[#53] iam: Extend support s3 to native actions
All checks were successful
DCO action / DCO (pull_request) Successful in 49s
Tests and linters / Tests (1.20) (pull_request) Successful in 1m18s
Tests and linters / Tests (1.21) (pull_request) Successful in 1m13s
Tests and linters / Staticcheck (pull_request) Successful in 1m11s
Tests and linters / Tests with -race (pull_request) Successful in 1m43s
Tests and linters / Lint (pull_request) Successful in 2m4s

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
Denis Kirillov 2024-02-26 12:22:29 +03:00
parent 8354a074c4
commit c960b1b088
2 changed files with 6 additions and 4 deletions

View file

@ -11,7 +11,8 @@ import (
const PropertyKeyFilePath = "FilePath" const PropertyKeyFilePath = "FilePath"
var supportedActionToNativeOpMap = map[string][]string{ var supportedActionToNativeOpMap = map[string][]string{
supportedS3NativeActionDeleteObject: {native.MethodDeleteObject}, supportedS3NativeActionDeleteObject: {native.MethodDeleteObject, native.MethodHeadObject},
supportedS3NativeActionHeadObject: {native.MethodHeadObject},
supportedS3NativeActionGetObject: {native.MethodGetObject, native.MethodHeadObject, native.MethodSearchObject, native.MethodRangeObject, native.MethodHashObject}, supportedS3NativeActionGetObject: {native.MethodGetObject, native.MethodHeadObject, native.MethodSearchObject, native.MethodRangeObject, native.MethodHashObject},
supportedS3NativeActionPutObject: {native.MethodPutObject}, supportedS3NativeActionPutObject: {native.MethodPutObject},
supportedS3NativeActionListBucket: {native.MethodGetContainer, native.MethodGetObject, native.MethodHeadObject, native.MethodSearchObject, native.MethodRangeObject, native.MethodHashObject}, supportedS3NativeActionListBucket: {native.MethodGetContainer, native.MethodGetObject, native.MethodHeadObject, native.MethodSearchObject, native.MethodRangeObject, native.MethodHashObject},
@ -45,6 +46,7 @@ var objectNativeOperations = map[string]struct{}{
const ( const (
supportedS3NativeActionDeleteObject = "s3:DeleteObject" supportedS3NativeActionDeleteObject = "s3:DeleteObject"
supportedS3NativeActionGetObject = "s3:GetObject" supportedS3NativeActionGetObject = "s3:GetObject"
supportedS3NativeActionHeadObject = "s3:HeadObject"
supportedS3NativeActionPutObject = "s3:PutObject" supportedS3NativeActionPutObject = "s3:PutObject"
supportedS3NativeActionListBucket = "s3:ListBucket" supportedS3NativeActionListBucket = "s3:ListBucket"

View file

@ -208,7 +208,7 @@ func TestConverters(t *testing.T) {
expected := &chain.Chain{Rules: []chain.Rule{ expected := &chain.Chain{Rules: []chain.Rule{
{ {
Status: chain.AccessDenied, Status: chain.AccessDenied,
Actions: chain.Actions{Names: []string{native.MethodDeleteObject, native.MethodDeleteContainer}}, Actions: chain.Actions{Names: []string{native.MethodDeleteObject, native.MethodHeadObject, native.MethodDeleteContainer}},
Resources: chain.Resources{Names: []string{ Resources: chain.Resources{Names: []string{
fmt.Sprintf(native.ResourceFormatNamespaceContainerObjects, namespace, mockResolver.containers[bktName]), fmt.Sprintf(native.ResourceFormatNamespaceContainerObjects, namespace, mockResolver.containers[bktName]),
}}, }},
@ -229,7 +229,7 @@ func TestConverters(t *testing.T) {
}, },
{ {
Status: chain.AccessDenied, Status: chain.AccessDenied,
Actions: chain.Actions{Names: []string{native.MethodDeleteObject, native.MethodDeleteContainer}}, Actions: chain.Actions{Names: []string{native.MethodDeleteObject, native.MethodHeadObject, native.MethodDeleteContainer}},
Resources: chain.Resources{Names: []string{ Resources: chain.Resources{Names: []string{
fmt.Sprintf(native.ResourceFormatNamespaceContainer, namespace, mockResolver.containers[bktName]), fmt.Sprintf(native.ResourceFormatNamespaceContainer, namespace, mockResolver.containers[bktName]),
}}, }},
@ -341,7 +341,7 @@ func TestConverters(t *testing.T) {
nativeExpected := &chain.Chain{Rules: []chain.Rule{{ nativeExpected := &chain.Chain{Rules: []chain.Rule{{
Status: chain.Allow, Status: chain.Allow,
Actions: chain.Actions{Names: []string{native.MethodDeleteObject}}, Actions: chain.Actions{Names: []string{native.MethodDeleteObject, native.MethodHeadObject}},
Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects}}, Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects}},
Condition: []chain.Condition{{ Condition: []chain.Condition{{
Op: chain.CondStringEquals, Op: chain.CondStringEquals,