43229b05ce
* Update IAM and S3 protobuf definitions for explicit IAM gRPC APIs * Refactor s3api: Extract generic ExecuteAction method for IAM operations * Implement explicit IAM gRPC APIs in S3 server * iam: remove deprecated GetConfiguration and PutConfiguration RPCs * iamapi: refactor handlers to use CredentialManager directly * s3api: refactor embedded IAM to use CredentialManager directly * server: remove deprecated configuration gRPC handlers * credential/grpc: refactor configuration calls to return error * shell: update s3.configure to list users instead of full config * s3api: fix CreateServiceAccount gRPC handler to map required fields * s3api: fix UpdateServiceAccount gRPC handler to map fields and safe status * s3api: enforce UserName in embedded IAM ListAccessKeys * test: fix test_config.json structure to match proto definition * Revert "credential/grpc: refactor configuration calls to return error" This reverts commit cde707dd8b88c7d1bd730271518542eceb5ed069. * Revert "server: remove deprecated configuration gRPC handlers" This reverts commit 7307e205a083c8315cf84ddc2614b3e50eda2e33. * Revert "s3api: enforce UserName in embedded IAM ListAccessKeys" This reverts commit adf727ba52b4f3ffb911f0d0df85db858412ff83. * Revert "s3api: fix UpdateServiceAccount gRPC handler to map fields and safe status" This reverts commit 6a4be3314d43b6c8fda8d5e0558e83e87a19df3f. * Revert "s3api: fix CreateServiceAccount gRPC handler to map required fields" This reverts commit 9bb4425f07fbad38fb68d33e5c0aa573d8912a37. * Revert "shell: update s3.configure to list users instead of full config" This reverts commit f3304ead537b3e6be03d46df4cb55983ab931726. * Revert "s3api: refactor embedded IAM to use CredentialManager directly" This reverts commit 9012f27af82d11f0e824877712a5ae2505a65f86. * Revert "iamapi: refactor handlers to use CredentialManager directly" This reverts commit 3a148212236576b0a3aa4d991c2abb014fb46091. * Revert "iam: remove deprecated GetConfiguration and PutConfiguration RPCs" This reverts commit e16e08aa0099699338d3155bc7428e1051ce0a6a. * s3api: address IAM code review comments (error handling, logging, gRPC response mapping) * s3api: add robustness to startup by retrying KEK and IAM config loading from Filer * s3api: address IAM gRPC code review comments (safety, validation, status logic) * fix return
94 lines
1.9 KiB
JSON
94 lines
1.9 KiB
JSON
{
|
|
"identities": [
|
|
{
|
|
"name": "testuser",
|
|
"credentials": [
|
|
{
|
|
"accessKey": "test-access-key",
|
|
"secretKey": "test-secret-key"
|
|
}
|
|
],
|
|
"actions": [
|
|
"Admin"
|
|
]
|
|
},
|
|
{
|
|
"name": "readonlyuser",
|
|
"credentials": [
|
|
{
|
|
"accessKey": "readonly-access-key",
|
|
"secretKey": "readonly-secret-key"
|
|
}
|
|
],
|
|
"actions": [
|
|
"Read"
|
|
]
|
|
},
|
|
{
|
|
"name": "writeonlyuser",
|
|
"credentials": [
|
|
{
|
|
"accessKey": "writeonly-access-key",
|
|
"secretKey": "writeonly-secret-key"
|
|
}
|
|
],
|
|
"actions": [
|
|
"Write"
|
|
]
|
|
}
|
|
],
|
|
"bucketPolicyExamples": {
|
|
"PublicReadPolicy": {
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Sid": "PublicReadGetObject",
|
|
"Effect": "Allow",
|
|
"Principal": "*",
|
|
"Action": "s3:GetObject",
|
|
"Resource": "arn:aws:s3:::example-bucket/*"
|
|
}
|
|
]
|
|
},
|
|
"DenyDeletePolicy": {
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Sid": "DenyDeleteOperations",
|
|
"Effect": "Deny",
|
|
"Principal": "*",
|
|
"Action": [
|
|
"s3:DeleteObject",
|
|
"s3:DeleteBucket"
|
|
],
|
|
"Resource": [
|
|
"arn:aws:s3:::example-bucket",
|
|
"arn:aws:s3:::example-bucket/*"
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"IPRestrictedAccessPolicy": {
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Sid": "IPRestrictedAccess",
|
|
"Effect": "Allow",
|
|
"Principal": "*",
|
|
"Action": [
|
|
"s3:GetObject",
|
|
"s3:PutObject"
|
|
],
|
|
"Resource": "arn:aws:s3:::example-bucket/*",
|
|
"Condition": {
|
|
"IpAddress": {
|
|
"aws:SourceIp": [
|
|
"203.0.113.0/24"
|
|
]
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
} |