Support policy variable replacement (#7085)

This PR supports iam and bucket policies to have policy variable replacements in resource and condition key values. For example - ${aws:username} - ${aws:userid}
2025-11-21 10:16:03 -05:00 · 2019-01-21 10:27:14 +05:30
parent 3265112d04
commit 5353edcc38
19 changed files with 125 additions and 56 deletions
--- a/pkg/policy/statement.go
+++ b/pkg/policy/statement.go
@@ -54,7 +54,7 @@ func (statement Statement) IsAllowed(args Args) bool {
 			resource += args.ObjectName
 		}

-		if !statement.Resources.Match(resource) {
+		if !statement.Resources.Match(resource, args.ConditionValues) {
 			return false
 		}