Merge branch 'main' into next

author: Alex Auvolat <alex@adnab.me> 2023-01-04 11:34:43 +0100
committer: Alex Auvolat <alex@adnab.me> 2023-01-04 11:34:43 +0100
commit: 570e5e5bbb7a3eac41350db9433e28ed289b97f4 (patch)
tree: a7fc299ba180098be5a3bef28a39256870ce697b /src/api/s3/bucket.rs
parent: 6e44369cbc810b8912ca0f7f5fd293e87f10c851 (diff)
parent: 4eb8ca3a528dae2848141f5cc3eb607eb7d40114 (diff)
download: garage-570e5e5bbb7a3eac41350db9433e28ed289b97f4.tar.gz
garage-570e5e5bbb7a3eac41350db9433e28ed289b97f4.zip
1 files changed, 9 insertions, 0 deletions
diff --git a/src/api/s3/bucket.rs b/src/api/s3/bucket.rs
index 3ac6a6ec..8471385f 100644
--- a/src/api/s3/bucket.rs
+++ b/src/api/s3/bucket.rs
@@ -161,6 +161,15 @@ pub async fn handle_create_bucket(
 			return Err(CommonError::BucketAlreadyExists.into());
 		}
 	} else {
+		// Check user is allowed to create bucket
+		if !key_params.allow_create_bucket.get() {
+			return Err(CommonError::Forbidden(format!(
+				"Access key {} is not allowed to create buckets",
+				api_key.key_id
+			))
+			.into());
+		}
+
 		// Create the bucket!
 		if !is_valid_bucket_name(&bucket_name) {
 			return Err(Error::bad_request(format!(
author	Alex Auvolat <alex@adnab.me>	2023-01-04 11:34:43 +0100
committer	Alex Auvolat <alex@adnab.me>	2023-01-04 11:34:43 +0100
commit	570e5e5bbb7a3eac41350db9433e28ed289b97f4 (patch)
tree	a7fc299ba180098be5a3bef28a39256870ce697b /src/api/s3/bucket.rs
parent	6e44369cbc810b8912ca0f7f5fd293e87f10c851 (diff)
parent	4eb8ca3a528dae2848141f5cc3eb607eb7d40114 (diff)
download	garage-570e5e5bbb7a3eac41350db9433e28ed289b97f4.tar.gz garage-570e5e5bbb7a3eac41350db9433e28ed289b97f4.zip