Add support for new policy conditions (#7024)

This PR implements following condition types - StringEqualsIgnoreCase and StringNotEqualsIgnoreCase - BinaryEquals
2025-11-25 20:16:10 -05:00 · 2018-12-26 17:39:30 -08:00
parent 2db22deb93
commit 4e4f855b30
14 changed files with 1593 additions and 62 deletions
--- a/pkg/policy/condition/key.go
+++ b/pkg/policy/condition/key.go
@@ -68,17 +68,38 @@ const (

 	// AWSSourceIP - key representing client's IP address (not intermittent proxies) of any API.
 	AWSSourceIP = "aws:SourceIp"
+
+	// AWSUserAgent - key representing UserAgent header for any API.
+	AWSUserAgent = "aws:UserAgent"
+
+	// AWSSecureTransport - key representing if the clients request is authenticated or not.
+	AWSSecureTransport = "aws:SecureTransport"
 )

+// AllSupportedKeys - is list of all all supported keys.
+var AllSupportedKeys = []Key{
+	S3XAmzCopySource,
+	S3XAmzServerSideEncryption,
+	S3XAmzServerSideEncryptionAwsKMSKeyID,
+	S3XAmzMetadataDirective,
+	S3XAmzStorageClass,
+	S3LocationConstraint,
+	S3Prefix,
+	S3Delimiter,
+	S3MaxKeys,
+	AWSReferer,
+	AWSSourceIP,
+	AWSUserAgent,
+	AWSSecureTransport,
+	// Add new supported condition keys.
+}
+
 // IsValid - checks if key is valid or not.
 func (key Key) IsValid() bool {
-	switch key {
-	case S3XAmzCopySource, S3XAmzServerSideEncryption, S3XAmzServerSideEncryptionAwsKMSKeyID:
-		fallthrough
-	case S3XAmzMetadataDirective, S3XAmzStorageClass, S3LocationConstraint, S3Prefix:
-		fallthrough
-	case S3Delimiter, S3MaxKeys, AWSReferer, AWSSourceIP:
-		return true
+	for _, supKey := range AllSupportedKeys {
+		if supKey == key {
+			return true
+		}
 	}

 	return false