Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Null policy condition causes 'unable to list policies of target' #3786

Closed
OJFord opened this issue Aug 26, 2021 · 4 comments · Fixed by minio/minio-go#1925
Closed

Null policy condition causes 'unable to list policies of target' #3786

OJFord opened this issue Aug 26, 2021 · 4 comments · Fixed by minio/minio-go#1925
Assignees
@jiuker
Labels
community do not close

Comments

@OJFord
Copy link

OJFord commented Aug 26, 2021
edited
Loading

Expected behaviour

Lists the policy

Actual behaviour

mc: <ERROR> Unable to list policies of target `minio/bucketname`. ReadString: expects " or n, but found [, error found in #1 byte of ...|[true]|..., bigger context ...|[true]|...
 (1) policy-main.go:243 cmd.runPolicyListCmd(..) Tags: [minio/bucketname]
 (0) client-s3.go:1283 cmd.(*S3Client).GetAccessRules(..)
 Release-Tag:RELEASE.2021-07-27T06-46-19Z | Commit:addaf66de8af | Host:73a7f9273e14 | OS:linux | Arch:amd64 | Lang:go1.16.6 | Mem:3.2 MB/75 MB | Heap:3.2 MB/67 MB.
ERROR: 1

Steps to reproduce the behaviour

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::bucketname/*",
            "Condition": {
                "Null": {
                    "s3:x-amz-server-side-encryption": "true"
                }
            }
        }
    ]
}
mc policy set-json above.json minio/bucketname # succeeds
mc policy list minio/bucketname

StringNotEquals (& "AES256" instead of "true") works - in that it does list bucketname/* => none, I don't know if that's correct, but it doesn't error. It doesn't have the behaviour I expect though; so I found the above error in the course of trying to debug that.
@stale
Copy link

stale bot commented Nov 25, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 21 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Nov 25, 2021
@harshavardhana harshavardhana self-assigned this Dec 7, 2021
@harshavardhana
Copy link
Member

This is due to limitations in policy condition handling in minio-go/v7

@stale
Copy link

stale bot commented Apr 16, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 21 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Apr 16, 2022
@stale
Copy link

stale bot commented Oct 1, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 21 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Oct 1, 2022
@stale stale bot closed this as completed Nov 13, 2022
@stale stale bot removed the stale label Jan 8, 2024
@jiuker jiuker mentioned this issue Jan 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jiuker jiuker

Labels
community do not close
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: support more type to StringSet umnarshaJSON jiuker/minio-go
3 participants
@harshavardhana @OJFord @jiuker