Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Policy names with / can be created but not modified via the Console #3518

Closed
bascht opened this issue Mar 14, 2025 · 3 comments
Closed

Policy names with / can be created but not modified via the Console #3518

bascht opened this issue Mar 14, 2025 · 3 comments
Labels
community triage

Comments

@bascht
Copy link

bascht commented Mar 14, 2025

Sorry if the title is a bit long but I tried to distil how I got here: We want to set up OpenID with GitLab and we do have nested groups, so foo/bar is a valid group name for us.

At least according to the AWS IAM documentation, that's not a valid policy name since it must be »a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-.«

Expected Behavior

  • Create a group named policy/test via mc or via the Console
  • Go to the Console and modify or delete the policy

Image

Via mc I can retrieve the group, so it seems to be there:

Image

Current Behavior

  • The group named policy/test is visible in the UI but:
    • cannot be displayed
    • cannot be modified
    • cannot be deleted

Image

In the browser UI it looks like the paths are failing with a 404 because of missing escapes:

Image

Possible Solution

Honestly I am not sure how this could be fixed in a satisfactory fashion. If we cannot have forward slashes in policy names it would make it very hard to roll out Minio with GitLab as an OpenID provider.

On the other hand I could imagine lots of other breakage if Minio will differ in behaviour from other IAM implementations.

Steps to Reproduce (for bugs)

  1. Create a policy with a / in its name
  2. Try to edit or delete it afterwards via the Console

Context

In our GitLab instance we have nested groups, so to match the group to a policy, the policy needs to have a / in its name.

Regression

No.

Your Environment

  • Version used (minio --version): Version: RELEASE.2025-03-12T18-04-18Z (go1.24.1 linux/amd64)
  • Server setup and configuration: Single instance running in a Docker container on a QNAP NAS
  • Operating System and version (uname -a): Linux minio 5.10.60-qnap 1 SMP Wed Jan 8 01:44:38 CST 2025 x86_64 x86_64 x86_64 GNU/Linux
@harshavardhana harshavardhana transferred this issue from minio/minio Mar 14, 2025
@ramondeklein
Copy link
Collaborator

Console doesn't have policy management functionality anymore with the new release. See #3509.

@bascht
Copy link
Author

bascht commented Mar 14, 2025

@ramondeklein So… does that mean that policies with / in their name are officially supported?

@harshavardhana
Copy link
Member

harshavardhana commented Mar 14, 2025
edited
Loading

@ramondeklein So… does that mean that policies with / in their name are officially supported?

@bascht Console UI has nothing to do with it - they are supported via mc, however avoid it if you can.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
community triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bascht @harshavardhana @ramondeklein