aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-12-12 12:03:54 +0100
committerAlex Auvolat <alex@adnab.me>2022-12-12 12:03:54 +0100
commit2ac75018a14a22b61cfc68bc66b4f82a981a4838 (patch)
treee9a5ad8bc35ecde97ab1d44c1271a87e2f48f6f9
parent980572a8872c56ea9572ff03579ebb9a65013775 (diff)
downloadgarage-2ac75018a14a22b61cfc68bc66b4f82a981a4838.tar.gz
garage-2ac75018a14a22b61cfc68bc66b4f82a981a4838.zip
Properly enforce allow_create_bucketfix-allow-create-bucket
-rw-r--r--src/api/s3/bucket.rs9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/api/s3/bucket.rs b/src/api/s3/bucket.rs
index 3ac6a6ec..8471385f 100644
--- a/src/api/s3/bucket.rs
+++ b/src/api/s3/bucket.rs
@@ -161,6 +161,15 @@ pub async fn handle_create_bucket(
return Err(CommonError::BucketAlreadyExists.into());
}
} else {
+ // Check user is allowed to create bucket
+ if !key_params.allow_create_bucket.get() {
+ return Err(CommonError::Forbidden(format!(
+ "Access key {} is not allowed to create buckets",
+ api_key.key_id
+ ))
+ .into());
+ }
+
// Create the bucket!
if !is_valid_bucket_name(&bucket_name) {
return Err(Error::bad_request(format!(