API for checking object management permissions #2086
Conversation
Check if given user's IAM policies allow s3:PutObject/s3:DeleteObject on given bucket Signed-off-by: Shubhendu Ram Tripathi <shubhendu@minio.io>
| @@ -1071,3 +1071,15 @@ func (c *Client) CredContext() *credentials.CredContext { | |||
| Endpoint: c.endpointURL.String(), | |||
| } | |||
| } | |||
|
|
|||
| // GetCreds returns the access creds for the client | |||
| func (c *Client) GetCreds() (string, string, error) { | |||
There was a problem hiding this comment.
Credentials are always 3 entities, you should return the value()
But what is the point of this function?
There was a problem hiding this comment.
This is not needed with new changes. Will remove.
| @@ -145,3 +145,32 @@ func (c *Client) getBucketPolicy(ctx context.Context, bucketName string) (string | |||
| policy := string(bucketPolicyBuf) | |||
| return policy, err | |||
| } | |||
|
|
|||
| // CheckObjectManagePermissions verifies if user has object permissions for given bucket | |||
| func (c *Client) CheckObjectManagePermissions(ctx context.Context, bucket string, user string) error { | |||
There was a problem hiding this comment.
And also why is this an S3 SDK API? This is specific to MinIO and must be in madmin-go
There was a problem hiding this comment.
This we are checking with replicated bucket target clients. We need to reach all targets of bucket replication and see target has got PutObject/DeleteObject etc. Is there a way to achieve it? I may be missing something here.
There was a problem hiding this comment.
You need to add a new API in admin API for that not here
There was a problem hiding this comment.
If you want to implement a proper S3 API then implement GetAccessBlock()
There was a problem hiding this comment.
this should be in madmin-go
There was a problem hiding this comment.
ok, will better move to madmin-go
| @@ -145,3 +145,32 @@ func (c *Client) getBucketPolicy(ctx context.Context, bucketName string) (string | |||
| policy := string(bucketPolicyBuf) | |||
| return policy, err | |||
| } | |||
|
|
|||
| // CheckObjectManagePermissions verifies if user has object permissions for given bucket | |||
| func (c *Client) CheckObjectManagePermissions(ctx context.Context, bucket string, user string) error { | |||
There was a problem hiding this comment.
If you want to implement a proper S3 API then implement GetAccessBlock()
|
Closing as #2089 takes care creds and API is added as admin API. |
Check if given user's IAM policies allow s3:PutObject/s3:DeleteObject on given bucket