IAM: configure credentials for a 2nd account

open-io · Feb 28, 2020 · e9cf15e · e9cf15e
1 parent a76956c
commit e9cf15e
Show file tree

Hide file tree

Showing 3 changed files with 59 additions and 0 deletions.
diff --git a/conf/iam_rules.json b/conf/iam_rules.json
@@ -54,5 +54,35 @@
                 ]
             }
         ]
+    },
+    "account2:admin": {
+        "Statement": [
+            {
+                "Sid": "FullAccess",
+                "Action": [
+                    "s3:*"
+                ],
+                "Effect": "Allow",
+                "Resource": [
+                    "*"
+                ]
+            }
+        ]
+    },
+    "account2:user1": {
+        "Statement": [
+            {
+                "Sid": "SharedBucketAllObjects",
+                "Action": [
+                    "s3:GetObject",
+                    "s3:ListBucket"
+                ],
+                "Effect": "Allow",
+                "Resource": [
+                    "arn:aws:s3:::sharedbucket",
+                    "arn:aws:s3:::sharedbucket/*"
+                ]
+            }
+        ]
     }
 }
diff --git a/conf/s3-iam.cfg.in b/conf/s3-iam.cfg.in
@@ -73,6 +73,11 @@ user_demo_demo = DEMO_PASS .admin
 # Unpriviledged user of the account AUTH_demo
 user_demo_user1 = USER_PASS
 
+# Main user of the account AUTH_account2
+user_account2_admin = ADMIN_PASS .admin
+# Unpriviledged user of the account AUTH_account2
+user_account2_user1 = USER_PASS
+
 [filter:versioned_writes]
 use = egg:oioswift#versioned_writes
 allow_versioned_writes = true

diff --git a/tests/functional/common.sh b/tests/functional/common.sh
@@ -73,6 +73,14 @@ aws_secret_access_key=DEMO_PASS
 [user1]
 aws_access_key_id=demo:user1
 aws_secret_access_key=USER_PASS
+
+[a2adm]
+aws_access_key_id=account2:admin
+aws_secret_access_key=ADMIN_PASS
+
+[a2u1]
+aws_access_key_id=account2:user1
+aws_secret_access_key=USER_PASS
 EOF
 
   cat <<EOF >"$HOME/.aws/config"
@@ -85,6 +93,22 @@ s3 =
     multipart_chunksize = 5MB
 
 [profile user1]
+s3 =
+    signature_version = s3
+    max_concurrent_requests = 10
+    max_queue_size = 100
+    multipart_threshold = 15MB
+    multipart_chunksize = 5MB
+
+[profile a2adm]
+s3 =
+    signature_version = s3
+    max_concurrent_requests = 10
+    max_queue_size = 100
+    multipart_threshold = 15MB
+    multipart_chunksize = 5MB
+
+[profile a2u1]
 s3 =
     signature_version = s3
     max_concurrent_requests = 10