[#70] iam: Support aws:MultiFactorAuthPresent key #70

mbiryukova · 2024-04-12T11:42:57Z

mbiryukova commented

2024-04-12 11:42:57 +00:00

There is no content yet.

mbiryukova self-assigned this 2024-04-12 11:42:57 +00:00

mbiryukova added 1 commit 2024-04-12 11:42:58 +00:00

DCO action / DCO (pull_request) Failing after 1m1s Details

Tests and linters / Tests (1.21) (pull_request) Successful in 1m36s Details

Tests and linters / Tests (1.20) (pull_request) Successful in 2m3s Details

Tests and linters / Staticcheck (pull_request) Successful in 2m31s Details

Tests and linters / Tests with -race (pull_request) Successful in 2m37s Details

Tests and linters / Lint (pull_request) Successful in 3m9s Details

79a4ea2fe1 [#xx] iam: Support aws:MultiFactorAuthPresent key

Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>

mbiryukova force-pushed feature/mfa_condition_key from 79a4ea2fe1 to 0033c76a71

2024-04-12 11:43:25 +00:00

Compare

mbiryukova changed title from ~~[#xx] iam: Support aws:MultiFactorAuthPresent key~~ to [#70] iam: Support aws:MultiFactorAuthPresent key

2024-04-12 11:43:44 +00:00

mbiryukova requested review from storage-core-committers 2024-04-12 11:47:13 +00:00

mbiryukova requested review from storage-core-developers 2024-04-12 11:47:14 +00:00

mbiryukova requested review from storage-services-committers 2024-04-12 11:47:14 +00:00

mbiryukova requested review from storage-services-developers 2024-04-12 11:47:14 +00:00

mbiryukova force-pushed feature/mfa_condition_key from 0033c76a71 to a84a6b6691

2024-04-12 11:56:26 +00:00

Compare

dkirillov reviewed 2024-04-12 14:31:30 +00:00

iam/converter.go Outdated

													
				@ -198,6 +201,10 @@ func transformKey(key string) string {

						return fmt.Sprintf(common.PropertyKeyFormatFrostFSIDUserClaim, userClaimTagPrefix+tagName)

					}

					if key == condKeyAWSMFAPresent {

dkirillov commented

2024-04-12 14:31:30 +00:00

I'm not sure we need such tranformation for native policies. AccessBox attributes can be set only in s3/iam services

dkirillov marked this conversation as resolved

mbiryukova force-pushed feature/mfa_condition_key from a84a6b6691 to b4b2325716

2024-04-15 11:04:35 +00:00

Compare

fyrchik reviewed 2024-04-15 11:51:41 +00:00

iam/converter_native.go Outdated

													
				@ -218,6 +225,12 @@ func getNativePrincipalsAndConditionFunc(statement Statement, resolver NativeRes

				func convertToNativeChainCondition(c Conditions, resolver NativeResolver) ([]GroupedConditions, error) {

					return convertToChainConditions(c, func(gr GroupedConditions) (GroupedConditions, error) {

						if slices.ContainsFunc(gr.Conditions, func(c chain.Condition) bool {

fyrchik commented

2024-04-15 11:51:41 +00:00

These 5 lines can be replaced with a simple for loop, do we really need to use an external dependency here?
I see it is already used in another place, but it will be removed after we bumped minimum go version.

These 5 lines can be replaced with a simple `for` loop, do we really need to use an external dependency here? I see it is already used in another place, but it will be removed after we bumped minimum go version.

dstepanov-yadro commented

2024-04-15 12:02:41 +00:00

slices package contains this function too.

`slices` package contains this function too.

dkirillov commented

2024-04-15 13:14:50 +00:00

Probably we can use already existing for loop below (line 234)

Probably we can use already existing `for` loop below (line 234)

mbiryukova commented

2024-04-15 16:22:49 +00:00

Poster

I thought to check key before possible arn resolving, but can use loop below if it doesn't make sense to separate

dkirillov commented

2024-04-16 06:32:59 +00:00

I suppose it's ok to use the same loop

👍 1

fyrchik marked this conversation as resolved

dstepanov-yadro requested changes 2024-04-15 12:05:48 +00:00

iam/converter_test.go Outdated

													
				@ -1642,6 +1642,48 @@ func TestTagsConditions(t *testing.T) {

					require.ElementsMatch(t, expectedConditions, nativeChain.Rules[0].Condition)

				}

				func TestMFACondition(t *testing.T) {

dstepanov-yadro commented

2024-04-15 12:04:27 +00:00

Could you please add negative test also.

mbiryukova commented

2024-04-15 13:07:31 +00:00

Poster

What do you expect it should check?

dstepanov-yadro commented

2024-04-16 07:01:51 +00:00

      "Condition": {
        "Bool": {
          "aws:MultiFactorAuthPresent": "false"
        }

 <no condition>

``` "Condition": { "Bool": { "aws:MultiFactorAuthPresent": "false" } ``` ``` <no condition> ```

👍 1

dstepanov-yadro marked this conversation as resolved

mbiryukova force-pushed feature/mfa_condition_key from b4b2325716 to 04a79f57ef

2024-04-16 07:18:19 +00:00

Compare

dkirillov approved these changes 2024-04-16 07:26:47 +00:00

dkirillov referenced this pull request from TrueCloudLab/frostfs-s3-gw

2024-04-16 09:09:55 +00:00

[#367] Add check of AccessBox attributes #367

aarifullin approved these changes 2024-04-16 14:34:34 +00:00

fyrchik approved these changes 2024-04-16 15:55:36 +00:00

acid-ant approved these changes 2024-04-16 18:42:29 +00:00

dstepanov-yadro approved these changes 2024-04-17 06:10:52 +00:00

dkirillov merged commit 04a79f57ef into master

2024-04-17 06:36:21 +00:00

dkirillov referenced this issue from a commit

2024-04-17 06:36:23 +00:00

[#70] iam: Support aws:MultiFactorAuthPresent key

Sign in to join this conversation.

No reviewers

TrueCloudLab/storage-services-developers

No Label

No Milestone

No project

No Assignees

6 Participants

Notifications

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: TrueCloudLab/policy-engine#70