|
|
@ -385,7 +385,7 @@ func checkRequestAuthTypeToAccessKey(ctx context.Context, r *http.Request, actio |
|
|
|
// verify as a fallback.
|
|
|
|
// verify as a fallback.
|
|
|
|
if globalIAMSys.IsAllowed(iampolicy.Args{ |
|
|
|
if globalIAMSys.IsAllowed(iampolicy.Args{ |
|
|
|
AccountName: cred.AccessKey, |
|
|
|
AccountName: cred.AccessKey, |
|
|
|
Action: iampolicy.Action(policy.ListBucketAction), |
|
|
|
Action: iampolicy.ListBucketAction, |
|
|
|
BucketName: bucketName, |
|
|
|
BucketName: bucketName, |
|
|
|
ConditionValues: getConditionValues(r, "", cred.AccessKey, claims), |
|
|
|
ConditionValues: getConditionValues(r, "", cred.AccessKey, claims), |
|
|
|
ObjectName: objectName, |
|
|
|
ObjectName: objectName, |
|
|
@ -556,7 +556,7 @@ func isPutRetentionAllowed(bucketName, objectName string, retDays int, retDate t |
|
|
|
if retMode == objectlock.RetGovernance && byPassSet { |
|
|
|
if retMode == objectlock.RetGovernance && byPassSet { |
|
|
|
byPassSet = globalPolicySys.IsAllowed(policy.Args{ |
|
|
|
byPassSet = globalPolicySys.IsAllowed(policy.Args{ |
|
|
|
AccountName: cred.AccessKey, |
|
|
|
AccountName: cred.AccessKey, |
|
|
|
Action: policy.Action(policy.BypassGovernanceRetentionAction), |
|
|
|
Action: policy.BypassGovernanceRetentionAction, |
|
|
|
BucketName: bucketName, |
|
|
|
BucketName: bucketName, |
|
|
|
ConditionValues: conditions, |
|
|
|
ConditionValues: conditions, |
|
|
|
IsOwner: false, |
|
|
|
IsOwner: false, |
|
|
@ -565,7 +565,7 @@ func isPutRetentionAllowed(bucketName, objectName string, retDays int, retDate t |
|
|
|
} |
|
|
|
} |
|
|
|
if globalPolicySys.IsAllowed(policy.Args{ |
|
|
|
if globalPolicySys.IsAllowed(policy.Args{ |
|
|
|
AccountName: cred.AccessKey, |
|
|
|
AccountName: cred.AccessKey, |
|
|
|
Action: policy.Action(policy.PutObjectRetentionAction), |
|
|
|
Action: policy.PutObjectRetentionAction, |
|
|
|
BucketName: bucketName, |
|
|
|
BucketName: bucketName, |
|
|
|
ConditionValues: conditions, |
|
|
|
ConditionValues: conditions, |
|
|
|
IsOwner: false, |
|
|
|
IsOwner: false, |
|
|
@ -588,7 +588,7 @@ func isPutRetentionAllowed(bucketName, objectName string, retDays int, retDate t |
|
|
|
if retMode == objectlock.RetGovernance && byPassSet { |
|
|
|
if retMode == objectlock.RetGovernance && byPassSet { |
|
|
|
byPassSet = globalIAMSys.IsAllowed(iampolicy.Args{ |
|
|
|
byPassSet = globalIAMSys.IsAllowed(iampolicy.Args{ |
|
|
|
AccountName: cred.AccessKey, |
|
|
|
AccountName: cred.AccessKey, |
|
|
|
Action: policy.BypassGovernanceRetentionAction, |
|
|
|
Action: iampolicy.BypassGovernanceRetentionAction, |
|
|
|
BucketName: bucketName, |
|
|
|
BucketName: bucketName, |
|
|
|
ObjectName: objectName, |
|
|
|
ObjectName: objectName, |
|
|
|
ConditionValues: conditions, |
|
|
|
ConditionValues: conditions, |
|
|
@ -598,7 +598,7 @@ func isPutRetentionAllowed(bucketName, objectName string, retDays int, retDate t |
|
|
|
} |
|
|
|
} |
|
|
|
if globalIAMSys.IsAllowed(iampolicy.Args{ |
|
|
|
if globalIAMSys.IsAllowed(iampolicy.Args{ |
|
|
|
AccountName: cred.AccessKey, |
|
|
|
AccountName: cred.AccessKey, |
|
|
|
Action: policy.PutObjectRetentionAction, |
|
|
|
Action: iampolicy.PutObjectRetentionAction, |
|
|
|
BucketName: bucketName, |
|
|
|
BucketName: bucketName, |
|
|
|
ConditionValues: conditions, |
|
|
|
ConditionValues: conditions, |
|
|
|
ObjectName: objectName, |
|
|
|
ObjectName: objectName, |
|
|
|