Skip to content

Commit acec4d0

Browse files
shiradyshirady
committed
IAM | Account schema changes for supporting inline user policy
Signed-off-by: shirady <[email protected]>
1 parent 69e29e1 commit acec4d0

File tree

2 files changed

+91
-0
lines changed

2 files changed

+91
-0
lines changed

src/api/common_api.js

Lines changed: 84 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -487,6 +487,90 @@ module.exports = {
487487
}
488488
},
489489

490+
// based on bucket policy without Principal and NotPrincipal since are not used in inline policies
491+
// removed the Condition as we don't support it yet
492+
iam_user_policy_document: {
493+
type: 'object',
494+
required: ['Statement'],
495+
properties: {
496+
Version: { type: 'string' },
497+
Statement: {
498+
type: 'array',
499+
items: {
500+
allOf: [{
501+
type: 'object',
502+
required: ['Effect'],
503+
properties: {
504+
Sid: {
505+
type: 'string'
506+
},
507+
Action: {
508+
$ref: '#/definitions/string_or_string_array'
509+
},
510+
NotAction: {
511+
$ref: '#/definitions/string_or_string_array'
512+
},
513+
Resource: {
514+
$ref: '#/definitions/string_or_string_array'
515+
},
516+
NotResource: {
517+
$ref: '#/definitions/string_or_string_array'
518+
},
519+
Effect: {
520+
enum: ['Allow', 'Deny'],
521+
type: 'string'
522+
},
523+
}
524+
},
525+
// see the comment in bucket_policy about these schemas
526+
// here we removed the Principal / NotPrincipal schemas
527+
{
528+
oneOf: [{
529+
type: 'object',
530+
required: ["Action"],
531+
additionalProperties: true,
532+
properties: {}
533+
},
534+
{
535+
type: 'object',
536+
required: ["NotAction"],
537+
additionalProperties: true,
538+
properties: {}
539+
}
540+
],
541+
},
542+
{
543+
oneOf: [{
544+
type: 'object',
545+
required: ["Resource"],
546+
additionalProperties: true,
547+
properties: {}
548+
},
549+
{
550+
type: 'object',
551+
required: ["NotResource"],
552+
additionalProperties: true,
553+
properties: {}
554+
}
555+
],
556+
},
557+
]
558+
}
559+
},
560+
}
561+
},
562+
563+
iam_user_policy: {
564+
type: 'object',
565+
required: ['policy_name', 'policy_document'],
566+
properties: {
567+
policy_name: { type: 'string' },
568+
policy_document: {
569+
$ref: 'common_api#/definitions/iam_user_policy_document',
570+
}
571+
}
572+
},
573+
490574
object_encryption: {
491575
type: 'object',
492576
properties: {

src/server/system_services/schemas/account_schema.js

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,11 +28,18 @@ module.exports = {
2828
password: { wrapper: SensitiveString }, // bcrypted password - DEPRECATED
2929
next_password_change: { date: true }, // DEPRECATED
3030
owner: { objectid: true },
31+
// IAM user info
3132
tagging: {
3233
$ref: 'common_api#/definitions/tagging',
3334
},
3435
iam_arn: { type: 'string' },
3536
iam_path: { type: 'string' },
37+
iam_user_policies: {
38+
type: 'array',
39+
items: {
40+
$ref: 'common_api#/definitions/iam_user_policy',
41+
}
42+
},
3643
// default policy for new buckets
3744
default_resource: { objectid: true },
3845
default_chunk_config: { objectid: true },

0 commit comments

Comments
 (0)