Allow s3:Get* actions in Console (#2559)
This commit is contained in:
Kaan Kabalak
GitHub
@@ -29,6 +29,7 @@ export const IAM_SCOPES = {
|
||||
S3_PUT_BUCKET_POLICY: "s3:PutBucketPolicy",
|
||||
S3_GET_OBJECT: "s3:GetObject",
|
||||
S3_PUT_OBJECT: "s3:PutObject",
|
||||
S3_GET_ACTIONS: "s3:Get*",
|
||||
S3_PUT_ACTIONS: "s3:Put*",
|
||||
S3_GET_OBJECT_LEGAL_HOLD: "s3:GetObjectLegalHold",
|
||||
S3_PUT_OBJECT_LEGAL_HOLD: "s3:PutObjectLegalHold",
|
||||
@@ -300,11 +301,13 @@ export const IAM_PERMISSIONS = {
|
||||
IAM_SCOPES.ADMIN_LIST_USER_POLICIES,
|
||||
IAM_SCOPES.ADMIN_LIST_USERS,
|
||||
IAM_SCOPES.ADMIN_HEAL,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
],
|
||||
[IAM_ROLES.BUCKET_LIFECYCLE]: [
|
||||
IAM_SCOPES.S3_GET_LIFECYCLE_CONFIGURATION,
|
||||
IAM_SCOPES.S3_PUT_LIFECYCLE_CONFIGURATION,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
IAM_SCOPES.ADMIN_LIST_TIERS,
|
||||
IAM_SCOPES.ADMIN_SET_TIER,
|
||||
|
||||
@@ -97,6 +97,7 @@ const AccessRule = () => {
|
||||
|
||||
const displayAccessRules = hasPermission(bucketName, [
|
||||
IAM_SCOPES.S3_GET_BUCKET_POLICY,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]);
|
||||
|
||||
const deleteAccessRules = hasPermission(bucketName, [
|
||||
@@ -200,6 +201,7 @@ const AccessRule = () => {
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_GET_BUCKET_POLICY,
|
||||
IAM_SCOPES.S3_PUT_BUCKET_POLICY,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]}
|
||||
resource={bucketName}
|
||||
@@ -221,7 +223,7 @@ const AccessRule = () => {
|
||||
</Grid>
|
||||
<Paper className={classes.tableBlock}>
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_GET_BUCKET_POLICY]}
|
||||
scopes={[IAM_SCOPES.S3_GET_BUCKET_POLICY, IAM_SCOPES.S3_GET_ACTIONS]}
|
||||
resource={bucketName}
|
||||
errorProps={{ disabled: true }}
|
||||
>
|
||||
|
||||
@@ -524,6 +524,7 @@ const BrowserHandler = () => {
|
||||
IAM_SCOPES.S3_LIST_BUCKET_VERSIONS,
|
||||
IAM_SCOPES.S3_GET_BUCKET_POLICY_STATUS,
|
||||
IAM_SCOPES.S3_DELETE_BUCKET_POLICY,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]);
|
||||
|
||||
|
||||
@@ -255,7 +255,10 @@ const BucketDetails = ({ classes }: IBucketDetailsProps) => {
|
||||
title={bucketName}
|
||||
subTitle={
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_GET_BUCKET_POLICY]}
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_GET_BUCKET_POLICY,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]}
|
||||
resource={bucketName}
|
||||
>
|
||||
<span style={{ fontSize: 15 }}>Access: </span>
|
||||
@@ -361,6 +364,7 @@ const BucketDetails = ({ classes }: IBucketDetailsProps) => {
|
||||
disabled: !hasPermission(bucketName, [
|
||||
IAM_SCOPES.S3_GET_BUCKET_NOTIFICATIONS,
|
||||
IAM_SCOPES.S3_PUT_BUCKET_NOTIFICATIONS,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]),
|
||||
to: getRoutePath("events"),
|
||||
@@ -378,6 +382,7 @@ const BucketDetails = ({ classes }: IBucketDetailsProps) => {
|
||||
!hasPermission(bucketName, [
|
||||
IAM_SCOPES.S3_GET_REPLICATION_CONFIGURATION,
|
||||
IAM_SCOPES.S3_PUT_REPLICATION_CONFIGURATION,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]),
|
||||
to: getRoutePath("replication"),
|
||||
@@ -393,6 +398,7 @@ const BucketDetails = ({ classes }: IBucketDetailsProps) => {
|
||||
!hasPermission(bucketName, [
|
||||
IAM_SCOPES.S3_GET_LIFECYCLE_CONFIGURATION,
|
||||
IAM_SCOPES.S3_PUT_LIFECYCLE_CONFIGURATION,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]),
|
||||
to: getRoutePath("lifecycle"),
|
||||
@@ -418,6 +424,7 @@ const BucketDetails = ({ classes }: IBucketDetailsProps) => {
|
||||
component: Link,
|
||||
disabled: !hasPermission(bucketName, [
|
||||
