[#53] iam: Extend support s3 to native actions

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-26 12:22:29 +03:00 · 2024-02-26 12:22:29 +03:00 · c960b1b088
commit c960b1b088
parent 8354a074c4
2 changed files with 6 additions and 4 deletions
--- a/iam/converter_native.go
+++ b/iam/converter_native.go
@ -11,7 +11,8 @@ import (
 const PropertyKeyFilePath = "FilePath"
 var supportedActionToNativeOpMap = map[string][]string{
-	supportedS3NativeActionDeleteObject: {native.MethodDeleteObject},
+	supportedS3NativeActionDeleteObject: {native.MethodDeleteObject, native.MethodHeadObject},
 	supportedS3NativeActionHeadObject:   {native.MethodHeadObject},
 	supportedS3NativeActionGetObject:    {native.MethodGetObject, native.MethodHeadObject, native.MethodSearchObject, native.MethodRangeObject, native.MethodHashObject},
 	supportedS3NativeActionPutObject:    {native.MethodPutObject},
 	supportedS3NativeActionListBucket:   {native.MethodGetContainer, native.MethodGetObject, native.MethodHeadObject, native.MethodSearchObject, native.MethodRangeObject, native.MethodHashObject},
@ -45,6 +46,7 @@ var objectNativeOperations = map[string]struct{}{
 const (
 	supportedS3NativeActionDeleteObject = "s3:DeleteObject"
 	supportedS3NativeActionGetObject    = "s3:GetObject"
 	supportedS3NativeActionHeadObject   = "s3:HeadObject"
 	supportedS3NativeActionPutObject    = "s3:PutObject"
 	supportedS3NativeActionListBucket   = "s3:ListBucket"
--- a/iam/converter_test.go
+++ b/iam/converter_test.go
@ -208,7 +208,7 @@ func TestConverters(t *testing.T) {
 		expected := &chain.Chain{Rules: []chain.Rule{
 			{
 				Status:  chain.AccessDenied,
-				Actions: chain.Actions{Names: []string{native.MethodDeleteObject, native.MethodDeleteContainer}},
+				Actions: chain.Actions{Names: []string{native.MethodDeleteObject, native.MethodHeadObject, native.MethodDeleteContainer}},
 				Resources: chain.Resources{Names: []string{
 					fmt.Sprintf(native.ResourceFormatNamespaceContainerObjects, namespace, mockResolver.containers[bktName]),
 				}},
@ -229,7 +229,7 @@ func TestConverters(t *testing.T) {
 			},
 			{
 				Status:  chain.AccessDenied,
-				Actions: chain.Actions{Names: []string{native.MethodDeleteObject, native.MethodDeleteContainer}},
+				Actions: chain.Actions{Names: []string{native.MethodDeleteObject, native.MethodHeadObject, native.MethodDeleteContainer}},
 				Resources: chain.Resources{Names: []string{
 					fmt.Sprintf(native.ResourceFormatNamespaceContainer, namespace, mockResolver.containers[bktName]),
 				}},
@ -341,7 +341,7 @@ func TestConverters(t *testing.T) {
 		nativeExpected := &chain.Chain{Rules: []chain.Rule{{
 			Status:    chain.Allow,
-			Actions:   chain.Actions{Names: []string{native.MethodDeleteObject}},
+			Actions:   chain.Actions{Names: []string{native.MethodDeleteObject, native.MethodHeadObject}},
 			Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects}},
 			Condition: []chain.Condition{{
 				Op:     chain.CondStringEquals,