From b6a6816800a02ca94edc40b72b0cbd0d1edb67c8 Mon Sep 17 00:00:00 2001
From: Denis Kirillov <d.kirillov@yadro.com>
Date: Fri, 12 Apr 2024 09:45:31 +0300
Subject: [PATCH] [#68] iam: Allow read object on delete operation

We must be able to read s3 multipart object from storage
(to find out the parts it consists of)
to fully delete such multipart object

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
---
 iam/converter_native.go |  4 ++--
 iam/converter_test.go   | 20 +++++++++++++++-----
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/iam/converter_native.go b/iam/converter_native.go
index 8e5126a..982feaa 100644
--- a/iam/converter_native.go
+++ b/iam/converter_native.go
@@ -15,9 +15,9 @@ var actionToNativeOpMap = map[string][]string{
 	s3ActionCreateBucket:                     {native.MethodGetContainer, native.MethodPutContainer, native.MethodSetContainerEACL},
 	s3ActionDeleteBucket:                     {native.MethodGetContainer, native.MethodDeleteContainer, native.MethodSearchObject, native.MethodHeadObject},
 	s3ActionDeleteBucketPolicy:               {native.MethodGetContainer},
-	s3ActionDeleteObject:                     {native.MethodGetContainer, native.MethodDeleteObject, native.MethodPutObject, native.MethodHeadObject},
+	s3ActionDeleteObject:                     {native.MethodGetContainer, native.MethodDeleteObject, native.MethodPutObject, native.MethodHeadObject, native.MethodGetObject, native.MethodRangeObject},
 	s3ActionDeleteObjectTagging:              {native.MethodGetContainer, native.MethodHeadObject},
-	s3ActionDeleteObjectVersion:              {native.MethodGetContainer, native.MethodDeleteObject, native.MethodPutObject, native.MethodHeadObject},
+	s3ActionDeleteObjectVersion:              {native.MethodGetContainer, native.MethodDeleteObject, native.MethodPutObject, native.MethodHeadObject, native.MethodGetObject, native.MethodRangeObject},
 	s3ActionDeleteObjectVersionTagging:       {native.MethodGetContainer, native.MethodHeadObject},
 	s3ActionGetBucketACL:                     {native.MethodGetContainer, native.MethodGetContainerEACL},
 	s3ActionGetBucketCORS:                    {native.MethodGetContainer, native.MethodGetObject, native.MethodHeadObject},
diff --git a/iam/converter_test.go b/iam/converter_test.go
index 0f4c910..bc14a63 100644
--- a/iam/converter_test.go
+++ b/iam/converter_test.go
@@ -211,8 +211,13 @@ func TestConverters(t *testing.T) {
 
 		expected := &chain.Chain{Rules: []chain.Rule{
 			{
-				Status:  chain.Allow,
-				Actions: chain.Actions{Names: []string{native.MethodGetContainer, native.MethodDeleteContainer, native.MethodSearchObject, native.MethodHeadObject, native.MethodDeleteObject, native.MethodPutObject}},
+				Status: chain.Allow,
+				Actions: chain.Actions{Names: []string{
+					native.MethodGetContainer, native.MethodDeleteContainer,
+					native.MethodSearchObject, native.MethodHeadObject,
+					native.MethodDeleteObject, native.MethodPutObject,
+					native.MethodGetObject, native.MethodRangeObject,
+				}},
 				Resources: chain.Resources{Names: []string{
 					fmt.Sprintf(native.ResourceFormatNamespaceContainerObjects, namespace, mockResolver.containers[bktName]),
 					fmt.Sprintf(native.ResourceFormatNamespaceContainer, namespace, mockResolver.containers[bktName]),
@@ -233,8 +238,13 @@ func TestConverters(t *testing.T) {
 				},
 			},
 			{
-				Status:  chain.Allow,
-				Actions: chain.Actions{Names: []string{native.MethodGetContainer, native.MethodDeleteContainer, native.MethodSearchObject, native.MethodHeadObject, native.MethodDeleteObject, native.MethodPutObject}},
+				Status: chain.Allow,
+				Actions: chain.Actions{Names: []string{
+					native.MethodGetContainer, native.MethodDeleteContainer,
+					native.MethodSearchObject, native.MethodHeadObject,
+					native.MethodDeleteObject, native.MethodPutObject,
+					native.MethodGetObject, native.MethodRangeObject,
+				}},
 				Resources: chain.Resources{Names: []string{
 					fmt.Sprintf(native.ResourceFormatNamespaceContainer, namespace, mockResolver.containers[bktName]),
 				}},
@@ -347,7 +357,7 @@ func TestConverters(t *testing.T) {
 
 		nativeExpected := &chain.Chain{Rules: []chain.Rule{{
 			Status:    chain.Allow,
-			Actions:   chain.Actions{Names: []string{native.MethodGetContainer, native.MethodDeleteObject, native.MethodPutObject, native.MethodHeadObject}},
+			Actions:   chain.Actions{Names: []string{native.MethodGetContainer, native.MethodDeleteObject, native.MethodPutObject, native.MethodHeadObject, native.MethodGetObject, native.MethodRangeObject}},
 			Resources: chain.Resources{Names: []string{native.ResourceFormatAllObjects, native.ResourceFormatAllContainers}},
 			Condition: []chain.Condition{{
 				Op:     chain.CondStringEquals,