kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow listing versions for objects in the S3 bucket

This commit is contained in:
Ciprian Hacman 2020-05-29 08:50:56 +03:00
parent aa6e09ca12
commit 00cbbce2b5
7 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/model/iam/iam_builder.go
View File

@ -328,7 +328,12 @@ func (b *PolicyBuilder) AddS3Permissions(p *Policy) (*Policy, error) {
p.Statement = append(p.Statement, &Statement{ p.Statement = append(p.Statement, &Statement{
Effect: StatementEffectAllow, Effect: StatementEffectAllow,
Action: stringorslice.Of("s3:GetBucketLocation", "s3:GetEncryptionConfiguration", "s3:ListBucket"), Action: stringorslice.Of(
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions",
),
Resource: stringorslice.Slice([]string{ Resource: stringorslice.Slice([]string{
strings.Join([]string{b.IAMPrefix(), ":s3:::", s3Path.Bucket()}, ""), strings.Join([]string{b.IAMPrefix(), ":s3:::", s3Path.Bucket()}, ""),
}), }),

3
pkg/model/iam/tests/iam_builder_master_legacy.json
View File

@ -50,7 +50,8 @@
"Action": [ "Action": [
"s3:GetBucketLocation", "s3:GetBucketLocation",
"s3:GetEncryptionConfiguration", "s3:GetEncryptionConfiguration",
"s3:ListBucket" "s3:ListBucket",
"s3:ListBucketVersions"
], ],
"Resource": [ "Resource": [
"arn:aws:s3:::kops-tests" "arn:aws:s3:::kops-tests"

3
pkg/model/iam/tests/iam_builder_master_strict.json
View File

@ -142,7 +142,8 @@
"Action": [ "Action": [
"s3:GetBucketLocation", "s3:GetBucketLocation",
"s3:GetEncryptionConfiguration", "s3:GetEncryptionConfiguration",
"s3:ListBucket" "s3:ListBucket",
"s3:ListBucketVersions"
], ],
"Resource": [ "Resource": [
"arn:aws:s3:::kops-tests" "arn:aws:s3:::kops-tests"

3
pkg/model/iam/tests/iam_builder_master_strict_ecr.json
View File

@ -142,7 +142,8 @@
"Action": [ "Action": [
"s3:GetBucketLocation", "s3:GetBucketLocation",
"s3:GetEncryptionConfiguration", "s3:GetEncryptionConfiguration",
"s3:ListBucket" "s3:ListBucket",
"s3:ListBucketVersions"
], ],
"Resource": [ "Resource": [
"arn:aws:s3:::kops-tests" "arn:aws:s3:::kops-tests"

3
pkg/model/iam/tests/iam_builder_node_legacy.json
View File

@ -16,7 +16,8 @@
"Action": [ "Action": [
"s3:GetBucketLocation", "s3:GetBucketLocation",
"s3:GetEncryptionConfiguration", "s3:GetEncryptionConfiguration",
"s3:ListBucket" "s3:ListBucket",
"s3:ListBucketVersions"
], ],
"Resource": [ "Resource": [
"arn:aws:s3:::kops-tests" "arn:aws:s3:::kops-tests"

3
pkg/model/iam/tests/iam_builder_node_strict.json
View File

@ -16,7 +16,8 @@
"Action": [ "Action": [
"s3:GetBucketLocation", "s3:GetBucketLocation",
"s3:GetEncryptionConfiguration", "s3:GetEncryptionConfiguration",
"s3:ListBucket" "s3:ListBucket",
"s3:ListBucketVersions"
], ],
"Resource": [ "Resource": [
"arn:aws:s3:::kops-tests" "arn:aws:s3:::kops-tests"

3
pkg/model/iam/tests/iam_builder_node_strict_ecr.json
View File

@ -16,7 +16,8 @@
"Action": [ "Action": [
"s3:GetBucketLocation", "s3:GetBucketLocation",
"s3:GetEncryptionConfiguration", "s3:GetEncryptionConfiguration",
"s3:ListBucket" "s3:ListBucket",
"s3:ListBucketVersions"
], ],
"Resource": [ "Resource": [
"arn:aws:s3:::kops-tests" "arn:aws:s3:::kops-tests"