wip

2022-08-25 16:21:21 +02:00 · 2022-08-25 15:28:20 +02:00 · 2022-08-25 13:42:32 +02:00 · 2022-08-18 14:41:26 +02:00
3 changed files with 17 additions and 2 deletions
--- a/lib/auth/v4/validateInputs.ts
+++ b/lib/auth/v4/validateInputs.ts
@ -44,8 +44,8 @@ export function validateCredentials(
        return errors.RequestTimeTooSkewed;
    }
    if (service !== 's3' && service !== 'iam' && service !== 'ring' &&
-        service !== 'sts') {
-        log.warn('service in credentials is not one of s3/iam/ring/sts', {
+        service !== 'sts' && service !== 'scality') {
+        log.warn('service in credentials is not one of s3/iam/ring/sts/scality', {
            service,
        });
        return errors.InvalidArgument;
--- a/lib/policyEvaluator/RequestContext.ts
+++ b/lib/policyEvaluator/RequestContext.ts
@ -11,6 +11,7 @@ import {
    actionMapIAM,
    actionMapSSO,
    actionMapSTS,
+    actionMapScality,
    actionMapMetadata,
 } from './utils/actionMaps';

@ -36,6 +37,8 @@ function _findAction(service: string, method: string) {
            return actionMapSTS[method];
        case 'metadata':
            return actionMapMetadata[method];
+        case 'scality':
+            return actionMapScality[method];
        default:
            return undefined;
    }
@ -49,6 +52,9 @@ function _buildArn(
 ) {
    // arn:partition:service:region:account-id:resourcetype/resource
    switch (service) {
+        case 'scality': {
+            return `arn:aws:iam::${requesterInfo!.accountid}:/${generalResource}/`;
+        }
        case 's3': {
            // arn:aws:s3:::bucket/object
            // General resource is bucketName
--- a/lib/policyEvaluator/utils/actionMaps.ts
+++ b/lib/policyEvaluator/utils/actionMaps.ts
@ -199,6 +199,14 @@ const actionMapIAM = {
    listUserTags: 'iam:ListUserTags',
 };

+const actionMapScality = {
+    updateAccountAttributes: 'scality:UpdateAccountAttributes',
+    UpdateAccountQuota: 'scality:UpdateAccountQuota',
+    DeleteAccountQuota: 'scality:DeleteAccountQuota',
+    DeleteAccount: 'scality:DeleteAccount',
+    GenerateAccountAccessKey: 'scality:GenerateAccountAccessKey',
+};
+
 const actionMapSSO = {
    SsoAuthorize: 'sso:Authorize',
 };
@ -221,4 +229,5 @@ export {
    actionMapSSO,
    actionMapSTS,
    actionMapMetadata,
+    actionMapScality,
 };
Author	SHA1	Message	Date
williamlardier	99d9abb28f	wip	2022-08-25 16:21:21 +02:00
williamlardier	9e9fa1378e	wip	2022-08-25 15:28:20 +02:00
williamlardier	cb14d22822	wip	2022-08-25 13:42:32 +02:00
williamlardier	9c7024409d	wip	2022-08-18 14:41:26 +02:00