You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
103 lines
2.3 KiB
103 lines
2.3 KiB
{
|
|
"sts": {
|
|
"tokenDuration": 3600000000000,
|
|
"maxSessionLength": 43200000000000,
|
|
"issuer": "seaweedfs-sts",
|
|
"signingKey": "dGVzdC1zaWduaW5nLWtleS0zMi1jaGFyYWN0ZXJzLWxvbmc="
|
|
},
|
|
"identityProviders": [
|
|
{
|
|
"name": "test-oidc",
|
|
"type": "mock",
|
|
"config": {
|
|
"issuer": "test-oidc-issuer"
|
|
}
|
|
}
|
|
],
|
|
"policy": {
|
|
"defaultEffect": "Deny",
|
|
"storeType": "memory"
|
|
},
|
|
"roles": [
|
|
{
|
|
"roleName": "TestAdminRole",
|
|
"roleArn": "arn:seaweed:iam::role/TestAdminRole",
|
|
"trustPolicy": {
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Principal": {
|
|
"Federated": "test-oidc"
|
|
},
|
|
"Action": ["sts:AssumeRoleWithWebIdentity"]
|
|
}
|
|
]
|
|
},
|
|
"attachedPolicies": ["S3AdminPolicy"],
|
|
"description": "Admin role for testing"
|
|
},
|
|
{
|
|
"roleName": "TestReadOnlyRole",
|
|
"roleArn": "arn:seaweed:iam::role/TestReadOnlyRole",
|
|
"trustPolicy": {
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Principal": {
|
|
"Federated": "test-oidc"
|
|
},
|
|
"Action": ["sts:AssumeRoleWithWebIdentity"]
|
|
}
|
|
]
|
|
},
|
|
"attachedPolicies": ["S3ReadOnlyPolicy"],
|
|
"description": "Read-only role for testing"
|
|
}
|
|
],
|
|
"policies": [
|
|
{
|
|
"name": "S3AdminPolicy",
|
|
"document": {
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": ["s3:*"],
|
|
"Resource": ["*"]
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": ["sts:ValidateSession"],
|
|
"Resource": ["*"]
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"name": "S3ReadOnlyPolicy",
|
|
"document": {
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": [
|
|
"s3:GetObject",
|
|
"s3:ListBucket"
|
|
],
|
|
"Resource": [
|
|
"arn:seaweed:s3:::*",
|
|
"arn:seaweed:s3:::*/*"
|
|
]
|
|
},
|
|
{
|
|
"Effect": "Allow",
|
|
"Action": ["sts:ValidateSession"],
|
|
"Resource": ["*"]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|