Skip to content

feat: add consolereadonly canned policy#233

Merged
kannappanr merged 2 commits intominio:mainfrom
allanrogerr:feat/consolereadonly-policy
Apr 22, 2026
Merged

feat: add consolereadonly canned policy#233
kannappanr merged 2 commits intominio:mainfrom
allanrogerr:feat/consolereadonly-policy

Conversation

@allanrogerr
Copy link
Copy Markdown
Contributor

@allanrogerr allanrogerr commented Apr 21, 2026
edited
Loading

Needed for https://github.com/miniohq/eos/pull/4414

Summary

Adds a new built-in canned policy consolereadonly that mirrors the existing readonly policy but additionally grants s3:ListBucket, so users can browse bucket contents (e.g. from the console) without gaining write access.

Motivation

The built-in readonly policy grants only s3:GetBucketLocation and s3:GetObject. A user bound to readonly can GET a known object key but cannot list objects in a bucket or enumerate buckets via the console, which makes it unsuitable for the common "let this user browse but not write" use case. Granting write-capable policies to work around this is overly permissive.

consolereadonly fills that gap without touching the semantics of the existing readonly policy.

How to test

cd policy && go test -run 'TestDefaultPolicy' -v
cd policy && go test ./...

New tests:

  • TestDefaultPolicyReadOnly — invariant check for existing readonly
  • TestDefaultPolicyConsoleReadOnly — new policy has the expected Allow/Deny action set
  • TestDefaultPolicyConsoleReadOnlyAllowsListBucket — asserts the new policy allows s3:ListBucket and that readonly does not (regression guard)

Types of changes

  • New feature (non-breaking change which adds functionality)

Checklist

  • Documentation updated
  • Unit tests added/updated

@allanrogerr
feat: add consolereadonly canned policy
d802f2d 
Adds a new built-in policy 'consolereadonly' that mirrors 'readonly'
but additionally grants s3:ListBucket so users can browse bucket
contents (e.g. via the console) without gaining write access.

Also adds tests covering both the existing readonly shape and the new
consolereadonly policy, including a regression guard that readonly
does not allow s3:ListBucket.
@allanrogerr allanrogerr self-assigned this Apr 21, 2026
@allanrogerr allanrogerr added the enhancement New feature or request label Apr 21, 2026
@allanrogerr allanrogerr marked this pull request as ready for review April 21, 2026 21:27
@allanrogerr allanrogerr requested a review from Copilot April 21, 2026 21:31
Copilot AI reviewed Apr 21, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new built-in canned policy consolereadonly alongside existing canned policies in the policy package, with accompanying tests to ensure the canned policy definitions remain valid and stable.

Changes:

  • Add a new default canned policy consolereadonly that extends readonly with s3:ListBucket.
  • Add unit tests that assert the exact Allow/Deny action sets for readonly and consolereadonly.
  • Add a regression-style test ensuring consolereadonly allows s3:ListBucket while readonly does not.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.

File Description
policy/constants.go Introduces the new consolereadonly entry in DefaultPolicies.
policy/constants_test.go Adds tests validating the contents and behavior of readonly and consolereadonly.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread policy/constants.go
Comment thread policy/constants_test.go Outdated
Comment thread policy/constants.go
@allanrogerr
test: assert readonly lookup succeeds in consolereadonly regression g…
7e6b596 
…uard

Without the ok check, if the readonly default policy were ever removed
or renamed, findDefaultPolicy returns a zero Policy{} whose IsAllowed
always returns false, making the regression guard vacuously pass.
Fail fast instead so the assertion cannot silently rot.
@kannappanr kannappanr merged commit e156a39 into minio:main Apr 22, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@poornas poornas poornas approved these changes

@kannappanr kannappanr kannappanr approved these changes

@klauspost klauspost Awaiting requested review from klauspost

@krisis krisis Awaiting requested review from krisis

@harshavardhana harshavardhana Awaiting requested review from harshavardhana

Assignees

@allanrogerr allanrogerr

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@allanrogerr @poornas @kannappanr