Support wildcard list actions (#2520)
This commit is contained in:
Javier Adriel
GitHub
@@ -24,6 +24,7 @@ export const IAM_ROLES = {
|
|||||||
export const IAM_SCOPES = {
|
export const IAM_SCOPES = {
|
||||||
S3_STAR_BUCKET: "s3:*Bucket",
|
S3_STAR_BUCKET: "s3:*Bucket",
|
||||||
S3_LIST_BUCKET: "s3:ListBucket",
|
S3_LIST_BUCKET: "s3:ListBucket",
|
||||||
|
S3_ALL_LIST_BUCKET: "s3:List*",
|
||||||
S3_GET_BUCKET_POLICY: "s3:GetBucketPolicy",
|
S3_GET_BUCKET_POLICY: "s3:GetBucketPolicy",
|
||||||
S3_PUT_BUCKET_POLICY: "s3:PutBucketPolicy",
|
S3_PUT_BUCKET_POLICY: "s3:PutBucketPolicy",
|
||||||
S3_GET_OBJECT: "s3:GetObject",
|
S3_GET_OBJECT: "s3:GetObject",
|
||||||
@@ -238,7 +239,10 @@ export const IAM_PERMISSIONS = {
|
|||||||
IAM_SCOPES.S3_PUT_OBJECT,
|
IAM_SCOPES.S3_PUT_OBJECT,
|
||||||
IAM_SCOPES.S3_DELETE_OBJECT,
|
IAM_SCOPES.S3_DELETE_OBJECT,
|
||||||
],
|
],
|
||||||
[IAM_ROLES.BUCKET_VIEWER]: [IAM_SCOPES.S3_LIST_BUCKET],
|
[IAM_ROLES.BUCKET_VIEWER]: [
|
||||||
|
IAM_SCOPES.S3_LIST_BUCKET,
|
||||||
|
IAM_SCOPES.S3_ALL_LIST_BUCKET,
|
||||||
|
],
|
||||||
[IAM_ROLES.BUCKET_ADMIN]: [
|
[IAM_ROLES.BUCKET_ADMIN]: [
|
||||||
IAM_SCOPES.S3_ALL_ACTIONS,
|
IAM_SCOPES.S3_ALL_ACTIONS,
|
||||||
IAM_SCOPES.ADMIN_ALL_ACTIONS,
|
IAM_SCOPES.ADMIN_ALL_ACTIONS,
|
||||||
@@ -585,4 +589,7 @@ export const deleteBucketPermissions = [
|
|||||||
IAM_SCOPES.S3_FORCE_DELETE_BUCKET,
|
IAM_SCOPES.S3_FORCE_DELETE_BUCKET,
|
||||||
];
|
];
|
||||||
|
|
||||||
export const browseBucketPermissions = [IAM_SCOPES.S3_LIST_BUCKET];
|
export const browseBucketPermissions = [
|
||||||
|
IAM_SCOPES.S3_LIST_BUCKET,
|
||||||
|
IAM_SCOPES.S3_ALL_LIST_BUCKET,
|
||||||
|
];
|
||||||
|
|||||||
@@ -381,6 +381,7 @@ const BrowserHandler = () => {
|
|||||||
|
|
||||||
const displayListObjects = hasPermission(bucketName, [
|
const displayListObjects = hasPermission(bucketName, [
|
||||||
IAM_SCOPES.S3_LIST_BUCKET,
|
IAM_SCOPES.S3_LIST_BUCKET,
|
||||||
|
IAM_SCOPES.S3_ALL_LIST_BUCKET,
|
||||||
]);
|
]);
|
||||||
|
|
||||||
// Common objects list
|
// Common objects list
|
||||||
@@ -529,7 +530,7 @@ const BrowserHandler = () => {
|
|||||||
<Fragment>
|
<Fragment>
|
||||||
{!versionsMode ? (
|
{!versionsMode ? (
|
||||||
<SecureComponent
|
<SecureComponent
|
||||||
scopes={[IAM_SCOPES.S3_LIST_BUCKET]}
|
scopes={[IAM_SCOPES.S3_LIST_BUCKET, IAM_SCOPES.S3_ALL_LIST_BUCKET]}
|
||||||
resource={bucketName}
|
resource={bucketName}
|
||||||
errorProps={{ disabled: true }}
|
errorProps={{ disabled: true }}
|
||||||
>
|
>
|
||||||
|
|||||||
