Add "s3:*Bucket" permission to enable Delete, Create Bucket UI (#2401)

Co-authored-by: Jillian Inapurapu <[email protected]>

Author: jinapurapu

portal-ui/src/common/SecureComponent/permissions.ts

@@ -22,6 +22,7 @@ export const IAM_ROLES = {
 };
 
 export const IAM_SCOPES = {
+  S3_STAR_BUCKET: "s3:*Bucket",
   S3_LIST_BUCKET: "s3:ListBucket",
   S3_GET_BUCKET_POLICY: "s3:GetBucketPolicy",
   S3_PUT_BUCKET_POLICY: "s3:PutBucketPolicy",
@@ -281,6 +282,7 @@ export const IAM_PERMISSIONS = {
     IAM_SCOPES.ADMIN_LIST_USER_POLICIES,
     IAM_SCOPES.ADMIN_LIST_USERS,
     IAM_SCOPES.ADMIN_HEAL,
+    IAM_SCOPES.S3_STAR_BUCKET,
   ],
   [IAM_ROLES.BUCKET_LIFECYCLE]: [
     IAM_SCOPES.S3_GET_LIFECYCLE_CONFIGURATION,
@@ -526,3 +528,14 @@ export const listGroupPermissions = [
   IAM_SCOPES.ADMIN_LIST_GROUPS,
   IAM_SCOPES.ADMIN_GET_GROUP,
 ];
+
+export const deleteBucketPermissions = [
+  IAM_SCOPES.S3_DELETE_BUCKET,
+  IAM_SCOPES.S3_FORCE_DELETE_BUCKET,
+  IAM_SCOPES.S3_STAR_BUCKET,
+];
+
+export const browseBucketPermissions = [
+  IAM_SCOPES.S3_LIST_BUCKET,
+  IAM_SCOPES.S3_STAR_BUCKET,
+];

portal-ui/src/screens/Console/Buckets/BucketDetails/BrowserHandler.tsx

@@ -110,6 +110,7 @@ const BrowserHandler = () => {
     IAM_SCOPES.S3_LIST_BUCKET_VERSIONS,
     IAM_SCOPES.S3_GET_BUCKET_POLICY_STATUS,
     IAM_SCOPES.S3_DELETE_BUCKET_POLICY,
+    IAM_SCOPES.S3_STAR_BUCKET,
   ]);
 
   const searchBar = (

portal-ui/src/screens/Console/Buckets/BucketDetails/BucketDetails.tsx

@@ -50,6 +50,8 @@ import {
   IAM_PERMISSIONS,
   IAM_ROLES,
   permissionTooltipHelper,
+  deleteBucketPermissions,
+  browseBucketPermissions,
 } from "../../../../common/SecureComponent/permissions";
 import PageLayout from "../../Common/Layout/PageLayout";
 import VerticalTabs from "../../Common/VerticalTabs/VerticalTabs";
@@ -141,11 +143,8 @@ const BucketDetails = ({ classes }: IBucketDetailsProps) => {
   selTab = selTab ? selTab : "summary";
 
   const [activeTab, setActiveTab] = useState(selTab);
-  const canDelete = hasPermission(bucketName, [
-    IAM_SCOPES.S3_DELETE_BUCKET,
-    IAM_SCOPES.S3_FORCE_DELETE_BUCKET,
-  ]);
-  const canBrowse = hasPermission(bucketName, [IAM_SCOPES.S3_LIST_BUCKET]);
+  const canDelete = hasPermission(bucketName, deleteBucketPermissions);
+  const canBrowse = hasPermission(bucketName, browseBucketPermissions);
 
   useEffect(() => {
     setActiveTab(selTab);
@@ -273,10 +272,7 @@ const BucketDetails = ({ classes }: IBucketDetailsProps) => {
             actions={
               <Fragment>
                 <SecureComponent
-                  scopes={[
-                    IAM_SCOPES.S3_DELETE_BUCKET,
-                    IAM_SCOPES.S3_FORCE_DELETE_BUCKET,
-                  ]}
+                  scopes={deleteBucketPermissions}
                   resource={bucketName}
                   errorProps={{ disabled: true }}
                 >

portal-ui/src/screens/Console/Buckets/ListBuckets/ListBuckets.tsx

@@ -215,7 +215,10 @@ const ListBuckets = ({ classes }: IListBucketsProps) => {
     setSelectedBuckets(selectAllBuckets);
   };
 
-  const canCreateBucket = hasPermission("*", [IAM_SCOPES.S3_CREATE_BUCKET]);
+  const canCreateBucket = hasPermission("*", [
+    IAM_SCOPES.S3_CREATE_BUCKET,
+    IAM_SCOPES.S3_STAR_BUCKET,
+  ]);
   const canListBuckets = hasPermission("*", [IAM_SCOPES.S3_LIST_BUCKET]);
 
   return (
@@ -306,7 +309,7 @@ const ListBuckets = ({ classes }: IListBucketsProps) => {
                       ? "Set Lifecycle"
                       : permissionTooltipHelper(
                           IAM_PERMISSIONS[IAM_ROLES.BUCKET_LIFECYCLE],
-                          "configuring lifecycle for the selected buckets"
+                          "configure lifecycle for the selected buckets"
                         )
                   }
                 >
@@ -353,7 +356,7 @@ const ListBuckets = ({ classes }: IListBucketsProps) => {
                     ? ""
                     : permissionTooltipHelper(
                         [IAM_SCOPES.S3_CREATE_BUCKET],
-                        "creating a bucket"
+                        "create a bucket"
                       )
                 }
               >
@@ -429,7 +432,10 @@ const ListBuckets = ({ classes }: IListBucketsProps) => {
                             IAM_SCOPES.S3_LIST_BUCKET +
                             " permission. Please contact your MinIO administrator to establish this permission."}
                         <SecureComponent
-                          scopes={[IAM_SCOPES.S3_CREATE_BUCKET]}
+                          scopes={[
+                            IAM_SCOPES.S3_CREATE_BUCKET,
+                            IAM_SCOPES.S3_STAR_BUCKET,
+                          ]}
                           resource={CONSOLE_UI_RESOURCE}
                         >
                           <br />

portal-ui/src/screens/Console/Buckets/ListBuckets/Objects/ObjectDetails/TagsModal.tsx

@@ -269,7 +269,6 @@ const AddTagModal = ({
                             key={`chip-${index}`}
                             scopes={[IAM_SCOPES.S3_DELETE_OBJECT_TAGGING]}
                             resource={bucketName}
-                            matchAll
                             errorProps={{
                               deleteIcon: null,
                               onDelete: null,