From a98bfdb64f92a188c8863bd1c672333f8afab63c Mon Sep 17 00:00:00 2001
From: Ole Markus With <o.with@sportradar.com>
Date: Thu, 1 Jul 2021 15:00:38 +0200
Subject: [PATCH] Allow filefs to be used to mock s3 policies

---
 pkg/model/iam/iam_builder.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/pkg/model/iam/iam_builder.go b/pkg/model/iam/iam_builder.go
index 92b21304aa..3af8ca2a7c 100644
--- a/pkg/model/iam/iam_builder.go
+++ b/pkg/model/iam/iam_builder.go
@@ -498,11 +498,16 @@ func (b *PolicyBuilder) AddS3Permissions(p *Policy) (*Policy, error) {
 
 		case *vfs.MemFSPath:
 			// Tests - we emulate the s3 permissions so that we can get an idea of the full policy
-			klog.Warningf("ignoring memfs path %q for IAM policy builder", vfsPath)
 
 			iamS3Path := "placeholder-read-bucket/" + path.Location()
 			b.buildS3GetStatements(p, iamS3Path)
 			s3Buckets.Insert("placeholder-read-bucket")
+		case *vfs.FSPath:
+			// tests - we emulate the s3 permissions so that we can get an idea of the full policy
+
+			iamS3path := "placeholder-read-bucket/" + strings.TrimPrefix(path.Path(), "file://")
+			b.buildS3GetStatements(p, iamS3path)
+			s3Buckets.Insert("placeholder-read-bucket")
 		case *vfs.VaultPath:
 			// Vault access needs to come from somewhere else
 			klog.Warningf("ignoring valult path %q for IAM policy builder", vfsPath)
@@ -530,6 +535,10 @@ func (b *PolicyBuilder) AddS3Permissions(p *Policy) (*Policy, error) {
 			iamS3Path := "placeholder-write-bucket/" + path.Location()
 			b.buildS3WriteStatements(p, iamS3Path)
 			s3Buckets.Insert("placeholder-write-bucket")
+		case *vfs.FSPath:
+			iamS3path := "placeholder-read-bucket/" + strings.TrimPrefix(path.Path(), "file://")
+			b.buildS3WriteStatements(p, iamS3path)
+			s3Buckets.Insert("placeholder-read-bucket")
 		default:
 			return nil, fmt.Errorf("unknown writeable path, can't apply IAM policy: %q", vfsPath)
 		}