@@ -220,7 +220,10 @@ const ListBuckets = ({ classes }: IListBucketsProps) => {
|
|||||||
};
|
};
|
||||||
|
|
||||||
const canCreateBucket = hasPermission("*", [IAM_SCOPES.S3_CREATE_BUCKET]);
|
const canCreateBucket = hasPermission("*", [IAM_SCOPES.S3_CREATE_BUCKET]);
|
||||||
const canListBuckets = hasPermission("*", [IAM_SCOPES.S3_LIST_BUCKET]);
|
const canListBuckets = hasPermission("*", [
|
||||||
|
IAM_SCOPES.S3_LIST_BUCKET,
|
||||||
|
IAM_SCOPES.S3_ALL_LIST_BUCKET,
|
||||||
|
]);
|
||||||
|
|
||||||
return (
|
return (
|
||||||
<Fragment>
|
<Fragment>
|
||||||
@@ -453,7 +456,10 @@ const ListBuckets = ({ classes }: IListBucketsProps) => {
|
|||||||
<Fragment>
|
<Fragment>
|
||||||
<br />
|
<br />
|
||||||
{permissionTooltipHelper(
|
{permissionTooltipHelper(
|
||||||
[IAM_SCOPES.S3_LIST_BUCKET],
|
[
|
||||||
|
IAM_SCOPES.S3_LIST_BUCKET,
|
||||||
|
IAM_SCOPES.S3_ALL_LIST_BUCKET,
|
||||||
|
],
|
||||||
"view the buckets on this server"
|
"view the buckets on this server"
|
||||||
)}
|
)}
|
||||||
<br />
|
<br />
|
||||||
|
|||||||
@@ -955,6 +955,7 @@ const ListObjects = () => {
|
|||||||
disabled={
|
disabled={
|
||||||
!hasPermission(bucketName, [
|
!hasPermission(bucketName, [
|
||||||
IAM_SCOPES.S3_LIST_BUCKET,
|
IAM_SCOPES.S3_LIST_BUCKET,
|
||||||
|
IAM_SCOPES.S3_ALL_LIST_BUCKET,
|
||||||
]) || rewindEnabled
|
]) || rewindEnabled
|
||||||
}
|
}
|
||||||
/>
|
/>
|
||||||
@@ -1016,7 +1017,10 @@ const ListObjects = () => {
|
|||||||
</Fragment>
|
</Fragment>
|
||||||
) : (
|
) : (
|
||||||
<SecureComponent
|
<SecureComponent
|
||||||
scopes={[IAM_SCOPES.S3_LIST_BUCKET]}
|
scopes={[
|
||||||
|
IAM_SCOPES.S3_LIST_BUCKET,
|
||||||
|
IAM_SCOPES.S3_ALL_LIST_BUCKET,
|
||||||
|
]}
|
||||||
resource={bucketName}
|
resource={bucketName}
|
||||||
errorProps={{ disabled: true }}
|
errorProps={{ disabled: true }}
|
||||||
>
|
>
|
||||||
@@ -1050,7 +1054,10 @@ const ListObjects = () => {
|
|||||||
</SecureComponent>
|
</SecureComponent>
|
||||||
)}
|
)}
|
||||||
<SecureComponent
|
<SecureComponent
|
||||||
scopes={[IAM_SCOPES.S3_LIST_BUCKET]}
|
scopes={[
|
||||||
|
IAM_SCOPES.S3_LIST_BUCKET,
|
||||||
|
IAM_SCOPES.S3_ALL_LIST_BUCKET,
|
||||||
|
]}
|
||||||
resource={bucketName}
|
resource={bucketName}
|
||||||
errorProps={{ disabled: true }}
|
errorProps={{ disabled: true }}
|
||||||
>
|
>
|
||||||
|
|||||||
@@ -114,6 +114,7 @@ const ListObjectsTable = () => {
|
|||||||
|
|
||||||
const displayListObjects = hasPermission(bucketName, [
|
const displayListObjects = hasPermission(bucketName, [
|
||||||
IAM_SCOPES.S3_LIST_BUCKET,
|
IAM_SCOPES.S3_LIST_BUCKET,
|
||||||
|
