From 1f190e1668ecda67ee2fef11b109ddecfa3a030d Mon Sep 17 00:00:00 2001 From: Denis Kirillov Date: Wed, 10 Apr 2024 14:45:31 +0300 Subject: [PATCH] [#58] iam: Fix native actions mapping We have to add native:PutObject when want to delete object because of tombstone must be created (it's a put operation) Signed-off-by: Denis Kirillov --- iam/converter_native.go | 6 +++--- iam/converter_test.go | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/iam/converter_native.go b/iam/converter_native.go index dfc3bf0..8e5126a 100644 --- a/iam/converter_native.go +++ b/iam/converter_native.go @@ -15,10 +15,10 @@ var actionToNativeOpMap = map[string][]string{ s3ActionCreateBucket: {native.MethodGetContainer, native.MethodPutContainer, native.MethodSetContainerEACL}, s3ActionDeleteBucket: {native.MethodGetContainer, native.MethodDeleteContainer, native.MethodSearchObject, native.MethodHeadObject}, s3ActionDeleteBucketPolicy: {native.MethodGetContainer}, - s3ActionDeleteObject: {native.MethodGetContainer, native.MethodDeleteObject, native.MethodHeadObject}, + s3ActionDeleteObject: {native.MethodGetContainer, native.MethodDeleteObject, native.MethodPutObject, native.MethodHeadObject}, s3ActionDeleteObjectTagging: {native.MethodGetContainer, native.MethodHeadObject}, - s3ActionDeleteObjectVersion: {native.MethodGetContainer, native.MethodDeleteObject, native.MethodHeadObject}, - s3ActionDeleteObjectVersionTagging: {native.MethodGetContainer, native.MethodDeleteObject, native.MethodHeadObject}, + s3ActionDeleteObjectVersion: {native.MethodGetContainer, native.MethodDeleteObject, native.MethodPutObject, native.MethodHeadObject}, + s3ActionDeleteObjectVersionTagging: {native.MethodGetContainer, native.MethodHeadObject}, s3ActionGetBucketACL: {native.MethodGetContainer, native.MethodGetContainerEACL}, s3ActionGetBucketCORS: {native.MethodGetContainer, native.MethodGetObject, native.MethodHeadObject}, s3ActionGetBucketLocation: {native.MethodGetContainer}, diff --git a/iam/converter_test.go b/iam/converter_test.go index f57f085..0f4c910 100644 --- a/iam/converter_test.go +++ b/iam/converter_test.go @@ -212,7 +212,7 @@ func TestConverters(t *testing.T) { expected := &chain.Chain{Rules: []chain.Rule{ { Status: chain.Allow, - Actions: chain.Actions{Names: []string{native.MethodGetContainer, native.MethodDeleteContainer, native.MethodSearchObject, native.MethodHeadObject, native.MethodDeleteObject}}, + Actions: chain.Actions{Names: []string{native.MethodGetContainer, native.MethodDeleteContainer, native.MethodSearchObject, native.MethodHeadObject, native.MethodDeleteObject, native.MethodPutObject}}, Resources: chain.Resources{Names: []string{ fmt.Sprintf(native.ResourceFormatNamespaceContainerObjects, namespace, mockResolver.containers[bktName]), fmt.Sprintf(native.ResourceFormatNamespaceContainer, namespace, mockResolver.containers[bktName]), @@ -234,7 +234,7 @@ func TestConverters(t *testing.T) { }, { Status: chain.Allow, - Actions: chain.Actions{Names: []string{native.MethodGetContainer, native.MethodDeleteContainer, native.MethodSearchObject, native.MethodHeadObject, native.MethodDeleteObject}}, + Actions: chain.Actions{Names: []string{native.MethodGetContainer, native.MethodDeleteContainer, native.MethodSearchObject, native.MethodHeadObject, native.MethodDeleteObject, native.MethodPutObject}}, Resources: chain.Resources{Names: []string{ fmt.Sprintf(native.ResourceFormatNamespaceContainer, namespace, mockResolver.containers[bktName]), }}, @@ -347,7 +347,7 @@ func TestConverters(t *testing.T) { nativeExpected := &chain.Chain{Rules: []chain.Rule{{ Status: chain.Allow, - Actions: chain.Actions{Names: []string{native.MethodGetContainer, native.MethodDeleteObject, native.MethodHeadObject}}, + Actions: chain.Actions{Names: []string{native.MethodGetContainer, native.MethodDeleteObject, native.MethodPutObject, native.MethodHeadObject}}, Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects, native.ResourceFormatAllContainers}}, Condition: []chain.Condition{{ Op: chain.CondStringEquals,