From 1743c5fb734b80df497c28d67f7bc6180a97517a Mon Sep 17 00:00:00 2001
From: Taran Pelkey <tfp5300@psu.edu>
Date: Sat, 6 Dec 2025 21:15:59 -0500
Subject: [PATCH 1/2] add register permission

---
 policy/table-action.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/policy/table-action.go b/policy/table-action.go
index 847f6f5..264396b 100644
--- a/policy/table-action.go
+++ b/policy/table-action.go
@@ -82,6 +82,9 @@ const (
 	// S3TablesPutTablePolicyAction maps to the AWS `PutTablePolicy` S3 Tables action.
 	S3TablesPutTablePolicyAction = "s3tables:PutTablePolicy"
 
+	// S3TablesRegisterTableAction maps to the AWS `RegisterTable` S3 Tables action.
+	S3TablesRegisterTableAction = "s3tables:RegisterTable"
+
 	// S3TablesRenameTableAction maps to the AWS `RenameTable` S3 Tables action.
 	S3TablesRenameTableAction = "s3tables:RenameTable"
 
@@ -239,6 +242,7 @@ var SupportedTableActions = map[TableAction]struct{}{
 	S3TablesPutTableEncryptionAction:                     {},
 	S3TablesPutTableMaintenanceConfigurationAction:       {},
 	S3TablesPutTablePolicyAction:                         {},
+	S3TablesRegisterTableAction:                          {},
 	S3TablesRenameTableAction:                            {},
 	S3TablesUpdateTableMetadataLocationAction:            {},
 	S3TablesCreateWarehouseAction:                        {},
@@ -334,6 +338,7 @@ func createTableActionConditionKeyMap() map[Action]condition.KeySet {
 	tableActionConditionKeyMap[S3TablesPutTableEncryptionAction] = withCommon(s3TablesNamespaceKey, s3TablesKMSKeyKey, s3TablesSSEAlgorithmKey)
 	tableActionConditionKeyMap[S3TablesPutTableMaintenanceConfigurationAction] = withCommon(s3TablesNamespaceKey, s3TablesTableNameKey)
 	tableActionConditionKeyMap[S3TablesPutTablePolicyAction] = withCommon(s3TablesNamespaceKey, s3TablesTableNameKey)
+	tableActionConditionKeyMap[S3TablesRegisterTableAction] = withCommon(s3TablesNamespaceKey, s3TablesTableNameKey)
 	tableActionConditionKeyMap[S3TablesRenameTableAction] = withCommon(s3TablesNamespaceKey, s3TablesTableNameKey)
 	tableActionConditionKeyMap[S3TablesUpdateTableMetadataLocationAction] = withCommon(s3TablesNamespaceKey, s3TablesTableNameKey)
 	tableActionConditionKeyMap[S3TablesCreateWarehouseAction] = withCommon(s3TablesKMSKeyKey, s3TablesSSEAlgorithmKey)

From 93cd9219d8f24c990668d05f1ec3da2cccd72761 Mon Sep 17 00:00:00 2001
From: Taran Pelkey <tfp5300@psu.edu>
Date: Thu, 11 Dec 2025 21:07:44 -0500
Subject: [PATCH 2/2] condition key

---
 policy/condition/keyname.go | 4 ++++
 policy/table-action.go      | 4 +++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/policy/condition/keyname.go b/policy/condition/keyname.go
index e2be8f4..82bded6 100644
--- a/policy/condition/keyname.go
+++ b/policy/condition/keyname.go
@@ -74,6 +74,9 @@ const (
 	// S3TablesViewName filters access by the S3 Tables view name within a namespace.
 	S3TablesViewName KeyName = "s3tables:viewName"
 
+	// S3TablesRegisterLocation filters access by the metadata location for table registration.
+	S3TablesRegisterLocation KeyName = "s3tables:registerLocation"
+
 	// S3XAmzCopySource - key representing x-amz-copy-source HTTP header applicable to PutObject API only.
 	S3XAmzCopySource KeyName = "s3:x-amz-copy-source"
 
@@ -289,6 +292,7 @@ var AllSupportedKeys = []KeyName{
 	S3TablesNamespace,
 	S3TablesTableName,
 	S3TablesViewName,
+	S3TablesRegisterLocation,
 	AWSReferer,
 	AWSSourceIP,
 	AWSUserAgent,
diff --git a/policy/table-action.go b/policy/table-action.go
index 264396b..4353933 100644
--- a/policy/table-action.go
+++ b/policy/table-action.go
@@ -287,6 +287,7 @@ func createTableActionConditionKeyMap() map[Action]condition.KeySet {
 	s3TablesViewNameKey := condition.S3TablesViewName.ToKey()
 	s3TablesKMSKeyKey := condition.S3TablesKMSKeyArn.ToKey()
 	s3TablesSSEAlgorithmKey := condition.S3TablesSSEAlgorithm.ToKey()
+	s3TablesRegisterLocationKey := condition.S3TablesRegisterLocation.ToKey()
 
 	withCommon := func(keys ...condition.Key) condition.KeySet {
 		merged := append([]condition.Key{}, commonKeys...)
@@ -306,6 +307,7 @@ func createTableActionConditionKeyMap() map[Action]condition.KeySet {
 		s3TablesViewNameKey,
 		s3TablesKMSKeyKey,
 		s3TablesSSEAlgorithmKey,
+		s3TablesRegisterLocationKey,
 	)
 	tableActionConditionKeyMap[S3TablesCreateNamespaceAction] = withCommon()
 	tableActionConditionKeyMap[S3TablesCreateTableAction] = withCommon(s3TablesNamespaceKey, s3TablesKMSKeyKey, s3TablesSSEAlgorithmKey)
@@ -338,7 +340,7 @@ func createTableActionConditionKeyMap() map[Action]condition.KeySet {
 	tableActionConditionKeyMap[S3TablesPutTableEncryptionAction] = withCommon(s3TablesNamespaceKey, s3TablesKMSKeyKey, s3TablesSSEAlgorithmKey)
 	tableActionConditionKeyMap[S3TablesPutTableMaintenanceConfigurationAction] = withCommon(s3TablesNamespaceKey, s3TablesTableNameKey)
 	tableActionConditionKeyMap[S3TablesPutTablePolicyAction] = withCommon(s3TablesNamespaceKey, s3TablesTableNameKey)
-	tableActionConditionKeyMap[S3TablesRegisterTableAction] = withCommon(s3TablesNamespaceKey, s3TablesTableNameKey)
+	tableActionConditionKeyMap[S3TablesRegisterTableAction] = withCommon(s3TablesNamespaceKey, s3TablesTableNameKey, s3TablesRegisterLocationKey)
 	tableActionConditionKeyMap[S3TablesRenameTableAction] = withCommon(s3TablesNamespaceKey, s3TablesTableNameKey)
 	tableActionConditionKeyMap[S3TablesUpdateTableMetadataLocationAction] = withCommon(s3TablesNamespaceKey, s3TablesTableNameKey)
 	tableActionConditionKeyMap[S3TablesCreateWarehouseAction] = withCommon(s3TablesKMSKeyKey, s3TablesSSEAlgorithmKey)