Skip to content

Extend bucket policy support #32

Open
KirillovDenis opened this issue Feb 16, 2023 · 0 comments · May be fixed by #33
Open

Extend bucket policy support #32

KirillovDenis opened this issue Feb 16, 2023 · 0 comments · May be fixed by #33
Assignees
@KirillovDenis

Comments

@KirillovDenis
Copy link

Currently we expects that Statement.Action and Statement.Resources (in bucket policy) be string array as more general case.

{
    "Version": "2012-10-17",
    "Statement": [{
        "Principal":{
            "AWS":[
                "arn:aws:iam::111122223333:role/JohnDoe"
            ]
        },
        "Effect": "Allow",
        "Action": [
            "s3:PutObjectTagging"
        ],
        "Resource": [
            "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*"
        ],
        "Condition": {
            "ForAnyValue:StringEquals": {
                "s3:RequestObjectTagKeys": [
                    "Owner",
                    "CreationDate"
                ]
            }
        }
    }
  ]
}

But we should support and more particular case:

{
    "Version": "2012-10-17",
    "Id": "PutObjPolicy",
    "Statement": [{
        "Sid": "DenyObjectsThatAreNotSSEKMS",
        "Principal": "*",
        "Effect": "Deny",
        "Action": "s3:PutObject",
        "Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET/*",
        "Condition": {
            "Null": {
                "s3:x-amz-server-side-encryption-aws-kms-key-id": "true"
            }
        }
    }]
}
@KirillovDenis KirillovDenis linked a pull request Feb 17, 2023 that will close this issue
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@KirillovDenis KirillovDenis

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feature/32 extend bucket policy KirillovDenis/neofs-s3-gw
1 participant
@KirillovDenis