Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11994 Commits
50 Branches
316 Tags
332 MiB
 
 
 
 
 
 
Tree: 8c8a6313d9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8c8a6313d9'
${ noResults }
seaweedfs/test/s3/iam/iam_config_distributed.json

173 lines
4.3 KiB
Raw Blame History

{
"sts": {
"tokenDuration": 3600000000000,
"maxSessionLength": 43200000000000,
"issuer": "seaweedfs-sts",
"signingKey": "dGVzdC1zaWduaW5nLWtleS0zMi1jaGFyYWN0ZXJzLWxvbmc=",
"providers": [
{
"name": "keycloak-oidc",
"type": "oidc",
"enabled": true,
"config": {
"issuer": "http://keycloak:8080/realms/seaweedfs-test",
"clientId": "seaweedfs-s3",
"clientSecret": "seaweedfs-s3-secret",
"jwksUri": "http://keycloak:8080/realms/seaweedfs-test/protocol/openid-connect/certs",
"scopes": ["openid", "profile", "email", "roles"],
"claimsMapping": {
"usernameClaim": "preferred_username",
"groupsClaim": "roles"
}
}
},
{
"name": "mock-provider",
"type": "mock",
"enabled": false,
"config": {
"issuer": "http://localhost:9999",
"jwksEndpoint": "http://localhost:9999/jwks"
}
}
]
},
"policy": {
"defaultEffect": "Deny"
},
"roleStore": {},
"roles": [
{
"roleName": "S3AdminRole",
"roleArn": "arn:seaweed:iam::role/S3AdminRole",
"trustPolicy": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "keycloak-oidc"
},
"Action": ["sts:AssumeRoleWithWebIdentity"],
"Condition": {
"StringEquals": {
"roles": "s3-admin"
}
}
}
]
},
"attachedPolicies": ["S3AdminPolicy"],
"description": "Full S3 administrator access role"
},
{
"roleName": "S3ReadOnlyRole",
"roleArn": "arn:seaweed:iam::role/S3ReadOnlyRole",
"trustPolicy": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "keycloak-oidc"
},
"Action": ["sts:AssumeRoleWithWebIdentity"],
"Condition": {
"StringEquals": {
"roles": "s3-read-only"
}
}
}
]
},
"attachedPolicies": ["S3ReadOnlyPolicy"],
"description": "Read-only access to S3 resources"
},
{
"roleName": "S3ReadWriteRole",
"roleArn": "arn:seaweed:iam::role/S3ReadWriteRole",
"trustPolicy": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "keycloak-oidc"
},
"Action": ["sts:AssumeRoleWithWebIdentity"],
"Condition": {
"StringEquals": {
"roles": "s3-read-write"
}
}
}
]
},
"attachedPolicies": ["S3ReadWritePolicy"],
"description": "Read-write access to S3 resources"
}
],
"policies": [
{
"name": "S3AdminPolicy",
"document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "*"
}
]
}
},
{
"name": "S3ReadOnlyPolicy",
"document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Resource": [
"arn:seaweed:s3:::*",
"arn:seaweed:s3:::*/*"
]
}
]
}
},
{
"name": "S3ReadWritePolicy",
"document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:DeleteObject",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Resource": [
"arn:seaweed:s3:::*",
"arn:seaweed:s3:::*/*"
]
}
]
}
}
]
}