- Sort Score
- Result 10 results
- Languages All
Results 1 - 9 of 9 for KSession (0.2 sec)
-
cmd/iam.go
// Reject malformed/malicious requests. return false } // The parent claim in the session token should be equal // to the parent detected in the backend if parentInClaim != parentUser { return false } } else { // This is needed so a malicious user cannot // use a leaked session key of another user // to widen its privileges. return false }
Go - Registered: Sun May 05 19:28:20 GMT 2024 - Last Modified: Thu Apr 25 21:28:16 GMT 2024 - 71.1K bytes - Viewed (1) -
cmd/sts-handlers_test.go
// 3.1 Validate that the client from STS creds cannot upload any object as // it is denied by the plugin. c.mustNotUpload(ctx, s.getUserClient(c, cr.AccessKey, cr.SecretKey, ""), bucket) // Check that session policies do not apply - as policy enforcement is // delegated to plugin. { svcAK, svcSK := mustGenerateCredentials(c) // This policy does not allow listing objects.
Go - Registered: Sun May 05 19:28:20 GMT 2024 - Last Modified: Thu Apr 25 15:50:16 GMT 2024 - 85.7K bytes - Viewed (0) -
cmd/site-replication.go
// applicable here. // // Service accounts are replicated as long as they are not meant for the root // user. // // STS accounts are replicated, but only if the session token is verifiable // using the local cluster's root credential. func (c *SiteReplicationSys) IAMChangeHook(ctx context.Context, item madmin.SRIAMItem) error {
Go - Registered: Sun May 05 19:28:20 GMT 2024 - Last Modified: Wed May 01 01:09:56 GMT 2024 - 184.2K bytes - Viewed (1) -
cmd/iam-store.go
defer store.runlock() res := map[string]ParentUserInfo{} for _, ui := range cache.iamUsersMap { cred := ui.Credentials // Only consider service account or STS credentials with // non-empty session tokens. if !(cred.IsServiceAccount() || cred.IsTemp()) || cred.SessionToken == "" { continue } var ( err error claims map[string]interface{} = cred.Claims )
Go - Registered: Sun May 05 19:28:20 GMT 2024 - Last Modified: Sat Apr 27 10:04:10 GMT 2024 - 75.2K bytes - Viewed (2) -
cmd/common-main.go
} // Handle animation in welcome page if value := env.Get(config.EnvBrowserLoginAnimation, "on"); value != "" { os.Setenv("CONSOLE_ANIMATED_LOGIN", value) } // Pass on the session duration environment variable, else we will default to 12 hours if valueSts := env.Get(config.EnvMinioStsDuration, ""); valueSts != "" { os.Setenv("CONSOLE_STS_DURATION", valueSts)
Go - Registered: Sun May 05 19:28:20 GMT 2024 - Last Modified: Sat May 04 00:17:57 GMT 2024 - 35.8K bytes - Viewed (2) -
cmd/erasure-server-pool-decom.go
} func (z *erasureServerPools) IsSuspended(idx int) bool { z.poolMetaMutex.RLock() defer z.poolMetaMutex.RUnlock() return z.poolMeta.IsSuspended(idx) } // Decommission - start decommission session. func (z *erasureServerPools) Decommission(ctx context.Context, indices ...int) error { if len(indices) == 0 { return errInvalidArgument } if z.SinglePool() { return errInvalidArgument }
Go - Registered: Sun May 05 19:28:20 GMT 2024 - Last Modified: Wed May 01 15:18:21 GMT 2024 - 41.5K bytes - Viewed (1) -
cmd/sts-handlers.go
// https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html // The plain text that you use for both inline and managed session // policies shouldn't exceed 2048 characters. if len(sessionPolicyStr) > 2048 { writeSTSErrorResponse(ctx, w, ErrSTSInvalidParameterValue, fmt.Errorf("Session policy should not exceed 2048 characters")) return } if len(sessionPolicyStr) > 0 {
Go - Registered: Sun May 05 19:28:20 GMT 2024 - Last Modified: Wed May 01 21:31:13 GMT 2024 - 34.7K bytes - Viewed (2) -
cmd/admin-handlers-users.go
requestUser = cred.ParentUser } if requestUser != svcAccount.ParentUser { writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAccessDenied), r.URL) return } } // if session policy is nil or empty, then it is implied policy impliedPolicy := sessionPolicy == nil || (sessionPolicy.Version == "" && len(sessionPolicy.Statements) == 0) var svcAccountPolicy policy.Policy if !impliedPolicy {
Go - Registered: Sun May 05 19:28:20 GMT 2024 - Last Modified: Wed May 01 12:41:13 GMT 2024 - 77.5K bytes - Viewed (0) -
internal/auth/credentials.go
} return CreateNewCredentialsWithMetadata(accessKey, secretKey, m, tokenSecret) } // CreateNewCredentialsWithMetadata - creates new credentials using the specified access & secret keys // and generate a session token if a secret token is provided. func CreateNewCredentialsWithMetadata(accessKey, secretKey string, m map[string]interface{}, tokenSecret string) (cred Credentials, err error) {
Go - Registered: Sun May 05 19:28:20 GMT 2024 - Last Modified: Wed May 01 12:41:13 GMT 2024 - 11.7K bytes - Viewed (0)