storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/pkg/iam/policy/constants.go (about)

     1  /*
     2   * MinIO Cloud Storage, (C) 2018 MinIO, Inc.
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   */
    16  
    17  package iampolicy
    18  
    19  import (
    20  	"storj.io/minio/pkg/bucket/policy"
    21  	"storj.io/minio/pkg/bucket/policy/condition"
    22  )
    23  
    24  // Policy claim constants
    25  const (
    26  	PolicyName        = "policy"
    27  	SessionPolicyName = "sessionPolicy"
    28  )
    29  
    30  // ReadWrite - provides full access to all buckets and all objects
    31  var ReadWrite = Policy{
    32  	Version: DefaultVersion,
    33  	Statements: []Statement{
    34  		{
    35  			SID:       policy.ID(""),
    36  			Effect:    policy.Allow,
    37  			Actions:   NewActionSet(AllActions),
    38  			Resources: NewResourceSet(NewResource("*", "")),
    39  		},
    40  	},
    41  }
    42  
    43  // ReadOnly - read only.
    44  var ReadOnly = Policy{
    45  	Version: DefaultVersion,
    46  	Statements: []Statement{
    47  		{
    48  			SID:       policy.ID(""),
    49  			Effect:    policy.Allow,
    50  			Actions:   NewActionSet(GetBucketLocationAction, GetObjectAction),
    51  			Resources: NewResourceSet(NewResource("*", "")),
    52  		},
    53  	},
    54  }
    55  
    56  // WriteOnly - provides write access.
    57  var WriteOnly = Policy{
    58  	Version: DefaultVersion,
    59  	Statements: []Statement{
    60  		{
    61  			SID:       policy.ID(""),
    62  			Effect:    policy.Allow,
    63  			Actions:   NewActionSet(PutObjectAction),
    64  			Resources: NewResourceSet(NewResource("*", "")),
    65  		},
    66  	},
    67  }
    68  
    69  // AdminDiagnostics - provides admin diagnostics access.
    70  var AdminDiagnostics = Policy{
    71  	Version: DefaultVersion,
    72  	Statements: []Statement{
    73  		{
    74  			SID:    policy.ID(""),
    75  			Effect: policy.Allow,
    76  			Actions: NewActionSet(ProfilingAdminAction,
    77  				TraceAdminAction, ConsoleLogAdminAction,
    78  				ServerInfoAdminAction, TopLocksAdminAction,
    79  				HealthInfoAdminAction, BandwidthMonitorAction,
    80  				PrometheusAdminAction,
    81  			),
    82  			Resources: NewResourceSet(NewResource("*", "")),
    83  		},
    84  	},
    85  }
    86  
    87  // Admin - provides admin all-access canned policy
    88  var Admin = Policy{
    89  	Version: DefaultVersion,
    90  	Statements: []Statement{
    91  		{
    92  			SID:        policy.ID(""),
    93  			Effect:     policy.Allow,
    94  			Actions:    NewActionSet(AllAdminActions),
    95  			Resources:  NewResourceSet(),
    96  			Conditions: condition.NewFunctions(),
    97  		},
    98  		{
    99  			SID:        policy.ID(""),
   100  			Effect:     policy.Allow,
   101  			Actions:    NewActionSet(AllActions),
   102  			Resources:  NewResourceSet(NewResource("*", "")),
   103  			Conditions: condition.NewFunctions(),
   104  		},
   105  	},
   106  }