diff --git a/iam/converter_native.go b/iam/converter_native.go index 8e5126a..982feaa 100644 --- a/iam/converter_native.go +++ b/iam/converter_native.go @@ -15,9 +15,9 @@ var actionToNativeOpMap = map[string][]string{ s3ActionCreateBucket: {native.MethodGetContainer, native.MethodPutContainer, native.MethodSetContainerEACL}, s3ActionDeleteBucket: {native.MethodGetContainer, native.MethodDeleteContainer, native.MethodSearchObject, native.MethodHeadObject}, s3ActionDeleteBucketPolicy: {native.MethodGetContainer}, - s3ActionDeleteObject: {native.MethodGetContainer, native.MethodDeleteObject, native.MethodPutObject, native.MethodHeadObject}, + s3ActionDeleteObject: {native.MethodGetContainer, native.MethodDeleteObject, native.MethodPutObject, native.MethodHeadObject, native.MethodGetObject, native.MethodRangeObject}, s3ActionDeleteObjectTagging: {native.MethodGetContainer, native.MethodHeadObject}, - s3ActionDeleteObjectVersion: {native.MethodGetContainer, native.MethodDeleteObject, native.MethodPutObject, native.MethodHeadObject}, + s3ActionDeleteObjectVersion: {native.MethodGetContainer, native.MethodDeleteObject, native.MethodPutObject, native.MethodHeadObject, native.MethodGetObject, native.MethodRangeObject}, s3ActionDeleteObjectVersionTagging: {native.MethodGetContainer, native.MethodHeadObject}, s3ActionGetBucketACL: {native.MethodGetContainer, native.MethodGetContainerEACL}, s3ActionGetBucketCORS: {native.MethodGetContainer, native.MethodGetObject, native.MethodHeadObject}, diff --git a/iam/converter_test.go b/iam/converter_test.go index 0f4c910..bc14a63 100644 --- a/iam/converter_test.go +++ b/iam/converter_test.go @@ -211,8 +211,13 @@ func TestConverters(t *testing.T) { expected := &chain.Chain{Rules: []chain.Rule{ { - Status: chain.Allow, - Actions: chain.Actions{Names: []string{native.MethodGetContainer, native.MethodDeleteContainer, native.MethodSearchObject, native.MethodHeadObject, native.MethodDeleteObject, native.MethodPutObject}}, + Status: chain.Allow, + Actions: chain.Actions{Names: []string{ + native.MethodGetContainer, native.MethodDeleteContainer, + native.MethodSearchObject, native.MethodHeadObject, + native.MethodDeleteObject, native.MethodPutObject, + native.MethodGetObject, native.MethodRangeObject, + }}, Resources: chain.Resources{Names: []string{ fmt.Sprintf(native.ResourceFormatNamespaceContainerObjects, namespace, mockResolver.containers[bktName]), fmt.Sprintf(native.ResourceFormatNamespaceContainer, namespace, mockResolver.containers[bktName]), @@ -233,8 +238,13 @@ func TestConverters(t *testing.T) { }, }, { - Status: chain.Allow, - Actions: chain.Actions{Names: []string{native.MethodGetContainer, native.MethodDeleteContainer, native.MethodSearchObject, native.MethodHeadObject, native.MethodDeleteObject, native.MethodPutObject}}, + Status: chain.Allow, + Actions: chain.Actions{Names: []string{ + native.MethodGetContainer, native.MethodDeleteContainer, + native.MethodSearchObject, native.MethodHeadObject, + native.MethodDeleteObject, native.MethodPutObject, + native.MethodGetObject, native.MethodRangeObject, + }}, Resources: chain.Resources{Names: []string{ fmt.Sprintf(native.ResourceFormatNamespaceContainer, namespace, mockResolver.containers[bktName]), }}, @@ -347,7 +357,7 @@ func TestConverters(t *testing.T) { nativeExpected := &chain.Chain{Rules: []chain.Rule{{ Status: chain.Allow, - Actions: chain.Actions{Names: []string{native.MethodGetContainer, native.MethodDeleteObject, native.MethodPutObject, native.MethodHeadObject}}, + Actions: chain.Actions{Names: []string{native.MethodGetContainer, native.MethodDeleteObject, native.MethodPutObject, native.MethodHeadObject, native.MethodGetObject, native.MethodRangeObject}}, Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects, native.ResourceFormatAllContainers}}, Condition: []chain.Condition{{ Op: chain.CondStringEquals,