Policy names with / can be created but not modified via the Console #3518
Description
Sorry if the title is a bit long but I tried to distil how I got here: We want to set up OpenID with GitLab and we do have nested groups, so foo/bar is a valid group name for us.
At least according to the AWS IAM documentation, that's not a valid policy name since it must be »a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-.«
Expected Behavior
- Create a group named
policy/testviamcor via the Console - Go to the Console and modify or delete the policy
Via mc I can retrieve the group, so it seems to be there:
Current Behavior
- The group named
policy/testis visible in the UI but:- cannot be displayed
- cannot be modified
- cannot be deleted
In the browser UI it looks like the paths are failing with a 404 because of missing escapes:
Possible Solution
Honestly I am not sure how this could be fixed in a satisfactory fashion. If we cannot have forward slashes in policy names it would make it very hard to roll out Minio with GitLab as an OpenID provider.
On the other hand I could imagine lots of other breakage if Minio will differ in behaviour from other IAM implementations.
Steps to Reproduce (for bugs)
- Create a policy with a
/in its name - Try to edit or delete it afterwards via the Console
Context
In our GitLab instance we have nested groups, so to match the group to a policy, the policy needs to have a / in its name.
Regression
No.
Your Environment
- Version used (
minio --version): Version: RELEASE.2025-03-12T18-04-18Z (go1.24.1 linux/amd64) - Server setup and configuration: Single instance running in a Docker container on a QNAP NAS
- Operating System and version (
uname -a): Linux minio 5.10.60-qnap 1 SMP Wed Jan 8 01:44:38 CST 2025 x86_64 x86_64 x86_64 GNU/Linux