IAM_SCOPES.S3_ALL_LIST_BUCKET,
|
||||||
]);
|
]);
|
||||||
|
|
||||||
const filteredRecords = records.filter((b: BucketObjectItem) => {
|
const filteredRecords = records.filter((b: BucketObjectItem) => {
|
||||||
@@ -221,7 +222,7 @@ const ListObjectsTable = () => {
|
|||||||
customEmptyMessage={
|
customEmptyMessage={
|
||||||
!displayListObjects
|
!displayListObjects
|
||||||
? permissionTooltipHelper(
|
? permissionTooltipHelper(
|
||||||
[IAM_SCOPES.S3_LIST_BUCKET],
|
[IAM_SCOPES.S3_LIST_BUCKET, IAM_SCOPES.S3_ALL_LIST_BUCKET],
|
||||||
"view Objects in this bucket"
|
"view Objects in this bucket"
|
||||||
)
|
)
|
||||||
: `This location is empty${
|
: `This location is empty${
|
||||||
|
|||||||
@@ -129,7 +129,10 @@ const OBListBuckets = () => {
|
|||||||
|
|
||||||
const hasBuckets = records.length > 0;
|
const hasBuckets = records.length > 0;
|
||||||
|
|
||||||
const canListBuckets = hasPermission("*", [IAM_SCOPES.S3_LIST_BUCKET]);
|
const canListBuckets = hasPermission("*", [
|
||||||
|
IAM_SCOPES.S3_LIST_BUCKET,
|
||||||
|
IAM_SCOPES.S3_ALL_LIST_BUCKET,
|
||||||
|
]);
|
||||||
|
|
||||||
const tableActions = [
|
const tableActions = [
|
||||||
{
|
{
|
||||||
@@ -276,7 +279,10 @@ const OBListBuckets = () => {
|
|||||||
<Fragment>
|
<Fragment>
|
||||||
<br />
|
<br />
|
||||||
{permissionTooltipHelper(
|
{permissionTooltipHelper(
|
||||||
[IAM_SCOPES.S3_LIST_BUCKET],
|
[
|
||||||
|
IAM_SCOPES.S3_LIST_BUCKET,
|
||||||
|
IAM_SCOPES.S3_ALL_LIST_BUCKET,
|
||||||
|
],
|
||||||
"view the buckets on this server"
|
"view the buckets on this server"
|
||||||
)}
|
)}
|
||||||
<br />
|
<br />
|
||||||
|
|||||||
@@ -141,7 +141,7 @@ export const table = Selector(".ReactVirtualized__Table");
|
|||||||
export const bucketsTableDisabled = Selector("#object-list-wrapper")
|
export const bucketsTableDisabled = Selector("#object-list-wrapper")
|
||||||
.find(".MuiPaper-root")
|
.find(".MuiPaper-root")
|
||||||
.withText(
|
.withText(
|
||||||
"You require additional permissions in order to view Objects in this bucket. Please ask your MinIO administrator to grant you s3:ListBucket permission in order to view Objects in this bucket."
|
"You require additional permissions in order to view Objects in this bucket. Please ask your MinIO administrator to grant you"
|
||||||
);
|
);
|
||||||
export const createGroupUserTable = Selector(
|
export const createGroupUserTable = Selector(
|
||||||
".MuiDialog-container .ReactVirtualized__Table"
|
".MuiDialog-container .ReactVirtualized__Table"
|
||||||
|
|||||||
Reference in New Issue
Block a user