rgw_attrs: fixes for 3 more iam/perms mappings

Help from Pritha and Casey appreciated

Plus, fix 3 explicit mapping tests in test_rgw_iam_policy.cc.

Signed-off-by: Matt Benjamin <[email protected]>

Author: mattbenjamin

src/rgw/rgw_iam_policy.cc

@@ -95,6 +95,7 @@ static const actpair actpairs[] =
  { "s3:GetObjectAcl", s3GetObjectAcl },
  { "s3:GetObject", s3GetObject },
  { "s3:GetObjectAttributes", s3GetObjectAttributes },
+ { "s3:GetObjectVersionAttributes", s3GetObjectVersionAttributes },
  { "s3:GetObjectTorrent", s3GetObjectTorrent },
  { "s3:GetObjectVersionAcl", s3GetObjectVersionAcl },
  { "s3:GetObjectVersion", s3GetObjectVersion },
@@ -1484,6 +1485,9 @@ const char* action_bit_string(uint64_t action) {
   case s3GetObjectAttributes:
     return "s3:GetObjectAttributes";
 
+  case s3GetObjectVersionAttributes:
+    return "s3:GetObjectVersionAttributes";
+
   case s3DescribeJob:
     return "s3:DescribeJob";
 

src/rgw/rgw_iam_policy.h

@@ -250,6 +250,7 @@ inline int op_to_perm(std::uint64_t op) {
   case s3GetObjectRetention:
   case s3GetObjectLegalHold:
   case s3GetObjectAttributes:
+  case s3GetObjectVersionAttributes:
   case s3ListAllMyBuckets:
   case s3ListBucket:
   case s3ListBucketMultipartUploads:

src/test/rgw/test_rgw_iam_policy.cc

@@ -75,6 +75,8 @@ using rgw::IAM::s3GetObjectTagging;
 using rgw::IAM::s3GetObjectVersion;
 using rgw::IAM::s3GetObjectVersionTagging;
 using rgw::IAM::s3GetObjectVersionTorrent;
+using rgw::IAM::s3GetObjectAttributes;
+using rgw::IAM::s3GetObjectVersionAttributes;
 using rgw::IAM::s3GetPublicAccessBlock;
 using rgw::IAM::s3GetReplicationConfiguration;
 using rgw::IAM::s3ListAllMyBuckets;
@@ -419,6 +421,8 @@ TEST_F(PolicyTest, Parse3) {
   act2[s3GetObjectVersionAcl] = 1;
   act2[s3GetObjectTorrent] = 1;
   act2[s3GetObjectVersionTorrent] = 1;
+  act2[s3GetObjectAttributes] = 1;
+  act2[s3GetObjectVersionAttributes] = 1;
   act2[s3GetAccelerateConfiguration] = 1;
   act2[s3GetBucketAcl] = 1;
   act2[s3GetBucketOwnershipControls] = 1;
@@ -487,6 +491,8 @@ TEST_F(PolicyTest, Eval3) {
   s3allow[s3GetObjectVersion] = 1;
   s3allow[s3GetObjectAcl] = 1;
   s3allow[s3GetObjectVersionAcl] = 1;
+  s3allow[s3GetObjectAttributes] = 1;
+  s3allow[s3GetObjectVersionAttributes] = 1;
   s3allow[s3GetObjectTorrent] = 1;
   s3allow[s3GetObjectVersionTorrent] = 1;
   s3allow[s3GetAccelerateConfiguration] = 1;
@@ -883,6 +889,8 @@ TEST_F(ManagedPolicyTest, AmazonS3ReadOnlyAccess)
   act[s3GetObjectVersionAcl] = 1;
   act[s3GetObjectTorrent] = 1;
   act[s3GetObjectVersionTorrent] = 1;
+  act[s3GetObjectAttributes] = 1;
+  act[s3GetObjectVersionAttributes] = 1;
   act[s3GetAccelerateConfiguration] = 1;
   act[s3GetBucketAcl] = 1;
   act[s3GetBucketOwnershipControls] = 1;