realloc/frostfs-s3-gw
1
0
Fork 0
forked from TrueCloudLab/frostfs-s3-gw
Code Issues Pull requests Projects Releases Packages Wiki Activity

[#346] acl: Update APE and fix using

Browse source 
* Remove native policy when remove bucket policy
* Allow policies that contain only s3 compatible statements
(now deny rules cannot be converted to native rules)

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
Denis Kirillov 2024-04-01 12:51:05 +03:00 committed by Alexey Vanin
parent 6b8095182e
commit 8669bf6b50
11 changed files with 114 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

2
api/handler/acl_test.go
View file

@ -1451,6 +1451,7 @@ func TestBucketPolicy(t *testing.T) {
getBucketPolicy(hc, bktName, s3errors.ErrNoSuchBucketPolicy)
newPolicy := engineiam.Policy{
Version: "2012-10-17",
Statement: []engineiam.Statement{{
Principal: map[engineiam.PrincipalType][]string{engineiam.Wildcard: {}},
Effect: engineiam.DenyEffect,
@ -1477,6 +1478,7 @@ func TestBucketPolicyStatus(t *testing.T) {
getBucketPolicy(hc, bktName, s3errors.ErrNoSuchBucketPolicy)
newPolicy := engineiam.Policy{
Version: "2012-10-17",
Statement: []engineiam.Statement{{
NotPrincipal: engineiam.Principal{engineiam.Wildcard: {}},
Effect: engineiam.AllowEffect,