noobaa-core icon indicating copy to clipboard operation
noobaa-core copied to clipboard

Published 20 hours ago verified publisher icon noobaa

Support the wildcard principal (`"*"`) in STS role config

Open Neon-White opened this issue 6 months ago • 2 comments

Explain the changes

  1. Currently, if a user sets the principal which can assume a role via STS as "*", it always fails since it compares "*" to the email of the requester. This PR checks whether the policy principle is "*" and allows it

Testing Instructions:

  1. Create two NooBaa accounts - 'assumed' and 'assumer'
  2. Assign a role config to assumed that allows anyone ("principal": ["*"]) to assume it
  3. Try to assume it with the credentials of assumer
  4. Test the received credentials
  • [ ] Doc added/updated
  • [ ] Tests added

Neon-White avatar Aug 05 '24 12:08 Neon-White