Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Canned policy not applied when using AssumeRoleWithClientGrants and JS SDK
See original GitHub issueExpected Behavior
When using the JS SDK to sign in a client with temp. credentials - token and policy provided by keycloak- the policy should be applied no matter if it is a default or a custom one.
Current Behavior
When using default policy e.g. readwrite everything is ok (I can list the buckets) but when I set the policy to restricted (a custom policy I created) I have a S3Error: Access Denied. message.
Notice that the custom policy is correctly applied when using the OpenID button on the Minio browser.
Possible Solution
Steps to Reproduce (for bugs)
- Create a user with a custom policy in Keycloak
- Get the Token from Keycloak for the user
- Use the AssumeRoleWithClientGrants to get temp credentials
- Use the JS SDK the list the buckets
=>
S3Error: Access Denied.
Context
Regression
Your Environment
- Version used (
minio version): docker minio/minio:edge - Environment name and version (e.g. nginx 1.9.1):
- Server type and version:
- Operating System and version (
uname -a): windows - Link to your project:
Issue Analytics
- State:
- Created 4 years ago
- Comments:9 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
in minio-js that’s not allowed in minio-go it is allowed using the credential.Credentials structure look at the method minio.NewWithCredentials
@GuillaumeNachury please have a look at : https://github.com/minio/minio-js/pull/960