Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 9 of 9 for role_policy (0.09 sec)

  2. github.com/minio/minio

    docs/distributed/iam-import-with-openid.sh 

    	client_id="minio-client-app" \
	client_secret="minio-client-app-secret" \
	scopes="openid,groups,email,profile" \
	redirect_uri="http://127.0.0.1:10000/oauth_callback" \
	display_name="Login via dex1" \
	role_policy="consoleAdmin"

./mc admin service restart myminio --json
./mc ready myminio
./mc admin cluster iam import myminio docs/distributed/samples/myminio-iam-info-openid.zip
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Sep 17 16:45:46 UTC 2024
    - 2.3K bytes
    - Viewed (0)
  3. github.com/minio/minio

    internal/config/identity/openid/openid.go 

    				ClaimUserinfoEnabled: provCfg.ClaimUserinfo,
				RolePolicy:           provCfg.RolePolicy,
				ClientID:             provCfg.ClientID,
				HashedClientSecret:   hashedSecret,
			}
		} else {
			res.ClaimProvider = madmin.OpenIDProviderSettings{
				ClaimUserinfoEnabled: provCfg.ClaimUserinfo,
				RolePolicy:           provCfg.RolePolicy,
				ClientID:             provCfg.ClientID,
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Wed Jul 10 20:16:44 UTC 2024
    - 16.6K bytes
    - Viewed (0)
  4. github.com/minio/minio

    internal/config/identity/plugin/config.go 

    	}

	authToken := env.Get(EnvIdentityPluginAuthToken, kv.Get(AuthToken))

	u, err := xnet.ParseHTTPURL(pluginURL)
	if err != nil {
		return args, err
	}

	rolePolicy := env.Get(EnvIdentityPluginRolePolicy, kv.Get(RolePolicy))
	if rolePolicy == "" {
		return args, config.Errorf("A role policy must be specified for Identity Management Plugin")
	}

	resourceID := "idmp-"
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri May 24 23:05:23 UTC 2024
    - 13.3K bytes
    - Viewed (0)
  5. github.com/minio/minio

    docs/sts/web-identity.md 

    Policy (Recommended): When specified as part of the OpenID provider configuration, all users authenticating via this provider are authorized to (only) use the specified role policy. The policy to associate with such users is specified via the `role_policy` configuration parameter or the `MINIO_IDENTITY_OPENID_ROLE_POLICY` environment variable. The value is a comma-separated list of IAM access policy names already defined in the server. In this situation, the server prints a role ARN at startup that...
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Wed Jul 10 20:16:44 UTC 2024
    - 18.9K bytes
    - Viewed (0)
  6. github.com/minio/minio

    cmd/sts-handlers_test.go 

    		"client_id=minio-client-app",
		"client_secret=minio-client-app-secret",
		"scopes=openid,groups",
		"redirect_uri=http://127.0.0.1:10000/oauth_callback",
	}
	if rolePolicy != "" {
		configCmds = append(configCmds, fmt.Sprintf("role_policy=%s", rolePolicy))
	} else {
		configCmds = append(configCmds, "claim_name=groups")
	}
	_, err := s.adm.SetConfigKV(ctx, strings.Join(configCmds, " "))
	if err != nil {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Oct 10 23:40:37 UTC 2024
    - 97.1K bytes
    - Viewed (0)
  7. github.com/minio/minio

    cmd/testdata/undeleteable-object.tgz 

    ","value":"policy"},{"key":"claim_userinfo","value":""},{"key":"role_policy","value":""},{"key":"claim_prefix","value":""},{"key":"redirect_uri","value":""},{"key":"redirect_uri_dynamic","value":"off"},{"key":"scopes","value":""},{"key":"vendor","value":""},{"key":"keycloak_realm","value":""},{"key":"keycloak_admin_url","value":""}]},"identity_plugin":{"_":[{"key":"url","value":""},{"key":"auth_token","value":""},{"key":"role_policy","value":""},{"key":"role_id","value":""}]},"identity_tls":{"_"...
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri Apr 26 00:31:12 UTC 2024
    - 8.7M bytes
    - Viewed (0)
  8. github.com/minio/minio

    internal/config/identity/openid/providercfg.go 

    		RedirectURI:        getCfgVal(RedirectURI),
		RedirectURIDynamic: getCfgVal(RedirectURIDynamic) == config.EnableOn,
		ClientID:           getCfgVal(ClientID),
		ClientSecret:       getCfgVal(ClientSecret),
		RolePolicy:         getCfgVal(RolePolicy),
	}
}

const (
	keyCloakVendor = "keycloak"
)

// initializeProvider initializes if any additional vendor specific information
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri May 24 23:05:23 UTC 2024
    - 4.6K bytes
    - Viewed (0)
  9. github.com/minio/minio

    internal/config/identity/openid/help.go 

    			Sensitive:   true,
			Type:        "string",
			Secret:      true,
		},
		config.HelpKV{
			Key:         RolePolicy,
			Description: `Set the IAM access policies applicable to this client application and IDP e.g. "app-bucket-write,app-bucket-list"` + defaultHelpPostfix(RolePolicy),
			Optional:    true,
			Type:        "string",
		},
		config.HelpKV{
			Key:         ClaimName,
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri Jun 23 14:45:27 UTC 2023
    - 4.3K bytes
    - Viewed (0)
  10. github.com/minio/minio

    cmd/iam.go 

    	roleArn, err := arn.Parse(arnStr)
	if err != nil {
		return arn.ARN{}, "", fmt.Errorf("RoleARN parse err: %v", err)
	}
	rolePolicy, ok := sys.rolesMap[roleArn]
	if !ok {
		return arn.ARN{}, "", fmt.Errorf("RoleARN %s is not defined.", arnStr)
	}
	return roleArn, rolePolicy, nil
}

// DeletePolicy - deletes a canned policy from backend. `notifyPeers` is true
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Oct 29 16:01:48 UTC 2024
    - 74.6K bytes
    - Viewed (0)
Back to top