Skip to content

fix(sts): reject caller-supplied session policies#170

Merged
GatewayJ merged 1 commit into
rustfs:mainfrom
GatewayJ:fix/sts-policy-intersection
Jul 10, 2026
Merged

fix(sts): reject caller-supplied session policies#170
GatewayJ merged 1 commit into
rustfs:mainfrom
GatewayJ:fix/sts-policy-intersection

Conversation

@GatewayJ

Copy link
Copy Markdown
Member

Type of Change

  • New Feature
  • Bug Fix
  • Documentation
  • Performance Improvement
  • Test/CI
  • Refactor
  • Other:

Related Issues

Fixes rustfs/backlog#1071

Summary of Changes

  • Reject caller-supplied STS Policy request parameters before calling RustFS AssumeRole.
  • Build the inline session policy only from policies authorized by the matched PolicyBinding.
  • Add regression coverage proving request policies do not reach assume_role, while the normal PolicyBinding-only flow still passes the binding session policy.
  • Document the current Operator STS constraint in the user guide and Helm README.

Checklist

  • I have read and followed the CONTRIBUTING.md guidelines
  • Passed make pre-commit (fmt-check + clippy + test + console-lint + console-fmt-check)
  • Added/updated necessary tests
  • Documentation updated (if needed)
  • CHANGELOG.md updated under [Unreleased] (if user-visible change; N/A, this repository has no CHANGELOG.md)
  • CI/CD passed (if applicable; pending GitHub Actions)

Impact

  • Breaking change (CRD/API compatibility)
  • Requires doc/config/deployment update
  • Other impact: Operator STS callers must omit the Policy request parameter; unsupported caller policies now fail with AccessDenied.

Verification

cargo test -p operator --lib sts::session_policy::tests:: -- --nocapture
cargo test -p operator --lib sts::server::tests::sts_handler -- --nocapture
make test
make pre-commit

Additional Notes

This is the conservative P0 fix: PolicyBinding remains the sole authorization source for the issued session policy. Full request-policy subset evaluation can be added later once the operator has a complete IAM policy semantics layer.

@GatewayJ GatewayJ marked this pull request as ready for review July 10, 2026 02:31
@GatewayJ

Copy link
Copy Markdown
Member Author

@codex

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. What shall we delve into next?

Reviewed commit: 8a935d400a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@GatewayJ GatewayJ added this pull request to the merge queue Jul 10, 2026
Merged via the queue into rustfs:main with commit dd07f44 Jul 10, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant