console
console copied to clipboard
Published
20 hours ago •
minio
minio
UI - Create/Delete bucket button and create bucket form always enabled
Within the Administrator section under Buckets, even if the policy deny admin:* action on all resources, the create bucket button and create bucket form are always enabled / visible.
Expected Behavior
- The create button should be disabled with a tooltip message.
- If user tries to force going to
/buckets/add-bucketroute, an error message should be displayed
Current Behavior
- The create button should be disabled with a tooltip message.
- If user tries to force going to
/buckets/add-bucketroute, an error message should be displayed
Possible Solution
Maybe reviewing the following piece of code to implement relevant validations:
https://github.com/minio/console/blob/adfc96074fc95a2f5c3c950cd52c06c7249b5e1b/web-app/src/screens/Console/kbar-actions.tsx#L55
Steps to Reproduce (for bugs)
- Login to the console with a user having the
consoleAdminpolicy - Create a bucket
MyTest - Create a user
MyUser - Create a policy with the following infos:
- Name: MyTestPolicy
- Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Action": [
"admin:*"
]
},
{
"Effect": "Deny",
"Action": [
"s3:PutLifecycleConfiguration",
"s3:ReplicateDelete",
"s3:ReplicateObject",
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:PutBucketPolicy",
"s3:PutEncryptionConfiguration",
"s3:PutReplicationConfiguration",
"s3:DeleteBucketPolicy",
"s3:ForceDeleteBucket"
],
"Resource": [
"arn:aws:s3:::*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:aws:s3:::MyTest/*"
]
}
]
}
- Assign the policy
MyTestPolicyto the userMyTest - Login to the console with th user
MyTest - Navigate to Adminnitrator > Buckets
- Tries to create a new bucket
Context
Regression
Your Environment
- MinIO version used (
minio --version): 2024-07-31T05:46:26Z - Server setup and configuration: Kubernetes 1.21, tenant deploy with the operator
- Operating System and version (
uname -a): N/A
