Allow Put* actions in console (#2544)

This commit is contained in:
Javier Adriel
2023-01-04 12:51:46 -06:00
committed by GitHub
parent 65ab6870e6
commit 1d951b28aa
15 changed files with 77 additions and 18 deletions

View File

@@ -29,6 +29,7 @@ export const IAM_SCOPES = {
S3_PUT_BUCKET_POLICY: "s3:PutBucketPolicy",
S3_GET_OBJECT: "s3:GetObject",
S3_PUT_OBJECT: "s3:PutObject",
S3_PUT_ACTIONS: "s3:Put*",
S3_GET_OBJECT_LEGAL_HOLD: "s3:GetObjectLegalHold",
S3_PUT_OBJECT_LEGAL_HOLD: "s3:PutObjectLegalHold",
S3_DELETE_OBJECT: "s3:DeleteObject",
@@ -238,6 +239,7 @@ export const IAM_PAGES = {
export const IAM_PERMISSIONS = {
[IAM_ROLES.BUCKET_OWNER]: [
IAM_SCOPES.S3_PUT_OBJECT,
IAM_SCOPES.S3_PUT_ACTIONS,
IAM_SCOPES.S3_DELETE_OBJECT,
],
[IAM_ROLES.BUCKET_VIEWER]: [
@@ -298,10 +300,12 @@ export const IAM_PERMISSIONS = {
IAM_SCOPES.ADMIN_LIST_USER_POLICIES,
IAM_SCOPES.ADMIN_LIST_USERS,
IAM_SCOPES.ADMIN_HEAL,
IAM_SCOPES.S3_PUT_ACTIONS,
],
[IAM_ROLES.BUCKET_LIFECYCLE]: [
IAM_SCOPES.S3_GET_LIFECYCLE_CONFIGURATION,
IAM_SCOPES.S3_PUT_LIFECYCLE_CONFIGURATION,
IAM_SCOPES.S3_PUT_ACTIONS,
IAM_SCOPES.ADMIN_LIST_TIERS,
IAM_SCOPES.ADMIN_SET_TIER,
],

View File

@@ -105,6 +105,7 @@ const AccessRule = () => {
const editAccessRules = hasPermission(bucketName, [
IAM_SCOPES.S3_PUT_BUCKET_POLICY,
IAM_SCOPES.S3_PUT_ACTIONS,
]);
useEffect(() => {
@@ -199,6 +200,7 @@ const AccessRule = () => {
scopes={[
IAM_SCOPES.S3_GET_BUCKET_POLICY,
IAM_SCOPES.S3_PUT_BUCKET_POLICY,
IAM_SCOPES.S3_PUT_ACTIONS,
]}
resource={bucketName}
matchAll

View File

@@ -524,6 +524,7 @@ const BrowserHandler = () => {
IAM_SCOPES.S3_LIST_BUCKET_VERSIONS,
IAM_SCOPES.S3_GET_BUCKET_POLICY_STATUS,
IAM_SCOPES.S3_DELETE_BUCKET_POLICY,
IAM_SCOPES.S3_PUT_ACTIONS,
]);
const searchBar = (

View File

@@ -361,6 +361,7 @@ const BucketDetails = ({ classes }: IBucketDetailsProps) => {
disabled: !hasPermission(bucketName, [
IAM_SCOPES.S3_GET_BUCKET_NOTIFICATIONS,
IAM_SCOPES.S3_PUT_BUCKET_NOTIFICATIONS,
IAM_SCOPES.S3_PUT_ACTIONS,
]),
to: getRoutePath("events"),
},
@@ -377,6 +378,7 @@ const BucketDetails = ({ classes }: IBucketDetailsProps) => {
!hasPermission(bucketName, [
IAM_SCOPES.S3_GET_REPLICATION_CONFIGURATION,
IAM_SCOPES.S3_PUT_REPLICATION_CONFIGURATION,
IAM_SCOPES.S3_PUT_ACTIONS,
]),
to: getRoutePath("replication"),
},
@@ -391,6 +393,7 @@ const BucketDetails = ({ classes }: IBucketDetailsProps) => {
!hasPermission(bucketName, [
IAM_SCOPES.S3_GET_LIFECYCLE_CONFIGURATION,
IAM_SCOPES.S3_PUT_LIFECYCLE_CONFIGURATION,
IAM_SCOPES.S3_PUT_ACTIONS,
]),
to: getRoutePath("lifecycle"),
},

View File

@@ -155,6 +155,7 @@ const BucketEventsPanel = ({ classes }: IBucketEventsProps) => {
<SecureComponent
scopes={[
IAM_SCOPES.S3_PUT_BUCKET_NOTIFICATIONS,
IAM_SCOPES.S3_PUT_ACTIONS,
IAM_SCOPES.ADMIN_SERVER_INFO,
]}
resource={bucketName}

View File

@@ -275,7 +275,10 @@ const BucketLifecyclePanel = ({ classes }: IBucketLifecyclePanelProps) => {
<Grid item xs={12} className={classes.actionsTray}>
<PanelTitle>Lifecycle Rules</PanelTitle>
<SecureComponent
scopes={[IAM_SCOPES.S3_PUT_LIFECYCLE_CONFIGURATION]}
scopes={[
IAM_SCOPES.S3_PUT_LIFECYCLE_CONFIGURATION,
IAM_SCOPES.S3_PUT_ACTIONS,
]}
resource={bucketName}
matchAll
errorProps={{ disabled: true }}

View File

@@ -210,7 +210,10 @@ const BucketReplicationPanel = ({ classes }: IBucketReplicationProps) => {
onClick: editReplicationRule,
disableButtonFunction: !hasPermission(
bucketName,
[IAM_SCOPES.S3_PUT_REPLICATION_CONFIGURATION],
[
IAM_SCOPES.S3_PUT_REPLICATION_CONFIGURATION,
IAM_SCOPES.S3_PUT_ACTIONS,
],
true
),
},
@@ -253,7 +256,10 @@ const BucketReplicationPanel = ({ classes }: IBucketReplicationProps) => {
<PanelTitle>Replication</PanelTitle>
<div style={{ display: "flex" }}>
<SecureComponent
scopes={[IAM_SCOPES.S3_PUT_REPLICATION_CONFIGURATION]}
scopes={[
IAM_SCOPES.S3_PUT_REPLICATION_CONFIGURATION,
IAM_SCOPES.S3_PUT_ACTIONS,
]}
resource={bucketName}
matchAll
errorProps={{ disabled: true }}
@@ -273,7 +279,10 @@ const BucketReplicationPanel = ({ classes }: IBucketReplicationProps) => {
</TooltipWrapper>
</SecureComponent>
<SecureComponent
scopes={[IAM_SCOPES.S3_PUT_REPLICATION_CONFIGURATION]}
scopes={[
IAM_SCOPES.S3_PUT_REPLICATION_CONFIGURATION,
IAM_SCOPES.S3_PUT_ACTIONS,
]}
resource={bucketName}
matchAll
errorProps={{ disabled: true }}

View File

@@ -428,7 +428,10 @@ const BucketSummary = ({ classes }: IBucketSummaryProps) => {
resource={bucketName}
>
<EditablePropertyItem
iamScopes={[IAM_SCOPES.S3_PUT_BUCKET_POLICY]}
iamScopes={[
IAM_SCOPES.S3_PUT_BUCKET_POLICY,
IAM_SCOPES.S3_PUT_ACTIONS,
]}
resourceName={bucketName}
property={"Access Policy:"}
value={accessPolicy.toLowerCase()}
@@ -446,6 +449,7 @@ const BucketSummary = ({ classes }: IBucketSummaryProps) => {
<EditablePropertyItem
iamScopes={[
IAM_SCOPES.S3_PUT_BUCKET_ENCRYPTION_CONFIGURATION,
IAM_SCOPES.S3_PUT_ACTIONS,
]}
resourceName={bucketName}
property={"Encryption:"}
@@ -549,7 +553,10 @@ const BucketSummary = ({ classes }: IBucketSummaryProps) => {
}}
>
<EditablePropertyItem
iamScopes={[IAM_SCOPES.S3_PUT_BUCKET_VERSIONING]}
iamScopes={[
IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
IAM_SCOPES.S3_PUT_ACTIONS,
]}
resourceName={bucketName}
property={"Current Status:"}
value={isVersioned ? "Versioned" : "Unversioned (Default)"}

View File

@@ -113,7 +113,10 @@ const BucketTags = ({ bucketName }: BucketTagProps) => {
return (
<SecureComponent
key={`chip-${index}`}
scopes={[IAM_SCOPES.S3_PUT_BUCKET_TAGGING]}
scopes={[
IAM_SCOPES.S3_PUT_BUCKET_TAGGING,
IAM_SCOPES.S3_PUT_ACTIONS,
]}
resource={bucketName}
matchAll
errorProps={{
@@ -142,7 +145,10 @@ const BucketTags = ({ bucketName }: BucketTagProps) => {
</Box>
<SecureComponent
scopes={[IAM_SCOPES.S3_PUT_BUCKET_TAGGING]}
scopes={[
IAM_SCOPES.S3_PUT_BUCKET_TAGGING,
IAM_SCOPES.S3_PUT_ACTIONS,
]}
resource={bucketName}
errorProps={{ disabled: true, onClick: null }}
>

View File

@@ -171,12 +171,14 @@ const AddBucket = ({ classes }: IsetProps) => {
[
IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
IAM_SCOPES.S3_PUT_BUCKET_OBJECT_LOCK_CONFIGURATION,
IAM_SCOPES.S3_PUT_ACTIONS,
],
true
);
const versioningAllowed = hasPermission("*", [
IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
IAM_SCOPES.S3_PUT_ACTIONS,
]);
useEffect(() => {
@@ -330,7 +332,10 @@ const AddBucket = ({ classes }: IsetProps) => {
? "You must disable Locking before Versioning can be disabled"
: ""
: permissionTooltipHelper(
[IAM_SCOPES.S3_PUT_BUCKET_VERSIONING],
[
IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
IAM_SCOPES.S3_PUT_ACTIONS,
],
"Versioning"
)
}
@@ -362,6 +367,7 @@ const AddBucket = ({ classes }: IsetProps) => {
[
IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
IAM_SCOPES.S3_PUT_BUCKET_OBJECT_LOCK_CONFIGURATION,
IAM_SCOPES.S3_PUT_ACTIONS,
],
"Locking"
)

View File

@@ -312,7 +312,7 @@ const ListObjects = () => {
const canDelete = hasPermission(bucketName, [IAM_SCOPES.S3_DELETE_OBJECT]);
const canUpload = hasPermission(
uploadPath,
[IAM_SCOPES.S3_PUT_OBJECT],
[IAM_SCOPES.S3_PUT_OBJECT, IAM_SCOPES.S3_PUT_ACTIONS],
true,
true
);
@@ -696,7 +696,7 @@ const ListObjects = () => {
setErrorSnackMessage({
errorMessage: "Upload not allowed",
detailedError: permissionTooltipHelper(
[IAM_SCOPES.S3_PUT_OBJECT],
[IAM_SCOPES.S3_PUT_OBJECT, IAM_SCOPES.S3_PUT_ACTIONS],
"upload objects to this location"
),
})

View File

@@ -443,14 +443,20 @@ const ObjectDetailPanel = ({
];
const canSetLegalHold = hasPermission(bucketName, [
IAM_SCOPES.S3_PUT_OBJECT_LEGAL_HOLD,
IAM_SCOPES.S3_PUT_ACTIONS,
]);
const canSetTags = hasPermission(objectResources, [
IAM_SCOPES.S3_PUT_OBJECT_TAGGING,
IAM_SCOPES.S3_PUT_ACTIONS,
]);
const canChangeRetention = hasPermission(
objectResources,
[IAM_SCOPES.S3_GET_OBJECT_RETENTION, IAM_SCOPES.S3_PUT_OBJECT_RETENTION],
[
IAM_SCOPES.S3_GET_OBJECT_RETENTION,
IAM_SCOPES.S3_PUT_OBJECT_RETENTION,
IAM_SCOPES.S3_PUT_ACTIONS,
],
true
);
const canInspect = hasPermission(objectResources, [
@@ -460,6 +466,7 @@ const ObjectDetailPanel = ({
IAM_SCOPES.S3_GET_BUCKET_VERSIONING,
IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
IAM_SCOPES.S3_GET_OBJECT_VERSION,
IAM_SCOPES.S3_PUT_ACTIONS,
]);
const canGetObject = hasPermission(objectResources, [
IAM_SCOPES.S3_GET_OBJECT,
@@ -532,7 +539,7 @@ const ObjectDetailPanel = ({
? "Change Legal Hold rules for this File"
: "Object Locking must be enabled on this bucket in order to set Legal Hold"
: permissionTooltipHelper(
[IAM_SCOPES.S3_PUT_OBJECT_LEGAL_HOLD],
[IAM_SCOPES.S3_PUT_OBJECT_LEGAL_HOLD, IAM_SCOPES.S3_PUT_ACTIONS],
"change legal hold settings for this object"
),
},
@@ -554,6 +561,7 @@ const ObjectDetailPanel = ({
[
IAM_SCOPES.S3_GET_OBJECT_RETENTION,
IAM_SCOPES.S3_PUT_OBJECT_RETENTION,
IAM_SCOPES.S3_PUT_ACTIONS,
],
"change Retention Rules for this object"
),
@@ -572,6 +580,7 @@ const ObjectDetailPanel = ({
[
IAM_SCOPES.S3_PUT_OBJECT_TAGGING,
IAM_SCOPES.S3_GET_OBJECT_TAGGING,
IAM_SCOPES.S3_PUT_ACTIONS,
],
"set Tags on this object"
),
@@ -617,6 +626,7 @@ const ObjectDetailPanel = ({
[
IAM_SCOPES.S3_GET_BUCKET_VERSIONING,
IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
IAM_SCOPES.S3_PUT_ACTIONS,
IAM_SCOPES.S3_GET_OBJECT_VERSION,
],
"display all versions of this object"

View File

@@ -298,7 +298,10 @@ const AddTagModal = ({
</Box>
</SecureComponent>
<SecureComponent
scopes={[IAM_SCOPES.S3_PUT_OBJECT_TAGGING]}
scopes={[
IAM_SCOPES.S3_PUT_OBJECT_TAGGING,
IAM_SCOPES.S3_PUT_ACTIONS,
]}
resource={bucketName}
errorProps={{ disabled: true, onClick: null }}
>

View File

@@ -69,10 +69,11 @@ const UploadFilesButton = ({
const uploadObjectAllowed = hasPermission(uploadPath, [
IAM_SCOPES.S3_PUT_OBJECT,
IAM_SCOPES.S3_PUT_ACTIONS,
]);
const uploadFolderAllowed = hasPermission(
bucketName,
[IAM_SCOPES.S3_PUT_OBJECT],
[IAM_SCOPES.S3_PUT_OBJECT, IAM_SCOPES.S3_PUT_ACTIONS],
false,
true
);
@@ -86,7 +87,7 @@ const UploadFilesButton = ({
uploadEnabled
? "Upload Files"
: permissionTooltipHelper(
[IAM_SCOPES.S3_PUT_OBJECT],
[IAM_SCOPES.S3_PUT_OBJECT, IAM_SCOPES.S3_PUT_ACTIONS],
"upload files to this bucket"
)
}

View File

@@ -82,7 +82,10 @@ const BrowserBreadcrumbs = ({
const [createFolderOpen, setCreateFolderOpen] = useState<boolean>(false);
const canCreatePath = hasPermission(bucketName, [IAM_SCOPES.S3_PUT_OBJECT]);
const canCreatePath = hasPermission(bucketName, [
IAM_SCOPES.S3_PUT_OBJECT,
IAM_SCOPES.S3_PUT_ACTIONS,
]);
let paths = internalPaths;
@@ -227,7 +230,7 @@ const BrowserBreadcrumbs = ({
canCreatePath
? "Choose or create a new path"
: permissionTooltipHelper(
[IAM_SCOPES.S3_PUT_OBJECT],
[IAM_SCOPES.S3_PUT_OBJECT, IAM_SCOPES.S3_PUT_ACTIONS],
"create a new path"
)
}