From c960b1b088314f80349a3eb6a08d7d846a57a459 Mon Sep 17 00:00:00 2001
From: Denis Kirillov <d.kirillov@yadro.com>
Date: Mon, 26 Feb 2024 12:22:29 +0300
Subject: [PATCH] [#53] iam: Extend support s3 to native actions

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
---
 iam/converter_native.go | 4 +++-
 iam/converter_test.go   | 6 +++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/iam/converter_native.go b/iam/converter_native.go
index 3ca0d89..b205638 100644
--- a/iam/converter_native.go
+++ b/iam/converter_native.go
@@ -11,7 +11,8 @@ import (
 const PropertyKeyFilePath = "FilePath"
 
 var supportedActionToNativeOpMap = map[string][]string{
-	supportedS3NativeActionDeleteObject: {native.MethodDeleteObject},
+	supportedS3NativeActionDeleteObject: {native.MethodDeleteObject, native.MethodHeadObject},
+	supportedS3NativeActionHeadObject:   {native.MethodHeadObject},
 	supportedS3NativeActionGetObject:    {native.MethodGetObject, native.MethodHeadObject, native.MethodSearchObject, native.MethodRangeObject, native.MethodHashObject},
 	supportedS3NativeActionPutObject:    {native.MethodPutObject},
 	supportedS3NativeActionListBucket:   {native.MethodGetContainer, native.MethodGetObject, native.MethodHeadObject, native.MethodSearchObject, native.MethodRangeObject, native.MethodHashObject},
@@ -45,6 +46,7 @@ var objectNativeOperations = map[string]struct{}{
 const (
 	supportedS3NativeActionDeleteObject = "s3:DeleteObject"
 	supportedS3NativeActionGetObject    = "s3:GetObject"
+	supportedS3NativeActionHeadObject   = "s3:HeadObject"
 	supportedS3NativeActionPutObject    = "s3:PutObject"
 	supportedS3NativeActionListBucket   = "s3:ListBucket"
 
diff --git a/iam/converter_test.go b/iam/converter_test.go
index 9591e02..868e63f 100644
--- a/iam/converter_test.go
+++ b/iam/converter_test.go
@@ -208,7 +208,7 @@ func TestConverters(t *testing.T) {
 		expected := &chain.Chain{Rules: []chain.Rule{
 			{
 				Status:  chain.AccessDenied,
-				Actions: chain.Actions{Names: []string{native.MethodDeleteObject, native.MethodDeleteContainer}},
+				Actions: chain.Actions{Names: []string{native.MethodDeleteObject, native.MethodHeadObject, native.MethodDeleteContainer}},
 				Resources: chain.Resources{Names: []string{
 					fmt.Sprintf(native.ResourceFormatNamespaceContainerObjects, namespace, mockResolver.containers[bktName]),
 				}},
@@ -229,7 +229,7 @@ func TestConverters(t *testing.T) {
 			},
 			{
 				Status:  chain.AccessDenied,
-				Actions: chain.Actions{Names: []string{native.MethodDeleteObject, native.MethodDeleteContainer}},
+				Actions: chain.Actions{Names: []string{native.MethodDeleteObject, native.MethodHeadObject, native.MethodDeleteContainer}},
 				Resources: chain.Resources{Names: []string{
 					fmt.Sprintf(native.ResourceFormatNamespaceContainer, namespace, mockResolver.containers[bktName]),
 				}},
@@ -341,7 +341,7 @@ func TestConverters(t *testing.T) {
 
 		nativeExpected := &chain.Chain{Rules: []chain.Rule{{
 			Status:    chain.Allow,
-			Actions:   chain.Actions{Names: []string{native.MethodDeleteObject}},
+			Actions:   chain.Actions{Names: []string{native.MethodDeleteObject, native.MethodHeadObject}},
 			Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects}},
 			Condition: []chain.Condition{{
 				Op:     chain.CondStringEquals,