iam/converter_test.go

@@ -11,6 +11,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine"
 	"git.frostfs.info/TrueCloudLab/policy-engine/pkg/engine/inmemory"
 	"git.frostfs.info/TrueCloudLab/policy-engine/pkg/resource/testutil"
+	"git.frostfs.info/TrueCloudLab/policy-engine/schema/common"
 	"git.frostfs.info/TrueCloudLab/policy-engine/schema/native"
 	"git.frostfs.info/TrueCloudLab/policy-engine/schema/s3"
 	"github.com/stretchr/testify/require"
@@ -1585,7 +1586,7 @@ func TestTagsConditions(t *testing.T) {
         "StringEquals": {
           "aws:PrincipalTag/department": "hr",
           "aws:ResourceTag/owner": "hr-admin",
-          "aws:Request/scope": "*"
+          "aws:RequestTag/scope": "*"
         }
       }
     }
@@ -1597,19 +1598,19 @@ func TestTagsConditions(t *testing.T) {
 		{
 			Op:     chain.CondStringEquals,
 			Object: chain.ObjectRequest,
-			Key:    "frostfsid:userClaim/tag-department",
+			Key:    fmt.Sprintf(common.PropertyKeyFormatFrostFSIDUserClaim, "tag-department"),
 			Value:  "hr",
 		},
 		{
 			Op:     chain.CondStringEquals,
 			Object: chain.ObjectRequest,
-			Key:    "aws:ResourceTag/owner",
+			Key:    fmt.Sprintf(s3.PropertyKeyFormatResourceTag, "owner"),
 			Value:  "hr-admin",
 		},
 		{
 			Op:     chain.CondStringEquals,
 			Object: chain.ObjectRequest,
-			Key:    "aws:Request/scope",
+			Key:    fmt.Sprintf(s3.PropertyKeyFormatRequestTag, "scope"),
 			Value:  "*",
 		},
 	}

schema/s3/consts.go

@@ -8,6 +8,9 @@ const (
 	PropertyKeyVersionID = "s3:VersionId"
 	PropertyKeyMaxKeys   = "s3:max-keys"
 
+	PropertyKeyFormatResourceTag = "aws:ResourceTag/%s"
+	PropertyKeyFormatRequestTag  = "aws:RequestTag/%s"
+
 	ResourceFormatS3All           = "arn:aws:s3:::*"
 	ResourceFormatS3Bucket        = "arn:aws:s3:::%s"
 	ResourceFormatS3BucketObjects = "arn:aws:s3:::%s/*"