Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 9 of 9 for IsServiceAccount (0.14 sec)

  1. cmd/iam-store.go

    		// Only consider service account or STS credentials with
    		// non-empty session tokens.
    		if !(cred.IsServiceAccount() || cred.IsTemp()) ||
    			cred.SessionToken == "" {
    			continue
    		}
    
    		var (
    			err    error
    			claims *jwt.MapClaims
    		)
    
    		if cred.IsServiceAccount() {
    			claims, err = getClaimsFromTokenWithSecret(cred.SessionToken, cred.SecretKey)
    		} else if cred.IsTemp() {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Mon Oct 14 16:35:37 UTC 2024
    - 83.2K bytes
    - Viewed (0)
  2. internal/auth/credentials.go

    }
    
    // IsServiceAccount - returns whether credential is a service account or not
    func (cred Credentials) IsServiceAccount() bool {
    	_, ok := cred.Claims[iamPolicyClaimNameSA]
    	return cred.ParentUser != "" && ok
    }
    
    // IsImpliedPolicy - returns if the policy is implied via ParentUser or not.
    func (cred Credentials) IsImpliedPolicy() bool {
    	if cred.IsServiceAccount() {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue May 28 17:14:16 UTC 2024
    - 12K bytes
    - Viewed (0)
  3. cmd/auth-handler.go

    	}
    
    	if token == "" && cred.IsTemp() && !cred.IsServiceAccount() {
    		// Temporary credentials should always have x-amz-security-token
    		return nil, ErrInvalidToken
    	}
    
    	if token != "" && !cred.IsTemp() {
    		// x-amz-security-token should not present for static credentials.
    		return nil, ErrInvalidToken
    	}
    
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Sep 17 16:45:46 UTC 2024
    - 26.1K bytes
    - Viewed (0)
  4. cmd/iam.go

    	return false, "", nil
    }
    
    // IsServiceAccount - returns if given key is a service account
    func (sys *IAMSys) IsServiceAccount(name string) (bool, string, error) {
    	if !sys.Initialized() {
    		return false, "", errServerNotInitialized
    	}
    
    	u, found := sys.store.GetUser(name)
    	if !found {
    		return false, "", errNoSuchUser
    	}
    	cred := u.Credentials
    	if cred.IsServiceAccount() {
    		return true, cred.ParentUser, nil
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Oct 29 16:01:48 UTC 2024
    - 74.6K bytes
    - Viewed (0)
  5. cmd/bucket-policy.go

    	currTime := UTCNow()
    
    	var (
    		username = cred.AccessKey
    		claims   = cred.Claims
    		groups   = cred.Groups
    	)
    
    	if cred.IsTemp() || cred.IsServiceAccount() {
    		// For derived credentials, check the parent user's permissions.
    		username = cred.ParentUser
    	}
    
    	principalType := "Anonymous"
    	if username != "" {
    		principalType = "User"
    		if len(claims) > 0 {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri May 24 23:05:23 UTC 2024
    - 8K bytes
    - Viewed (0)
  6. cmd/admin-handlers-users.go

    	if exists && (user.Credentials.IsTemp() || user.Credentials.IsServiceAccount()) {
    		// Updating STS credential is not allowed, and this API does not
    		// support updating service accounts.
    		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAddUserInvalidArgument), r.URL)
    		return
    	}
    
    	if (cred.IsTemp() || cred.IsServiceAccount()) && cred.ParentUser == accessKey {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Oct 03 23:11:02 UTC 2024
    - 85.1K bytes
    - Viewed (0)
  7. cmd/admin-handlers-idp-ldap.go

    	// account or STS account):
    	requestorUser := cred.AccessKey
    	requestorParentUser := cred.AccessKey
    	requestorGroups := cred.Groups
    	requestorIsDerivedCredential := false
    	if cred.IsServiceAccount() || cred.IsTemp() {
    		requestorParentUser = cred.ParentUser
    		requestorIsDerivedCredential = true
    	}
    
    	// Check if we are creating svc account for request sender.
    	isSvcAccForRequestor := false
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Sat Sep 21 11:35:40 UTC 2024
    - 19.1K bytes
    - Viewed (0)
  8. cmd/sts-handlers.go

    	if s3Err != ErrNone {
    		return auth.Credentials{}, s3Err
    	}
    
    	// Temporary credentials or Service accounts cannot generate further temporary credentials.
    	if user.IsTemp() || user.IsServiceAccount() {
    		return auth.Credentials{}, ErrAccessDenied
    	}
    
    	// Session tokens are not allowed in STS AssumeRole requests.
    	if getSessionToken(r) != "" {
    		return auth.Credentials{}, ErrAccessDenied
    	}
    
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Aug 15 01:29:20 UTC 2024
    - 33.9K bytes
    - Viewed (0)
  9. cmd/site-replication.go

    			continue
    		}
    
    		peerName := info.Sites[dID].Name
    
    		u, ok := globalIAMSys.GetUser(ctx, user)
    		if !ok {
    			continue
    		}
    		creds := u.Credentials
    		if creds.IsServiceAccount() {
    			claims, err := globalIAMSys.GetClaimsForSvcAcc(ctx, creds.AccessKey)
    			if err != nil {
    				replLogOnceIf(ctx,
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Aug 15 12:04:40 UTC 2024
    - 185.1K bytes
    - Viewed (0)
Back to top