[#58] iam: Support more s3 actions #58

dkirillov · 2024-04-01T09:40:03Z

dkirillov commented

2024-04-01 09:40:03 +00:00

Signed-off-by: Denis Kirillov d.kirillov@yadro.com

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>

dkirillov self-assigned this 2024-04-01 09:40:03 +00:00

dkirillov changed title from ~~[#XX] iam: Support more s3 actions~~ to [#58] iam: Support more s3 actions

2024-04-01 09:45:27 +00:00

dkirillov force-pushed bugifx/delete_object_actions_converters from e0275de7c8 to cfd36abace

2024-04-01 09:45:55 +00:00

Compare

dkirillov requested review from storage-core-committers 2024-04-01 11:04:58 +00:00

dkirillov requested review from storage-core-developers 2024-04-01 11:04:59 +00:00

dkirillov requested review from storage-services-committers 2024-04-01 11:04:59 +00:00

dkirillov requested review from storage-services-developers 2024-04-01 11:05:00 +00:00

acid-ant approved these changes 2024-04-01 12:47:38 +00:00

alexvanin approved these changes 2024-04-01 13:00:38 +00:00

iam/converter_native.go Outdated

					
				@ -76,6 +99,9 @@ func ConvertToNativeChain(p Policy, resolver NativeResolver) (*chain.Chain, erro

					for _, statement := range p.Statement {

						status := formStatus(statement)

						if status != chain.Allow {

alexvanin commented

2024-04-01 12:59:33 +00:00

Some comment will be appreciated on why we do this. For instance

Most s3 methods share the same native operations. Deny rules must not affect shared native operations, therefore this code skips all deny rules for native protocol. Deny is applied for s3 protocol only, in this case.

Some comment will be appreciated on why we do this. For instance ``` Most s3 methods share the same native operations. Deny rules must not affect shared native operations, therefore this code skips all deny rules for native protocol. Deny is applied for s3 protocol only, in this case. ```

👍 1