IAM_SCOPES.S3_GET_BUCKET_POLICY,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]),
|
||||
to: getRoutePath("prefix"),
|
||||
},
|
||||
|
||||
@@ -80,6 +80,7 @@ const BucketEventsPanel = ({ classes }: IBucketEventsProps) => {
|
||||
|
||||
const displayEvents = hasPermission(bucketName, [
|
||||
IAM_SCOPES.S3_GET_BUCKET_NOTIFICATIONS,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]);
|
||||
|
||||
useEffect(() => {
|
||||
@@ -177,7 +178,10 @@ const BucketEventsPanel = ({ classes }: IBucketEventsProps) => {
|
||||
</Grid>
|
||||
<Grid item xs={12}>
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_GET_BUCKET_NOTIFICATIONS]}
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_GET_BUCKET_NOTIFICATIONS,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]}
|
||||
resource={bucketName}
|
||||
errorProps={{ disabled: true }}
|
||||
>
|
||||
|
||||
@@ -76,6 +76,7 @@ const BucketLifecyclePanel = ({ classes }: IBucketLifecyclePanelProps) => {
|
||||
|
||||
const displayLifeCycleRules = hasPermission(bucketName, [
|
||||
IAM_SCOPES.S3_GET_LIFECYCLE_CONFIGURATION,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]);
|
||||
|
||||
useEffect(() => {
|
||||
@@ -298,7 +299,10 @@ const BucketLifecyclePanel = ({ classes }: IBucketLifecyclePanelProps) => {
|
||||
</Grid>
|
||||
<Grid item xs={12}>
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_GET_LIFECYCLE_CONFIGURATION]}
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_GET_LIFECYCLE_CONFIGURATION,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]}
|
||||
resource={bucketName}
|
||||
errorProps={{ disabled: true }}
|
||||
>
|
||||
|
||||
@@ -94,6 +94,7 @@ const BucketReplicationPanel = ({ classes }: IBucketReplicationProps) => {
|
||||
|
||||
const displayReplicationRules = hasPermission(bucketName, [
|
||||
IAM_SCOPES.S3_GET_REPLICATION_CONFIGURATION,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]);
|
||||
|
||||
useEffect(() => {
|
||||
@@ -303,7 +304,10 @@ const BucketReplicationPanel = ({ classes }: IBucketReplicationProps) => {
|
||||
</Grid>
|
||||
<Grid item xs={12}>
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_GET_REPLICATION_CONFIGURATION]}
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_GET_REPLICATION_CONFIGURATION,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]}
|
||||
resource={bucketName}
|
||||
errorProps={{ disabled: true }}
|
||||
>
|
||||
|
||||
@@ -149,10 +149,12 @@ const BucketSummary = ({ classes }: IBucketSummaryProps) => {
|
||||
|
||||
const displayGetBucketObjectLockConfiguration = hasPermission(bucketName, [
|
||||
IAM_SCOPES.S3_GET_BUCKET_OBJECT_LOCK_CONFIGURATION,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]);
|
||||
|
||||
const displayGetBucketEncryptionConfiguration = hasPermission(bucketName, [
|
||||
IAM_SCOPES.S3_GET_BUCKET_ENCRYPTION_CONFIGURATION,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]);
|
||||
|
||||
const displayGetBucketQuota = hasPermission(bucketName, [
|
||||
@@ -417,14 +419,17 @@ const BucketSummary = ({ classes }: IBucketSummaryProps) => {
|
||||
<SectionTitle>Summary</SectionTitle>
|
||||
<Grid container spacing={1}>
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_GET_BUCKET_POLICY]}
|
||||
scopes={[IAM_SCOPES.S3_GET_BUCKET_POLICY, IAM_SCOPES.S3_GET_ACTIONS]}
|
||||
resource={bucketName}
|
||||
>
|
||||
<Grid item xs={12}>
|
||||
<Box sx={{ ...twoColCssGridLayoutConfig }}>
|
||||
<Box sx={{ ...twoColCssGridLayoutConfig }}>
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_GET_BUCKET_POLICY]}
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_GET_BUCKET_POLICY,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]}
|
||||
resource={bucketName}
