diff --git a/iam/converter_test.go b/iam/converter_test.go index dab1a07..f57f085 100644 --- a/iam/converter_test.go +++ b/iam/converter_test.go @@ -11,6 +11,7 @@ import ( "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine" "git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine/inmemory" "git.frostfs.info/TrueCloudLab/policy-engine/pkg/resource/testutil" + "git.frostfs.info/TrueCloudLab/policy-engine/schema/common" "git.frostfs.info/TrueCloudLab/policy-engine/schema/native" "git.frostfs.info/TrueCloudLab/policy-engine/schema/s3" "github.com/stretchr/testify/require" @@ -1585,7 +1586,7 @@ func TestTagsConditions(t *testing.T) { "StringEquals": { "aws:PrincipalTag/department": "hr", "aws:ResourceTag/owner": "hr-admin", - "aws:Request/scope": "*" + "aws:RequestTag/scope": "*" } } } @@ -1597,19 +1598,19 @@ func TestTagsConditions(t *testing.T) { { Op: chain.CondStringEquals, Object: chain.ObjectRequest, - Key: "frostfsid:userClaim/tag-department", + Key: fmt.Sprintf(common.PropertyKeyFormatFrostFSIDUserClaim, "tag-department"), Value: "hr", }, { Op: chain.CondStringEquals, Object: chain.ObjectRequest, - Key: "aws:ResourceTag/owner", + Key: fmt.Sprintf(s3.PropertyKeyFormatResourceTag, "owner"), Value: "hr-admin", }, { Op: chain.CondStringEquals, Object: chain.ObjectRequest, - Key: "aws:Request/scope", + Key: fmt.Sprintf(s3.PropertyKeyFormatRequestTag, "scope"), Value: "*", }, } diff --git a/schema/s3/consts.go b/schema/s3/consts.go index ab8021e..a374fa4 100644 --- a/schema/s3/consts.go +++ b/schema/s3/consts.go @@ -8,6 +8,9 @@ const ( PropertyKeyVersionID = "s3:VersionId" PropertyKeyMaxKeys = "s3:max-keys" + PropertyKeyFormatResourceTag = "aws:ResourceTag/%s" + PropertyKeyFormatRequestTag = "aws:RequestTag/%s" + ResourceFormatS3All = "arn:aws:s3:::*" ResourceFormatS3Bucket = "arn:aws:s3:::%s" ResourceFormatS3BucketObjects = "arn:aws:s3:::%s/*"