ac965e8d17
[ #80 ] iam: Move resource tag to resource property
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-06-11 13:29:30 +03:00
64e06f5b7c
[ #80 ] iam: Skip unsupported conditions in native chains
...
Skip conditions with
* aws:RequestTag
* aws:ResourceTag
keys
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-06-11 11:15:22 +03:00
Airat Arifullin
84c4872b20
[ #75 ] chain: Refactor ObjectType
type
...
* Rename `ObjectType` to `Kind`;
* Rename `Object` field in `Condition` to `ConditionKind`;
* Regenerate easy-json marshalers/unmarshalers;
* Fix unit-tests
Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-05-13 17:36:17 +03:00
04a79f57ef
[ #70 ] iam: Support aws:MultiFactorAuthPresent key
...
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-04-16 10:17:28 +03:00
530248de75
[ #69 ] iam: Extend native actions with tree service methods
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-12 13:22:12 +03:00
b6a6816800
[ #68 ] iam: Allow read object on delete operation
...
We must be able to read s3 multipart object from storage
(to find out the parts it consists of)
to fully delete such multipart object
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-12 09:57:53 +03:00
1f190e1668
[ #58 ] iam: Fix native actions mapping
...
We have to add native:PutObject when want to delete object
because of tombstone must be created (it's a put operation)
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-10 14:48:23 +03:00
1d51f2121d
[ #58 ] iam: Support more s3 actions
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-01 17:18:20 +03:00
c960b1b088
[ #53 ] iam: Extend support s3 to native actions
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-26 12:42:15 +03:00
1cdb3e5a4a
[ #46 ] iam: Support more s3 to native actions mapping
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-01 17:18:55 +03:00
af388779a3
[ #46 ] iam: Shrink rules for wildcard cases
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-01-29 11:50:24 +03:00
8cc5173d73
[ #46 ] iam: Support namespaces when forming native rules
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-01-29 11:50:24 +03:00
2af381ae81
[ #46 ] iam: Error if policy doesn't have actions
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-01-29 11:50:24 +03:00
3128352693
[ #36 ] iam: Keep s3/iam prefixes in resources
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-20 07:08:31 +00:00
ec39d8371a
[ #36 ] iam: Support iam actions
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-20 07:08:31 +00:00
1d07331f5d
[ #28 ] iam: Fix converters
...
Handle resource without object as bucket name instead of bucket with any object
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-13 13:20:38 +00:00
a0a35bf4bf
[ #22 ] iam: Fix converters
...
Validate that actions and resources contain wildcard only at the end
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-11-28 17:56:36 +03:00
5fa9d91903
[ #17 ] iam: Add converter to native/s3 policy
...
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-11-21 11:45:41 +03:00