From accad234275944cbd54d9ef113f7df638a4c50dc Mon Sep 17 00:00:00 2001 From: chrislu Date: Mon, 25 Aug 2025 10:15:39 -0700 Subject: [PATCH] Update iam_config.json --- test/s3/iam/iam_config.json | 49 +++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/test/s3/iam/iam_config.json b/test/s3/iam/iam_config.json index d1e218075..ce261fbda 100644 --- a/test/s3/iam/iam_config.json +++ b/test/s3/iam/iam_config.json @@ -54,6 +54,24 @@ }, "attachedPolicies": ["S3ReadOnlyPolicy"], "description": "Read-only role for testing" + }, + { + "roleName": "TestWriteOnlyRole", + "roleArn": "arn:seaweed:iam::role/TestWriteOnlyRole", + "trustPolicy": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "Federated": "test-oidc" + }, + "Action": ["sts:AssumeRoleWithWebIdentity"] + } + ] + }, + "attachedPolicies": ["S3WriteOnlyPolicy"], + "description": "Write-only role for testing" } ], "policies": [ @@ -98,6 +116,37 @@ } ] } + }, + { + "name": "S3WriteOnlyPolicy", + "document": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:PutObject", + "s3:PutObjectAcl", + "s3:DeleteObject", + "s3:DeleteObjectVersion", + "s3:InitiateMultipartUpload", + "s3:UploadPart", + "s3:CompleteMultipartUpload", + "s3:AbortMultipartUpload", + "s3:ListMultipartUploadParts" + ], + "Resource": [ + "arn:seaweed:s3:::*", + "arn:seaweed:s3:::*/*" + ] + }, + { + "Effect": "Allow", + "Action": ["sts:ValidateSession"], + "Resource": ["*"] + } + ] + } } ] }