::jarjarbing/*"
			]
		},
		{
			"Action": [
				"s3:GetObject",
				"s3:DeleteObject"
			],
			"Effect": "Deny",
			"Principal": {
				"AWS": [
					"*"
				]
			},
			"Resource": [
				"arn:aws:s3:::jarjarbing/restic/key/*"
			]
		}
	]
}
```
 2016-03-15 17:50:23 -07:00
Renamed from pkg/s3/access/policy.go (Browse further)