|
||||
>
|
||||
<EditablePropertyItem
|
||||
@@ -443,7 +448,10 @@ const BucketSummary = ({ classes }: IBucketSummaryProps) => {
|
||||
</SecureComponent>
|
||||
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_GET_BUCKET_ENCRYPTION_CONFIGURATION]}
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_GET_BUCKET_ENCRYPTION_CONFIGURATION,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]}
|
||||
resource={bucketName}
|
||||
>
|
||||
<EditablePropertyItem
|
||||
@@ -462,7 +470,10 @@ const BucketSummary = ({ classes }: IBucketSummaryProps) => {
|
||||
</SecureComponent>
|
||||
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_GET_REPLICATION_CONFIGURATION]}
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_GET_REPLICATION_CONFIGURATION,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]}
|
||||
resource={bucketName}
|
||||
>
|
||||
<LabelValuePair
|
||||
@@ -483,7 +494,10 @@ const BucketSummary = ({ classes }: IBucketSummaryProps) => {
|
||||
</SecureComponent>
|
||||
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_GET_BUCKET_OBJECT_LOCK_CONFIGURATION]}
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_GET_BUCKET_OBJECT_LOCK_CONFIGURATION,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]}
|
||||
resource={bucketName}
|
||||
>
|
||||
<LabelValuePair
|
||||
@@ -536,7 +550,10 @@ const BucketSummary = ({ classes }: IBucketSummaryProps) => {
|
||||
|
||||
{distributedSetup && (
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_GET_BUCKET_VERSIONING]}
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_GET_BUCKET_VERSIONING,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]}
|
||||
resource={bucketName}
|
||||
>
|
||||
<Grid item xs={12}>
|
||||
@@ -571,7 +588,10 @@ const BucketSummary = ({ classes }: IBucketSummaryProps) => {
|
||||
|
||||
{hasObjectLocking && (
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_GET_OBJECT_RETENTION]}
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_GET_OBJECT_RETENTION,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]}
|
||||
resource={bucketName}
|
||||
>
|
||||
<Grid item xs={12}>
|
||||
|
||||
@@ -96,7 +96,7 @@ const BucketTags = ({ bucketName }: BucketTagProps) => {
|
||||
<Box>
|
||||
{isLoading ? <Loader style={{ width: 16, height: 16 }} /> : null}
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_GET_BUCKET_TAGGING]}
|
||||
scopes={[IAM_SCOPES.S3_GET_BUCKET_TAGGING, IAM_SCOPES.S3_GET_ACTIONS]}
|
||||
resource={bucketName}
|
||||
>
|
||||
<Box
|
||||
|
||||
@@ -308,7 +308,10 @@ const ListObjects = () => {
|
||||
const fileUpload = useRef<HTMLInputElement>(null);
|
||||
const folderUpload = useRef<HTMLInputElement>(null);
|
||||
|
||||
const canDownload = hasPermission(bucketName, [IAM_SCOPES.S3_GET_OBJECT]);
|
||||
const canDownload = hasPermission(bucketName, [
|
||||
IAM_SCOPES.S3_GET_OBJECT,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]);
|
||||
const canDelete = hasPermission(bucketName, [IAM_SCOPES.S3_DELETE_OBJECT]);
|
||||
const canUpload = hasPermission(
|
||||
uploadPath,
|
||||
@@ -792,7 +795,7 @@ const ListObjects = () => {
|
||||
tooltip: canDownload
|
||||
? "Download Selected"
|
||||
: permissionTooltipHelper(
|
||||
[IAM_SCOPES.S3_GET_OBJECT],
|
||||
[IAM_SCOPES.S3_GET_OBJECT, IAM_SCOPES.S3_GET_ACTIONS],
|
||||
"download objects from this bucket"
|
||||
),
|
||||
},
|
||||
@@ -968,7 +971,10 @@ const ListObjects = () => {
|
||||
}}
|
||||
disabled={
|
||||
!isVersioned ||
|
||||
!hasPermission(bucketName, [IAM_SCOPES.S3_GET_OBJECT])
|
||||
!hasPermission(bucketName, [
|
||||
IAM_SCOPES.S3_GET_OBJECT,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
])
|
||||
}
|
||||
/>
|
||||
