diff --git a/policy/condition/keyname.go b/policy/condition/keyname.go index e2be8f4..82bded6 100644 --- a/policy/condition/keyname.go +++ b/policy/condition/keyname.go @@ -74,6 +74,9 @@ const ( // S3TablesViewName filters access by the S3 Tables view name within a namespace. S3TablesViewName KeyName = "s3tables:viewName" + // S3TablesRegisterLocation filters access by the metadata location for table registration. + S3TablesRegisterLocation KeyName = "s3tables:registerLocation" + // S3XAmzCopySource - key representing x-amz-copy-source HTTP header applicable to PutObject API only. S3XAmzCopySource KeyName = "s3:x-amz-copy-source" @@ -289,6 +292,7 @@ var AllSupportedKeys = []KeyName{ S3TablesNamespace, S3TablesTableName, S3TablesViewName, + S3TablesRegisterLocation, AWSReferer, AWSSourceIP, AWSUserAgent, diff --git a/policy/table-action.go b/policy/table-action.go index 847f6f5..4353933 100644 --- a/policy/table-action.go +++ b/policy/table-action.go @@ -82,6 +82,9 @@ const ( // S3TablesPutTablePolicyAction maps to the AWS `PutTablePolicy` S3 Tables action. S3TablesPutTablePolicyAction = "s3tables:PutTablePolicy" + // S3TablesRegisterTableAction maps to the AWS `RegisterTable` S3 Tables action. + S3TablesRegisterTableAction = "s3tables:RegisterTable" + // S3TablesRenameTableAction maps to the AWS `RenameTable` S3 Tables action. S3TablesRenameTableAction = "s3tables:RenameTable" @@ -239,6 +242,7 @@ var SupportedTableActions = map[TableAction]struct{}{ S3TablesPutTableEncryptionAction: {}, S3TablesPutTableMaintenanceConfigurationAction: {}, S3TablesPutTablePolicyAction: {}, + S3TablesRegisterTableAction: {}, S3TablesRenameTableAction: {}, S3TablesUpdateTableMetadataLocationAction: {}, S3TablesCreateWarehouseAction: {}, @@ -283,6 +287,7 @@ func createTableActionConditionKeyMap() map[Action]condition.KeySet { s3TablesViewNameKey := condition.S3TablesViewName.ToKey() s3TablesKMSKeyKey := condition.S3TablesKMSKeyArn.ToKey() s3TablesSSEAlgorithmKey := condition.S3TablesSSEAlgorithm.ToKey() + s3TablesRegisterLocationKey := condition.S3TablesRegisterLocation.ToKey() withCommon := func(keys ...condition.Key) condition.KeySet { merged := append([]condition.Key{}, commonKeys...) @@ -302,6 +307,7 @@ func createTableActionConditionKeyMap() map[Action]condition.KeySet { s3TablesViewNameKey, s3TablesKMSKeyKey, s3TablesSSEAlgorithmKey, + s3TablesRegisterLocationKey, ) tableActionConditionKeyMap[S3TablesCreateNamespaceAction] = withCommon() tableActionConditionKeyMap[S3TablesCreateTableAction] = withCommon(s3TablesNamespaceKey, s3TablesKMSKeyKey, s3TablesSSEAlgorithmKey) @@ -334,6 +340,7 @@ func createTableActionConditionKeyMap() map[Action]condition.KeySet { tableActionConditionKeyMap[S3TablesPutTableEncryptionAction] = withCommon(s3TablesNamespaceKey, s3TablesKMSKeyKey, s3TablesSSEAlgorithmKey) tableActionConditionKeyMap[S3TablesPutTableMaintenanceConfigurationAction] = withCommon(s3TablesNamespaceKey, s3TablesTableNameKey) tableActionConditionKeyMap[S3TablesPutTablePolicyAction] = withCommon(s3TablesNamespaceKey, s3TablesTableNameKey) + tableActionConditionKeyMap[S3TablesRegisterTableAction] = withCommon(s3TablesNamespaceKey, s3TablesTableNameKey, s3TablesRegisterLocationKey) tableActionConditionKeyMap[S3TablesRenameTableAction] = withCommon(s3TablesNamespaceKey, s3TablesTableNameKey) tableActionConditionKeyMap[S3TablesUpdateTableMetadataLocationAction] = withCommon(s3TablesNamespaceKey, s3TablesTableNameKey) tableActionConditionKeyMap[S3TablesCreateWarehouseAction] = withCommon(s3TablesKMSKeyKey, s3TablesSSEAlgorithmKey)