Policy action wildcards do not include the policy with no character after wildcard #3217
Description
NOTE
If this case is urgent, please subscribe to Subnet so that our 24/7 support team may help you faster.
When using wildcards in a s3 policy, this does not include policy names with a null value for the wildcard after upgrading in the Minio GUI.
Expected Behavior
When you for example have a policy action named "s3:DeleteObject*", this should include "s3:DeleteObject" (no *) action after upgrading to version 2024.1.16. In the GUI you can delete objects based on that policy.
Current Behavior
Users with a policy action of "s3:DeleteObject*" can not delete objects within the GUI. You have to explicitly add "s3:DeleteObject" as a policy. This behavior has changed since our previous version.
Possible Solution
- should also include the actions where there are no more characters after the action name.
Steps to Reproduce (for bugs)
- Add a policy for a bucket
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:ListAllMyBuckets", "s3:GetBucketVersioning", "s3:DeleteObjectVersion", "s3:ListBucketVersions", "s3:GetObject*", "s3:DeleteObject*", "s3:PutObject*" ], "Resource": [ "arn:aws:s3:::bucket_name", "arn:aws:s3:::bucket_name/*" ] } ] } - Log on to GUI and try to add or delete objects
- You can't, can you?
Context
We had to add policies for every bucket in our environment after updating
Regression
No sure what that means
Your Environment
minio version DEVELOPMENT.2024-01-16T16-07-38Z (commit-id=ca258c04cb1dea33c31fed86250eaa3d1f020ff8)
Runtime: go1.21.6 linux/amd64
License: GNU AGPLv3 https://www.gnu.org/licenses/agpl-3.0.html
Copyright: 2015-2024 MinIO, Inc.
Running in docker on Ubuntu 22.04