Skip to content

Commit b92c485

Browse files
shiradyshirady
committed
IAM | Account schema changes for supporting inline user policy
Signed-off-by: shirady <[email protected]>
1 parent b035cd9 commit b92c485

File tree

2 files changed

+90
-0
lines changed

2 files changed

+90
-0
lines changed

src/api/common_api.js

Lines changed: 84 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -487,6 +487,90 @@ module.exports = {
487487
}
488488
},
489489

490+
// based on bucket policy without Principal and NotPrincipal since are not used in inline policies
491+
// removed the Condition as we don't support it yet
492+
iam_user_policy_document: {
493+
type: 'object',
494+
required: ['Statement'],
495+
properties: {
496+
Version: { type: 'string' },
497+
Statement: {
498+
type: 'array',
499+
items: {
500+
allOf: [{
501+
type: 'object',
502+
required: ['Effect'],
503+
properties: {
504+
Sid: {
505+
type: 'string'
506+
},
507+
Action: {
508+
$ref: '#/definitions/string_or_string_array'
509+
},
510+
NotAction: {
511+
$ref: '#/definitions/string_or_string_array'
512+
},
513+
Resource: {
514+
$ref: '#/definitions/string_or_string_array'
515+
},
516+
NotResource: {
517+
$ref: '#/definitions/string_or_string_array'
518+
},
519+
Effect: {
520+
enum: ['Allow', 'Deny'],
521+
type: 'string'
522+
},
523+
}
524+
},
525+
// see the comment in bucket_policy about these schemas
526+
// here we removed the Principal / NotPrincipal schemas
527+
{
528+
oneOf: [{
529+
type: 'object',
530+
required: ["Action"],
531+
additionalProperties: true,
532+
properties: {}
533+
},
534+
{
535+
type: 'object',
536+
required: ["NotAction"],
537+
additionalProperties: true,
538+
properties: {}
539+
}
540+
],
541+
},
542+
{
543+
oneOf: [{
544+
type: 'object',
545+
required: ["Resource"],
546+
additionalProperties: true,
547+
properties: {}
548+
},
549+
{
550+
type: 'object',
551+
required: ["NotResource"],
552+
additionalProperties: true,
553+
properties: {}
554+
}
555+
],
556+
},
557+
]
558+
}
559+
},
560+
}
561+
},
562+
563+
iam_user_policy: {
564+
type: 'object',
565+
required: ['policy_name', 'policy_document'],
566+
properties: {
567+
policy_name: { type: 'string' },
568+
policy_document: {
569+
$ref: 'common_api#/definitions/iam_user_policy_document',
570+
}
571+
}
572+
},
573+
490574
object_encryption: {
491575
type: 'object',
492576
properties: {

src/server/system_services/schemas/account_schema.js

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,12 @@ module.exports = {
3333
},
3434
iam_arn: { type: 'string' },
3535
iam_path: { type: 'string' },
36+
iam_user_policies: {
37+
type: 'array',
38+
items: {
39+
$ref: 'common_api#/definitions/iam_user_policy',
40+
}
41+
},
3642
// default policy for new buckets
3743
default_resource: { objectid: true },
3844
default_chunk_config: { objectid: true },

0 commit comments

Comments
 (0)