Skip to content

Commit

Permalink
Merge branch 'w/7.9/bugfix/S3C-3904-better-s3-action-logs' into tmp/o…
Browse files Browse the repository at this point in the history 
…ctopus/w/8.1/bugfix/S3C-3904-better-s3-action-logs
  • Loading branch information
@bert-e
bert-e committed Feb 5, 2021
2 parents 5d10064 + 7d58ca3 commit a090988
Showing 1 changed file with 34 additions and 0 deletions.
34 changes: 34 additions & 0 deletions lib/policyEvaluator/utils/actionMaps.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,12 @@ const sharedActionMap = {
objectPutTagging: 's3:PutObjectTagging',
};

// Meant to override shared action map values with fakes name for monitoring of s3
const sharedMonitoringMap = {
bucketGet: 's3:GetBucket',
bucketHead: 's3:HeadBucket',
};

// action map used for request context
const actionMapRQ = Object.assign({
bucketPut: 's3:CreateBucket',
Expand All @@ -64,15 +70,40 @@ const actionMapRQ = Object.assign({
objectReplicate: 's3:ReplicateObject',
}, sharedActionMap);

// Meant to override shared action map values with fakes name for moniroting of s3
const actionMonitoringMapRQ = Object.assign({
bucketDeleteCors: 's3:DeleteBucketCORS',
completeMultipartUpload: 's3:CompleteMultipartUpload',
initiateMultipartUpload: 's3:InitiateMultipartUpload',
objectHead: 's3:HeadObject',
objectPutPart: 's3:PutPartObject',
}, sharedMonitoringMap);

// action map used for bucket policies
const actionMapBP = Object.assign({}, sharedActionMap);

// Meant to override shared action map values with fakes name for moniroting of s3
const actionMonitoringMapBP = Object.assign(
{},
sharedMonitoringMap,
);

// action map for all relevant s3 actions
const actionMapS3 = Object.assign({
bucketGetNotification: 's3:GetBucketNotification',
bucketPutNotification: 's3:PutBucketNotification',
}, sharedActionMap, actionMapRQ, actionMapBP);

// Meant to override shared action map values with fakes name for moniroting of s3
const actionMonitoringMapS3 = Object.assign(
{},
sharedMonitoringMap,
actionMonitoringMapRQ,
actionMonitoringMapBP,
);

// Action monitoring

const actionMapIAM = {
attachGroupPolicy: 'iam:AttachGroupPolicy',
attachUserPolicy: 'iam:AttachUserPolicy',
Expand Down Expand Up @@ -126,8 +157,11 @@ const actionMapMetadata = {

module.exports = {
actionMapRQ,
actionMonitoringMapRQ,
actionMapBP,
actionMonitoringMapBP,
actionMapS3,
actionMonitoringMapS3,
actionMapIAM,
actionMapSSO,
actionMapSTS,
Expand Down

0 comments on commit a090988

Please sign in to comment.