self-hosted/minio
self-hosted/minio
1
0
Fork 0
mirror of https://github.com/minio/minio synced 2024-10-06 16:09:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add canned diagnostics policy for admin users (#8937)

Browse source
This commit is contained in:
poornas 2020-02-04 17:58:38 -08:00 committed by GitHub
parent e9c111c8d0
commit 301c50b721
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
cmd/iam.go
View file

@ -1392,6 +1392,10 @@ func setDefaultCannedPolicies(policies map[string]iampolicy.Policy) {
if !ok {
policies["readwrite"] = iampolicy.ReadWrite
}
_, ok = policies["diagnostics"]
if !ok {
policies["diagnostics"] = iampolicy.AdminDiagnostics
}
}
// buildUserGroupMemberships - builds the memberships map. IMPORTANT:

13
pkg/iam/policy/constants.go
View file

@ -64,3 +64,16 @@ var WriteOnly = Policy{
},
},
}
// AdminDiagnostics - provides admin diagnostics access.
var AdminDiagnostics = Policy{
Version: DefaultVersion,
Statements: []Statement{
{
SID: policy.ID(""),
Effect: policy.Allow,
Actions: NewActionSet(PerfInfoAdminAction, ProfilingAdminAction, TraceAdminAction, ConsoleLogAdminAction, ServerInfoAdminAction, ServerHardwareInfoAdminAction),
Resources: NewResourceSet(NewResource("*", "")),
},
},
}