ARSN-404: adding permission in BP and IAM action Map

scality · Apr 4, 2024 · 3f995c5 · 3f995c5
1 parent c2ab4a2
commit 3f995c5
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/lib/policyEvaluator/utils/actionMaps.ts b/lib/policyEvaluator/utils/actionMaps.ts
@@ -52,6 +52,12 @@ const sharedActionMap = {
     objectPutVersion: 's3:PutObjectVersion',
 };
 
+const actionMapBucketQuotas = {
+    getBucketQuota: 'scality:GetBucketQuota',
+    updateBucketQuota: 'scality:UpdateBucketQuota',
+    deleteBucketQuota: 'scality:DeleteBucketQuota',
+};
+
 // action map used for request context
 const actionMapRQ = {
     bucketPut: 's3:CreateBucket',
@@ -79,6 +85,7 @@ const actionMapRQ = {
     objectPutLegalHoldVersion: 's3:PutObjectLegalHold',
     listObjectVersions: 's3:ListBucketVersions',
     ...sharedActionMap,
+    ...actionMapBucketQuotas,
 };
 
 // action map used for bucket policies
@@ -153,6 +160,12 @@ const actionMonitoringMapS3 = {
     serviceGet: 'ListBuckets',
 };
 
+const actionMapAccountQuotas = {
+    UpdateAccountQuota : 'scality:UpdateAccountQuota',
+    DeleteAccountQuota : 'scality:DeleteAccountQuota',
+    GetAccountQuota : 'scality:GetAccountQuota',
+};
+
 const actionMapIAM = {
     attachGroupPolicy: 'iam:AttachGroupPolicy',
     attachUserPolicy: 'iam:AttachUserPolicy',
@@ -194,6 +207,7 @@ const actionMapIAM = {
     tagUser: 'iam:TagUser',
     unTagUser: 'iam:UntagUser',
     listUserTags: 'iam:ListUserTags',
+    ...actionMapAccountQuotas,
 };
 
 const actionMapSSO = {