Support wildcard list actions (#2520)

Author: reivaj05

portal-ui/src/common/SecureComponent/permissions.ts

@@ -24,6 +24,7 @@ export const IAM_ROLES = {
 export const IAM_SCOPES = {
   S3_STAR_BUCKET: "s3:*Bucket",
   S3_LIST_BUCKET: "s3:ListBucket",
+  S3_ALL_LIST_BUCKET: "s3:List*",
   S3_GET_BUCKET_POLICY: "s3:GetBucketPolicy",
   S3_PUT_BUCKET_POLICY: "s3:PutBucketPolicy",
   S3_GET_OBJECT: "s3:GetObject",
@@ -238,7 +239,10 @@ export const IAM_PERMISSIONS = {
     IAM_SCOPES.S3_PUT_OBJECT,
     IAM_SCOPES.S3_DELETE_OBJECT,
   ],
-  [IAM_ROLES.BUCKET_VIEWER]: [IAM_SCOPES.S3_LIST_BUCKET],
+  [IAM_ROLES.BUCKET_VIEWER]: [
+    IAM_SCOPES.S3_LIST_BUCKET,
+    IAM_SCOPES.S3_ALL_LIST_BUCKET,
+  ],
   [IAM_ROLES.BUCKET_ADMIN]: [
     IAM_SCOPES.S3_ALL_ACTIONS,
     IAM_SCOPES.ADMIN_ALL_ACTIONS,
@@ -585,4 +589,7 @@ export const deleteBucketPermissions = [
   IAM_SCOPES.S3_FORCE_DELETE_BUCKET,
 ];
 
-export const browseBucketPermissions = [IAM_SCOPES.S3_LIST_BUCKET];
+export const browseBucketPermissions = [
+  IAM_SCOPES.S3_LIST_BUCKET,
+  IAM_SCOPES.S3_ALL_LIST_BUCKET,
+];

portal-ui/src/screens/Console/Buckets/BucketDetails/BrowserHandler.tsx

@@ -381,6 +381,7 @@ const BrowserHandler = () => {
 
   const displayListObjects = hasPermission(bucketName, [
     IAM_SCOPES.S3_LIST_BUCKET,
+    IAM_SCOPES.S3_ALL_LIST_BUCKET,
   ]);
 
   // Common objects list
@@ -529,7 +530,7 @@ const BrowserHandler = () => {
     <Fragment>
       {!versionsMode ? (
         <SecureComponent
-          scopes={[IAM_SCOPES.S3_LIST_BUCKET]}
+          scopes={[IAM_SCOPES.S3_LIST_BUCKET, IAM_SCOPES.S3_ALL_LIST_BUCKET]}
           resource={bucketName}
           errorProps={{ disabled: true }}
         >

portal-ui/src/screens/Console/Buckets/ListBuckets/ListBuckets.tsx

@@ -220,7 +220,10 @@ const ListBuckets = ({ classes }: IListBucketsProps) => {
   };
 
   const canCreateBucket = hasPermission("*", [IAM_SCOPES.S3_CREATE_BUCKET]);
-  const canListBuckets = hasPermission("*", [IAM_SCOPES.S3_LIST_BUCKET]);
+  const canListBuckets = hasPermission("*", [
+    IAM_SCOPES.S3_LIST_BUCKET,
+    IAM_SCOPES.S3_ALL_LIST_BUCKET,
+  ]);
 
   return (
     <Fragment>
@@ -453,7 +456,10 @@ const ListBuckets = ({ classes }: IListBucketsProps) => {
                           <Fragment>
                             <br />
                             {permissionTooltipHelper(
-                              [IAM_SCOPES.S3_LIST_BUCKET],
+                              [
+                                IAM_SCOPES.S3_LIST_BUCKET,
+                                IAM_SCOPES.S3_ALL_LIST_BUCKET,
+                              ],
                               "view the buckets on this server"
                             )}
                             <br />

portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjects.tsx

@@ -955,6 +955,7 @@ const ListObjects = () => {
                       disabled={
                         !hasPermission(bucketName, [
                           IAM_SCOPES.S3_LIST_BUCKET,
+                          IAM_SCOPES.S3_ALL_LIST_BUCKET,
                         ]) || rewindEnabled
                       }
                     />
@@ -1016,7 +1017,10 @@ const ListObjects = () => {
               </Fragment>
             ) : (
               <SecureComponent
-                scopes={[IAM_SCOPES.S3_LIST_BUCKET]}
+                scopes={[
+                  IAM_SCOPES.S3_LIST_BUCKET,
+                  IAM_SCOPES.S3_ALL_LIST_BUCKET,
+                ]}
                 resource={bucketName}
                 errorProps={{ disabled: true }}
               >
@@ -1050,7 +1054,10 @@ const ListObjects = () => {
               </SecureComponent>
             )}
             <SecureComponent
-              scopes={[IAM_SCOPES.S3_LIST_BUCKET]}
+              scopes={[
+                IAM_SCOPES.S3_LIST_BUCKET,
+                IAM_SCOPES.S3_ALL_LIST_BUCKET,
+              ]}
               resource={bucketName}
               errorProps={{ disabled: true }}
             >

portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ListObjects/ListObjectsTable.tsx

@@ -114,6 +114,7 @@ const ListObjectsTable = () => {
 
   const displayListObjects = hasPermission(bucketName, [
     IAM_SCOPES.S3_LIST_BUCKET,
+    IAM_SCOPES.S3_ALL_LIST_BUCKET,
   ]);
 
   const filteredRecords = records.filter((b: BucketObjectItem) => {
@@ -221,7 +222,7 @@ const ListObjectsTable = () => {
       customEmptyMessage={
         !displayListObjects
           ? permissionTooltipHelper(
-              [IAM_SCOPES.S3_LIST_BUCKET],
+              [IAM_SCOPES.S3_LIST_BUCKET, IAM_SCOPES.S3_ALL_LIST_BUCKET],
               "view Objects in this bucket"
             )
           : `This location is empty${

portal-ui/src/screens/Console/ObjectBrowser/OBBucketList.tsx

@@ -129,7 +129,10 @@ const OBListBuckets = () => {
 
   const hasBuckets = records.length > 0;
 
-  const canListBuckets = hasPermission("*", [IAM_SCOPES.S3_LIST_BUCKET]);
+  const canListBuckets = hasPermission("*", [
+    IAM_SCOPES.S3_LIST_BUCKET,
+    IAM_SCOPES.S3_ALL_LIST_BUCKET,
+  ]);
 
   const tableActions = [
     {
@@ -276,7 +279,10 @@ const OBListBuckets = () => {
                           <Fragment>
                             <br />
                             {permissionTooltipHelper(
-                              [IAM_SCOPES.S3_LIST_BUCKET],
+                              [
+                                IAM_SCOPES.S3_LIST_BUCKET,
+                                IAM_SCOPES.S3_ALL_LIST_BUCKET,
+                              ],
                               "view the buckets on this server"
                             )}
                             <br />

portal-ui/tests/utils/elements.ts

@@ -141,7 +141,7 @@ export const table = Selector(".ReactVirtualized__Table");
 export const bucketsTableDisabled = Selector("#object-list-wrapper")
   .find(".MuiPaper-root")
   .withText(
-    "You require additional permissions in order to view Objects in this bucket. Please ask your MinIO administrator to grant you s3:ListBucket permission in order to view Objects in this bucket."
+    "You require additional permissions in order to view Objects in this bucket. Please ask your MinIO administrator to grant you"
   );
 export const createGroupUserTable = Selector(
   ".MuiDialog-container .ReactVirtualized__Table"