Commit graph

18 commits

Author SHA1 Message Date
ac965e8d17 [#80] iam: Move resource tag to resource property
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-06-11 13:29:30 +03:00
64e06f5b7c [#80] iam: Skip unsupported conditions in native chains
Skip conditions with
* aws:RequestTag
* aws:ResourceTag
keys

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-06-11 11:15:22 +03:00
Airat Arifullin
84c4872b20 [#75] chain: Refactor ObjectType type
* Rename `ObjectType` to `Kind`;
* Rename `Object` field in `Condition` to `ConditionKind`;
* Regenerate easy-json marshalers/unmarshalers;
* Fix unit-tests

Signed-off-by: Airat Arifullin <aarifullin@yadro.com>
2024-05-13 17:36:17 +03:00
04a79f57ef [#70] iam: Support aws:MultiFactorAuthPresent key
Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2024-04-16 10:17:28 +03:00
530248de75 [#69] iam: Extend native actions with tree service methods
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-12 13:22:12 +03:00
b6a6816800 [#68] iam: Allow read object on delete operation
We must be able to read s3 multipart object from storage
(to find out the parts it consists of)
to fully delete such multipart object

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-12 09:57:53 +03:00
1f190e1668 [#58] iam: Fix native actions mapping
We have to add native:PutObject when want to delete object
 because of tombstone must be created (it's a put operation)

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-10 14:48:23 +03:00
1d51f2121d [#58] iam: Support more s3 actions
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-04-01 17:18:20 +03:00
c960b1b088 [#53] iam: Extend support s3 to native actions
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-26 12:42:15 +03:00
1cdb3e5a4a [#46] iam: Support more s3 to native actions mapping
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-02-01 17:18:55 +03:00
af388779a3 [#46] iam: Shrink rules for wildcard cases
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-01-29 11:50:24 +03:00
8cc5173d73 [#46] iam: Support namespaces when forming native rules
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-01-29 11:50:24 +03:00
2af381ae81 [#46] iam: Error if policy doesn't have actions
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2024-01-29 11:50:24 +03:00
3128352693 [#36] iam: Keep s3/iam prefixes in resources
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-20 07:08:31 +00:00
ec39d8371a [#36] iam: Support iam actions
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-20 07:08:31 +00:00
1d07331f5d [#28] iam: Fix converters
Handle resource without object as bucket name instead of bucket with any object

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-12-13 13:20:38 +00:00
a0a35bf4bf [#22] iam: Fix converters
Validate that actions and resources contain wildcard only at the end

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-11-28 17:56:36 +03:00
5fa9d91903 [#17] iam: Add converter to native/s3 policy
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
2023-11-21 11:45:41 +03:00