generated from TrueCloudLab/basic
[#80] iam: Move resource tag to resource property
All checks were successful
DCO action / DCO (pull_request) Successful in 1m8s
Tests and linters / Tests (1.21) (pull_request) Successful in 1m3s
Tests and linters / Tests (1.20) (pull_request) Successful in 1m19s
Tests and linters / Staticcheck (pull_request) Successful in 1m27s
Tests and linters / Tests with -race (pull_request) Successful in 1m45s
Tests and linters / Lint (pull_request) Successful in 2m15s
All checks were successful
DCO action / DCO (pull_request) Successful in 1m8s
Tests and linters / Tests (1.21) (pull_request) Successful in 1m3s
Tests and linters / Tests (1.20) (pull_request) Successful in 1m19s
Tests and linters / Staticcheck (pull_request) Successful in 1m27s
Tests and linters / Tests with -race (pull_request) Successful in 1m45s
Tests and linters / Lint (pull_request) Successful in 2m15s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
parent
64e06f5b7c
commit
ac965e8d17
3 changed files with 9 additions and 4 deletions
|
@ -243,6 +243,7 @@ func convertToNativeChainCondition(c Conditions, resolver NativeResolver) ([]Gro
|
||||||
res.Conditions = append(res.Conditions, gr.Conditions[i])
|
res.Conditions = append(res.Conditions, gr.Conditions[i])
|
||||||
case strings.HasPrefix(gr.Conditions[i].Key, condKeyAWSRequestTagPrefix) ||
|
case strings.HasPrefix(gr.Conditions[i].Key, condKeyAWSRequestTagPrefix) ||
|
||||||
strings.HasPrefix(gr.Conditions[i].Key, condKeyAWSResourceTagPrefix):
|
strings.HasPrefix(gr.Conditions[i].Key, condKeyAWSResourceTagPrefix):
|
||||||
|
// Tags exist only in S3 requests, so native protocol should not process such conditions.
|
||||||
continue
|
continue
|
||||||
default:
|
default:
|
||||||
res.Conditions = append(res.Conditions, gr.Conditions[i])
|
res.Conditions = append(res.Conditions, gr.Conditions[i])
|
||||||
|
|
|
@ -2,6 +2,7 @@ package iam
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"strings"
|
||||||
|
|
||||||
"git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
|
"git.frostfs.info/TrueCloudLab/policy-engine/pkg/chain"
|
||||||
"git.frostfs.info/TrueCloudLab/policy-engine/schema/s3"
|
"git.frostfs.info/TrueCloudLab/policy-engine/schema/s3"
|
||||||
|
@ -169,16 +170,19 @@ func getS3PrincipalsAndConditionFunc(statement Statement, resolver S3Resolver) (
|
||||||
func convertToS3ChainCondition(c Conditions, resolver S3Resolver) ([]GroupedConditions, error) {
|
func convertToS3ChainCondition(c Conditions, resolver S3Resolver) ([]GroupedConditions, error) {
|
||||||
return convertToChainConditions(c, func(gr GroupedConditions) (GroupedConditions, error) {
|
return convertToChainConditions(c, func(gr GroupedConditions) (GroupedConditions, error) {
|
||||||
for i := range gr.Conditions {
|
for i := range gr.Conditions {
|
||||||
if gr.Conditions[i].Key == condKeyAWSPrincipalARN {
|
switch {
|
||||||
|
case gr.Conditions[i].Key == condKeyAWSPrincipalARN:
|
||||||
gr.Conditions[i].Key = s3.PropertyKeyOwner
|
gr.Conditions[i].Key = s3.PropertyKeyOwner
|
||||||
val, err := formPrincipalOwner(gr.Conditions[i].Value, resolver)
|
val, err := formPrincipalOwner(gr.Conditions[i].Value, resolver)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return GroupedConditions{}, err
|
return GroupedConditions{}, err
|
||||||
}
|
}
|
||||||
gr.Conditions[i].Value = val
|
gr.Conditions[i].Value = val
|
||||||
}
|
|
||||||
if gr.Conditions[i].Key == condKeyAWSMFAPresent {
|
case gr.Conditions[i].Key == condKeyAWSMFAPresent:
|
||||||
gr.Conditions[i].Key = s3.PropertyKeyAccessBoxAttrMFA
|
gr.Conditions[i].Key = s3.PropertyKeyAccessBoxAttrMFA
|
||||||
|
case strings.HasPrefix(gr.Conditions[i].Key, condKeyAWSResourceTagPrefix):
|
||||||
|
gr.Conditions[i].Kind = chain.KindResource
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1705,7 +1705,7 @@ func TestTagsConditions(t *testing.T) {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Op: chain.CondStringEquals,
|
Op: chain.CondStringEquals,
|
||||||
Kind: chain.KindRequest,
|
Kind: chain.KindResource,
|
||||||
Key: fmt.Sprintf(s3.PropertyKeyFormatResourceTag, "owner"),
|
Key: fmt.Sprintf(s3.PropertyKeyFormatResourceTag, "owner"),
|
||||||
Value: "hr-admin",
|
Value: "hr-admin",
|
||||||
},
|
},
|
||||||
|
|
Loading…
Reference in a new issue