[#70] iam: Support aws:MultiFactorAuthPresent key #70

Merged
dkirillov merged 1 commit from mbiryukova/policy-engine:feature/mfa_condition_key into master 2024-04-17 06:36:21 +00:00
Member
No description provided.
mbiryukova self-assigned this 2024-04-12 11:42:57 +00:00
mbiryukova force-pushed feature/mfa_condition_key from 79a4ea2fe1 to 0033c76a71 2024-04-12 11:43:25 +00:00 Compare
mbiryukova changed title from [#xx] iam: Support aws:MultiFactorAuthPresent key to [#70] iam: Support aws:MultiFactorAuthPresent key 2024-04-12 11:43:44 +00:00
mbiryukova requested review from storage-core-committers 2024-04-12 11:47:13 +00:00
mbiryukova requested review from storage-core-developers 2024-04-12 11:47:14 +00:00
mbiryukova requested review from storage-services-committers 2024-04-12 11:47:14 +00:00
mbiryukova requested review from storage-services-developers 2024-04-12 11:47:14 +00:00
mbiryukova force-pushed feature/mfa_condition_key from 0033c76a71 to a84a6b6691 2024-04-12 11:56:26 +00:00 Compare
dkirillov reviewed 2024-04-12 14:31:30 +00:00
iam/converter.go Outdated
@ -198,6 +201,10 @@ func transformKey(key string) string {
return fmt.Sprintf(common.PropertyKeyFormatFrostFSIDUserClaim, userClaimTagPrefix+tagName)
}
if key == condKeyAWSMFAPresent {
Member

I'm not sure we need such tranformation for native policies. AccessBox attributes can be set only in s3/iam services

I'm not sure we need such tranformation for native policies. AccessBox attributes can be set only in s3/iam services
dkirillov marked this conversation as resolved
mbiryukova force-pushed feature/mfa_condition_key from a84a6b6691 to b4b2325716 2024-04-15 11:04:35 +00:00 Compare
fyrchik reviewed 2024-04-15 11:51:41 +00:00
@ -218,6 +225,12 @@ func getNativePrincipalsAndConditionFunc(statement Statement, resolver NativeRes
func convertToNativeChainCondition(c Conditions, resolver NativeResolver) ([]GroupedConditions, error) {
return convertToChainConditions(c, func(gr GroupedConditions) (GroupedConditions, error) {
if slices.ContainsFunc(gr.Conditions, func(c chain.Condition) bool {
Owner

These 5 lines can be replaced with a simple for loop, do we really need to use an external dependency here?
I see it is already used in another place, but it will be removed after we bumped minimum go version.

These 5 lines can be replaced with a simple `for` loop, do we really need to use an external dependency here? I see it is already used in another place, but it will be removed after we bumped minimum go version.

slices package contains this function too.

`slices` package contains this function too.
Member

Probably we can use already existing for loop below (line 234)

Probably we can use already existing `for` loop below (line 234)
Author
Member

I thought to check key before possible arn resolving, but can use loop below if it doesn't make sense to separate

I thought to check key before possible arn resolving, but can use loop below if it doesn't make sense to separate
Member

I suppose it's ok to use the same loop

I suppose it's ok to use the same loop
fyrchik marked this conversation as resolved
dstepanov-yadro requested changes 2024-04-15 12:05:48 +00:00
@ -1642,6 +1642,48 @@ func TestTagsConditions(t *testing.T) {
require.ElementsMatch(t, expectedConditions, nativeChain.Rules[0].Condition)
}
func TestMFACondition(t *testing.T) {

Could you please add negative test also.

Could you please add negative test also.
Author
Member

What do you expect it should check?

What do you expect it should check?
      "Condition": {
        "Bool": {
          "aws:MultiFactorAuthPresent": "false"
        }
 <no condition>
``` "Condition": { "Bool": { "aws:MultiFactorAuthPresent": "false" } ``` ``` <no condition> ```
dstepanov-yadro marked this conversation as resolved
mbiryukova force-pushed feature/mfa_condition_key from b4b2325716 to 04a79f57ef 2024-04-16 07:18:19 +00:00 Compare
dkirillov approved these changes 2024-04-16 07:26:47 +00:00
aarifullin approved these changes 2024-04-16 14:34:34 +00:00
fyrchik approved these changes 2024-04-16 15:55:36 +00:00
acid-ant approved these changes 2024-04-16 18:42:29 +00:00
dstepanov-yadro approved these changes 2024-04-17 06:10:52 +00:00
dkirillov merged commit 04a79f57ef into master 2024-04-17 06:36:21 +00:00
Sign in to join this conversation.
No description provided.