parentuser - Code Search

cmd/site-replication.go

	}

	cred := auth.Credentials{
		AccessKey:    stsCred.AccessKey,
		SecretKey:    stsCred.SecretKey,
		Expiration:   time.Unix(expiry, 0).UTC(),
		SessionToken: stsCred.SessionToken,
		ParentUser:   stsCred.ParentUser,
		Status:       auth.AccountOn,
	}

	// Extract the username and lookup DN and groups in LDAP.
	ldapUser, isLDAPSTS := claims.Lookup(ldapUserN)
	if isLDAPSTS {

Created: Sun Apr 05 19:28:12 GMT 2026

- Last Modified: Sun Sep 28 20:59:21 GMT 2025

- 184.8K bytes

- Click Count (1)

github.com/minio/minio

cmd/user-provider-utils.go

	}

	claims := credentials.Claims
	if _, ok := claims[ldapUser]; ok {
		return madmin.LDAPProvider // ldap users
	}

	if _, ok := claims[subClaim]; ok {
		providerPrefix, _, found := strings.Cut(credentials.ParentUser, getKeySeparator())
		if found {
			return providerPrefix // this is true for certificate and custom providers
		}
		return madmin.OpenIDProvider // openid users are already hashed, so no separator
	}

Created: Sun Apr 05 19:28:12 GMT 2026

- Last Modified: Fri Aug 29 02:39:48 GMT 2025

- 4.1K bytes

- Click Count (0)

github.com/minio/minio

cmd/object-lambda-handlers.go

		},
		UserRequest: levent.UserRequest{
			URL:     r.URL.String(),
			Headers: r.Header.Clone(),
		},
		UserIdentity: levent.Identity{
			Type:        "IAMUser",
			PrincipalID: cred.ParentUser,
			AccessKeyID: cred.AccessKey,
		},
	}
	return eventData, nil
}

func fwdHeadersToS3(h http.Header, w http.ResponseWriter) {
	const trim = "x-amz-fwd-header-"
	for k, v := range h {

Created: Sun Apr 05 19:28:12 GMT 2026

- Last Modified: Fri Jul 18 21:56:31 GMT 2025

- 6.5K bytes

- Click Count (0)

github.com/minio/minio

cmd/handler-utils.go

	if r == nil {
		return nil
	}

	region := globalSite.Region()
	cred := getReqAccessCred(r, region)

	principalID := cred.AccessKey
	if cred.ParentUser != "" {
		principalID = cred.ParentUser
	}

	// Success.
	m := map[string]string{
		"region":          region,
		"principalId":     principalID,
		"sourceIPAddress": handlers.GetSourceIP(r),
		// Add more fields here.

Created: Sun Apr 05 19:28:12 GMT 2026

- Last Modified: Sun Sep 28 20:59:21 GMT 2025

- 16.4K bytes

- Click Count (1)

github.com/minio/minio

cmd/signature-v4-utils.go

	}

	claims, s3Err := checkClaimsFromToken(r, cred)
	if s3Err != ErrNone {
		return cred, false, s3Err
	}
	cred.Claims = claims

	owner := cred.AccessKey == globalActiveCred.AccessKey || (cred.ParentUser == globalActiveCred.AccessKey && cred.AccessKey != siteReplicatorSvcAcc)
	if owner && !globalAPIConfig.permitRootAccess() {
		// We disable root access and its service accounts if asked for.

Created: Sun Apr 05 19:28:12 GMT 2026

- Last Modified: Mon Nov 25 17:10:22 GMT 2024

- 9.1K bytes

- Click Count (0)

github.com/minio/minio

cmd/bucket-policy.go

		username = cred.AccessKey
		claims   = cred.Claims
		groups   = cred.Groups
	)

	if cred.IsTemp() || cred.IsServiceAccount() {
		// For derived credentials, check the parent user's permissions.
		username = cred.ParentUser
	}

	principalType := "Anonymous"
	if username != "" {
		principalType = "User"
		if len(claims) > 0 {
			principalType = "AssumedRole"
		}
		if username == globalActiveCred.AccessKey {

Created: Sun Apr 05 19:28:12 GMT 2026

- Last Modified: Fri Aug 29 02:39:48 GMT 2025

- 7.9K bytes

- Click Count (0)

github.com/minio/minio

helm-releases/minio-5.0.10.tgz

chart, specifying the service accounts you want to create after install: ```bash helm install --set svcaccts[0].accessKey=accessKey,svcaccts[0].secretKey=secretKey,svcaccts[0].user=parentUser,svcaccts[1].accessKey=accessKey2,svcaccts[1].secretRef=existingSecret,svcaccts[1].secretKey=password,svcaccts[1].user=parentUser2 minio/minio ``` Description of the configuration parameters used above - - `svcaccts[].accessKey` - accessKey of service account - `svcaccts[].secretKey` - secretKey of svcacctsecretRef...

Created: Sun Apr 05 19:28:12 GMT 2026

- Last Modified: Sat May 27 00:05:49 GMT 2023

- 20.3K bytes

- Click Count (0)

github.com/minio/minio

helm-releases/minio-5.0.9.tgz

chart, specifying the service accounts you want to create after install: ```bash helm install --set svcaccts[0].accessKey=accessKey,svcaccts[0].secretKey=secretKey,svcaccts[0].user=parentUser,svcaccts[1].accessKey=accessKey2,svcaccts[1].secretRef=existingSecret,svcaccts[1].secretKey=password,svcaccts[1].user=parentUser2 minio/minio ``` Description of the configuration parameters used above - - `svcaccts[].accessKey` - accessKey of service account - `svcaccts[].secretKey` - secretKey of svcacctsecretRef...

Created: Sun Apr 05 19:28:12 GMT 2026

- Last Modified: Wed May 03 06:23:26 GMT 2023

- 20.2K bytes

- Click Count (0)

github.com/minio/minio

helm-releases/minio-5.0.2.tgz

chart, specifying the service accounts you want to create after install: ```bash helm install --set svcaccts[0].accessKey=accessKey,svcaccts[0].secretKey=secretKey,svcaccts[0].user=parentUser,svcaccts[1].accessKey=accessKey2,svcaccts[1].secretRef=existingSecret,svcaccts[1].secretKey=password,svcaccts[1].user=parentUser2 minio/minio ``` Description of the configuration parameters used above - - `svcaccts[].accessKey` - accessKey of service account - `svcaccts[].secretKey` - secretKey of svcacctsecretRef...

Created: Sun Apr 05 19:28:12 GMT 2026

- Last Modified: Sun Dec 18 07:57:10 GMT 2022

- 20.4K bytes

- Click Count (0)

github.com/minio/minio

helm-releases/minio-5.0.8.tgz

chart, specifying the service accounts you want to create after install: ```bash helm install --set svcaccts[0].accessKey=accessKey,svcaccts[0].secretKey=secretKey,svcaccts[0].user=parentUser,svcaccts[1].accessKey=accessKey2,svcaccts[1].secretRef=existingSecret,svcaccts[1].secretKey=password,svcaccts[1].user=parentUser2 minio/minio ``` Description of the configuration parameters used above - - `svcaccts[].accessKey` - accessKey of service account - `svcaccts[].secretKey` - secretKey of svcacctsecretRef...

Created: Sun Apr 05 19:28:12 GMT 2026

- Last Modified: Thu Apr 13 21:49:51 GMT 2023

- 20.3K bytes

- Click Count (0)

Search Options