</TooltipWrapper>
|
||||
|
||||
@@ -455,6 +455,7 @@ const ObjectDetailPanel = ({
|
||||
[
|
||||
IAM_SCOPES.S3_GET_OBJECT_RETENTION,
|
||||
IAM_SCOPES.S3_PUT_OBJECT_RETENTION,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
],
|
||||
true
|
||||
@@ -466,10 +467,12 @@ const ObjectDetailPanel = ({
|
||||
IAM_SCOPES.S3_GET_BUCKET_VERSIONING,
|
||||
IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
|
||||
IAM_SCOPES.S3_GET_OBJECT_VERSION,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
]);
|
||||
const canGetObject = hasPermission(objectResources, [
|
||||
IAM_SCOPES.S3_GET_OBJECT,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]);
|
||||
const canDelete = hasPermission(
|
||||
[bucketName, currentItem, [bucketName, actualInfo.name].join("/")],
|
||||
@@ -487,7 +490,7 @@ const ObjectDetailPanel = ({
|
||||
tooltip: canGetObject
|
||||
? "Download this Object"
|
||||
: permissionTooltipHelper(
|
||||
[IAM_SCOPES.S3_GET_OBJECT],
|
||||
[IAM_SCOPES.S3_GET_OBJECT, IAM_SCOPES.S3_GET_ACTIONS],
|
||||
"download this object"
|
||||
),
|
||||
},
|
||||
@@ -501,7 +504,7 @@ const ObjectDetailPanel = ({
|
||||
tooltip: canGetObject
|
||||
? "Share this File"
|
||||
: permissionTooltipHelper(
|
||||
[IAM_SCOPES.S3_GET_OBJECT],
|
||||
[IAM_SCOPES.S3_GET_OBJECT, IAM_SCOPES.S3_GET_ACTIONS],
|
||||
"share this object"
|
||||
),
|
||||
},
|
||||
@@ -518,7 +521,7 @@ const ObjectDetailPanel = ({
|
||||
tooltip: canGetObject
|
||||
? "Preview this File"
|
||||
: permissionTooltipHelper(
|
||||
[IAM_SCOPES.S3_GET_OBJECT],
|
||||
[IAM_SCOPES.S3_GET_OBJECT, IAM_SCOPES.S3_GET_ACTIONS],
|
||||
"preview this object"
|
||||
),
|
||||
},
|
||||
@@ -561,6 +564,7 @@ const ObjectDetailPanel = ({
|
||||
[
|
||||
IAM_SCOPES.S3_GET_OBJECT_RETENTION,
|
||||
IAM_SCOPES.S3_PUT_OBJECT_RETENTION,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
],
|
||||
"change Retention Rules for this object"
|
||||
@@ -580,6 +584,7 @@ const ObjectDetailPanel = ({
|
||||
[
|
||||
IAM_SCOPES.S3_PUT_OBJECT_TAGGING,
|
||||
IAM_SCOPES.S3_GET_OBJECT_TAGGING,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
],
|
||||
"set Tags on this object"
|
||||
@@ -626,8 +631,9 @@ const ObjectDetailPanel = ({
|
||||
[
|
||||
IAM_SCOPES.S3_GET_BUCKET_VERSIONING,
|
||||
IAM_SCOPES.S3_PUT_BUCKET_VERSIONING,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
IAM_SCOPES.S3_GET_OBJECT_VERSION,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
IAM_SCOPES.S3_PUT_ACTIONS,
|
||||
],
|
||||
"display all versions of this object"
|
||||
),
|
||||
@@ -845,7 +851,10 @@ const ObjectDetailPanel = ({
|
||||
</Box>
|
||||
<Box className={classes.detailContainer}>
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_GET_OBJECT_LEGAL_HOLD]}
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_GET_OBJECT_LEGAL_HOLD,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]}
|
||||
resource={bucketName}
|
||||
>
|
||||
<Fragment>
|
||||
@@ -857,7 +866,10 @@ const ObjectDetailPanel = ({
|
||||
</Box>
|
||||
<Box className={classes.detailContainer}>
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_GET_OBJECT_RETENTION]}
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_GET_OBJECT_RETENTION,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]}
|
||||
resource={bucketName}
|
||||
>
|
||||
<Fragment>
|
||||
|
||||
@@ -239,7 +239,10 @@ const AddTagModal = ({
|
||||
) : (
|
||||
<Grid container>
|
||||
<SecureComponent
|
||||
scopes={[IAM_SCOPES.S3_GET_OBJECT_TAGGING]}
|
||||
scopes={[
|
||||
IAM_SCOPES.S3_GET_OBJECT_TAGGING,
|
||||
IAM_SCOPES.S3_GET_ACTIONS,
|
||||
]}
|
||||
resource={bucketName}
|
||||
>
|
||||
<Box
|
||||
|
||||
Reference in New Issue
Block a user