Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 14 for IsTemp (0.23 sec)

  2. github.com/minio/minio

    cmd/iam-store.go 

    		// non-empty session tokens.
		if !(cred.IsServiceAccount() || cred.IsTemp()) ||
			cred.SessionToken == "" {
			continue
		}

		var (
			err    error
			claims map[string]interface{} = cred.Claims
		)

		if cred.IsServiceAccount() {
			claims, err = getClaimsFromTokenWithSecret(cred.SessionToken, cred.SecretKey)
		} else if cred.IsTemp() {
			var secretKey string
    Go
    - Registered: Sun Apr 28 19:28:10 GMT 2024
    - Last Modified: Sat Apr 27 10:04:10 GMT 2024
    - 75.2K bytes
    - Viewed (2)
  3. github.com/minio/minio

    cmd/auth-handler.go 

    	}

	if token == "" && cred.IsTemp() && !cred.IsServiceAccount() {
		// Temporary credentials should always have x-amz-security-token
		return nil, ErrInvalidToken
	}

	if token != "" && !cred.IsTemp() {
		// x-amz-security-token should not present for static credentials.
		return nil, ErrInvalidToken
	}
    Go
    - Registered: Sun Apr 28 19:28:10 GMT 2024
    - Last Modified: Thu Apr 04 12:04:40 GMT 2024
    - 26K bytes
    - Viewed (0)
  4. github.com/minio/minio

    cmd/iam.go 

    	}

	if isGroup {
		_, err = sys.GetGroupDescription(userOrGroup)
		if err != nil {
			return
		}
	} else {
		var isTemp bool
		isTemp, _, err = sys.IsTempUser(userOrGroup)
		if err != nil && err != errNoSuchUser {
			return
		}
		if isTemp {
			err = errIAMActionNotAllowed
			return
		}

		// When the user is root credential you are not allowed to
    Go
    - Registered: Sun Apr 28 19:28:10 GMT 2024
    - Last Modified: Thu Apr 25 21:28:16 GMT 2024
    - 71.1K bytes
    - Viewed (1)
  5. github.com/minio/minio

    internal/auth/credentials.go 

    	if cred.Expiration.IsZero() || cred.Expiration.Equal(timeSentinel) {
		return false
	}

	return cred.Expiration.Before(time.Now().UTC())
}

// IsTemp - returns whether credential is temporary or not.
func (cred Credentials) IsTemp() bool {
	return cred.SessionToken != "" && !cred.Expiration.IsZero() && !cred.Expiration.Equal(timeSentinel)
}
    Go
    - Registered: Sun Apr 28 19:28:10 GMT 2024
    - Last Modified: Fri Mar 01 21:09:42 GMT 2024
    - 11.4K bytes
    - Viewed (0)
  6. github.com/minio/minio

    cmd/bucket-policy.go 

    	currTime := UTCNow()

	var (
		username = cred.AccessKey
		claims   = cred.Claims
		groups   = cred.Groups
	)

	if cred.IsTemp() || cred.IsServiceAccount() {
		// For derived credentials, check the parent user's permissions.
		username = cred.ParentUser
	}

	principalType := "Anonymous"
	if username != "" {
		principalType = "User"
    Go
    - Registered: Sun Apr 28 19:28:10 GMT 2024
    - Last Modified: Thu Apr 04 12:04:40 GMT 2024
    - 8K bytes
    - Viewed (0)
  7. github.com/minio/minio

    cmd/jwt.go 

    				if u.Credentials.Status == auth.AccountOff {
					return nil, errAccessKeyDisabled
				}
				return nil, errInvalidAccessKeyID
			}
			cred := u.Credentials
			// Expired credentials return error.
			if cred.IsTemp() && cred.IsExpired() {
				return nil, errInvalidAccessKeyID
			}
			return []byte(cred.SecretKey), nil
		} // this means claims.AccessKey == rootAccessKey
		if !globalAPIConfig.permitRootAccess() {
    Go
    - Registered: Sun Apr 28 19:28:10 GMT 2024
    - Last Modified: Fri Apr 19 16:45:14 GMT 2024
    - 5.4K bytes
    - Viewed (0)
  8. github.com/minio/minio

    cmd/sftp-server-driver.go 

    		return minio.New(f.endpoint, &minio.Options{
			Creds:     mcreds,
			Secure:    globalIsTLS,
			Transport: globalRemoteFTPClientTransport,
		})
	}

	// ok == true - at this point

	if ui.Credentials.IsTemp() {
		// Temporary credentials are not allowed.
		return nil, errAuthentication
	}

	return minio.New(f.endpoint, &minio.Options{
    Go
    - Registered: Sun Apr 28 19:28:10 GMT 2024
    - Last Modified: Fri Apr 19 12:23:42 GMT 2024
    - 12.9K bytes
    - Viewed (0)
  9. github.com/minio/minio

    cmd/admin-handlers-users.go 

    	user, exists := globalIAMSys.GetUser(ctx, accessKey)
	if exists && (user.Credentials.IsTemp() || user.Credentials.IsServiceAccount()) {
		// Updating STS credential is not allowed, and this API does not
		// support updating service accounts.
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAddUserInvalidArgument), r.URL)
		return
	}

	if (cred.IsTemp() || cred.IsServiceAccount()) && cred.ParentUser == accessKey {
    Go
    - Registered: Sun Apr 28 19:28:10 GMT 2024
    - Last Modified: Thu Apr 25 15:50:16 GMT 2024
    - 77.3K bytes
    - Viewed (0)
  10. github.com/minio/minio

    cmd/iam-etcd-store.go 

    		return nil
	}
	if u.Credentials.AccessKey == "" {
		u.Credentials.AccessKey = user
	}
	if u.Credentials.SessionToken != "" {
		jwtClaims, err := extractJWTClaims(u)
		if err != nil {
			if u.Credentials.IsTemp() {
				// We should delete such that the client can re-request
				// for the expiring credentials.
				deleteKeyEtcd(ctx, ies.client, getUserIdentityPath(user, userType))
    Go
    - Registered: Sun Apr 28 19:28:10 GMT 2024
    - Last Modified: Thu Apr 04 12:04:40 GMT 2024
    - 13.6K bytes
    - Viewed (0)
  11. github.com/minio/minio

    cmd/admin-handlers-idp-ldap.go 

    	// account or STS account):
	requestorUser := cred.AccessKey
	requestorParentUser := cred.AccessKey
	requestorGroups := cred.Groups
	requestorIsDerivedCredential := false
	if cred.IsServiceAccount() || cred.IsTemp() {
		requestorParentUser = cred.ParentUser
		requestorIsDerivedCredential = true
	}

	// Check if we are creating svc account for request sender.
	isSvcAccForRequestor := false
    Go
    - Registered: Sun Apr 28 19:28:10 GMT 2024
    - Last Modified: Thu Apr 25 15:50:16 GMT 2024
    - 13.3K bytes
    - Viewed (0)
Back to top