You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
84 lines
3.2 KiB
84 lines
3.2 KiB
package s3_constants
|
|
|
|
// S3 action strings for bucket policy evaluation
|
|
// These match the official AWS S3 action format used in IAM and bucket policies
|
|
const (
|
|
// Object operations
|
|
S3_ACTION_GET_OBJECT = "s3:GetObject"
|
|
S3_ACTION_PUT_OBJECT = "s3:PutObject"
|
|
S3_ACTION_DELETE_OBJECT = "s3:DeleteObject"
|
|
S3_ACTION_DELETE_OBJECT_VERSION = "s3:DeleteObjectVersion"
|
|
S3_ACTION_GET_OBJECT_VERSION = "s3:GetObjectVersion"
|
|
|
|
// Object ACL operations
|
|
S3_ACTION_GET_OBJECT_ACL = "s3:GetObjectAcl"
|
|
S3_ACTION_PUT_OBJECT_ACL = "s3:PutObjectAcl"
|
|
|
|
// Object tagging operations
|
|
S3_ACTION_GET_OBJECT_TAGGING = "s3:GetObjectTagging"
|
|
S3_ACTION_PUT_OBJECT_TAGGING = "s3:PutObjectTagging"
|
|
S3_ACTION_DELETE_OBJECT_TAGGING = "s3:DeleteObjectTagging"
|
|
|
|
// Object retention and legal hold
|
|
S3_ACTION_GET_OBJECT_RETENTION = "s3:GetObjectRetention"
|
|
S3_ACTION_PUT_OBJECT_RETENTION = "s3:PutObjectRetention"
|
|
S3_ACTION_GET_OBJECT_LEGAL_HOLD = "s3:GetObjectLegalHold"
|
|
S3_ACTION_PUT_OBJECT_LEGAL_HOLD = "s3:PutObjectLegalHold"
|
|
S3_ACTION_BYPASS_GOVERNANCE = "s3:BypassGovernanceRetention"
|
|
|
|
// Multipart upload operations
|
|
S3_ACTION_CREATE_MULTIPART = "s3:CreateMultipartUpload"
|
|
S3_ACTION_UPLOAD_PART = "s3:UploadPart"
|
|
S3_ACTION_COMPLETE_MULTIPART = "s3:CompleteMultipartUpload"
|
|
S3_ACTION_ABORT_MULTIPART = "s3:AbortMultipartUpload"
|
|
S3_ACTION_LIST_PARTS = "s3:ListMultipartUploadParts"
|
|
|
|
// Bucket operations
|
|
S3_ACTION_CREATE_BUCKET = "s3:CreateBucket"
|
|
S3_ACTION_DELETE_BUCKET = "s3:DeleteBucket"
|
|
S3_ACTION_LIST_BUCKET = "s3:ListBucket"
|
|
S3_ACTION_LIST_BUCKET_VERSIONS = "s3:ListBucketVersions"
|
|
S3_ACTION_LIST_MULTIPART_UPLOADS = "s3:ListBucketMultipartUploads"
|
|
|
|
// Bucket ACL operations
|
|
S3_ACTION_GET_BUCKET_ACL = "s3:GetBucketAcl"
|
|
S3_ACTION_PUT_BUCKET_ACL = "s3:PutBucketAcl"
|
|
|
|
// Bucket policy operations
|
|
S3_ACTION_GET_BUCKET_POLICY = "s3:GetBucketPolicy"
|
|
S3_ACTION_PUT_BUCKET_POLICY = "s3:PutBucketPolicy"
|
|
S3_ACTION_DELETE_BUCKET_POLICY = "s3:DeleteBucketPolicy"
|
|
|
|
// Bucket tagging operations
|
|
S3_ACTION_GET_BUCKET_TAGGING = "s3:GetBucketTagging"
|
|
S3_ACTION_PUT_BUCKET_TAGGING = "s3:PutBucketTagging"
|
|
S3_ACTION_DELETE_BUCKET_TAGGING = "s3:DeleteBucketTagging"
|
|
|
|
// Bucket CORS operations
|
|
S3_ACTION_GET_BUCKET_CORS = "s3:GetBucketCors"
|
|
S3_ACTION_PUT_BUCKET_CORS = "s3:PutBucketCors"
|
|
S3_ACTION_DELETE_BUCKET_CORS = "s3:DeleteBucketCors"
|
|
|
|
// Bucket lifecycle operations
|
|
// Note: Both PUT and DELETE lifecycle operations use s3:PutLifecycleConfiguration
|
|
S3_ACTION_GET_BUCKET_LIFECYCLE = "s3:GetLifecycleConfiguration"
|
|
S3_ACTION_PUT_BUCKET_LIFECYCLE = "s3:PutLifecycleConfiguration"
|
|
|
|
// Bucket versioning operations
|
|
S3_ACTION_GET_BUCKET_VERSIONING = "s3:GetBucketVersioning"
|
|
S3_ACTION_PUT_BUCKET_VERSIONING = "s3:PutBucketVersioning"
|
|
|
|
// Bucket location
|
|
S3_ACTION_GET_BUCKET_LOCATION = "s3:GetBucketLocation"
|
|
|
|
// Bucket notification
|
|
S3_ACTION_GET_BUCKET_NOTIFICATION = "s3:GetBucketNotification"
|
|
S3_ACTION_PUT_BUCKET_NOTIFICATION = "s3:PutBucketNotification"
|
|
|
|
// Bucket object lock operations
|
|
S3_ACTION_GET_BUCKET_OBJECT_LOCK = "s3:GetBucketObjectLockConfiguration"
|
|
S3_ACTION_PUT_BUCKET_OBJECT_LOCK = "s3:PutBucketObjectLockConfiguration"
|
|
|
|
// Wildcard for all S3 actions
|
|
S3_ACTION_ALL = "s3:*"
|
|
)
|