Allow console to recognize s3.DeleteObject*

[allanrogerr]

Issue

Console searches for the precise policy s3:DeleteObject when allowing a delete of an object or prefix. If a user specifies the usage of the superset s3:DeleteObject*, console will disallow delete, even though this is allowed by api.

This PR allows a user attached to a policy defined with s3:DeleteObject* to be able to delete this object through the Console UI.

How to test

1.- Define infrastructure

mc rb <alias>/bucket-name --force --dangerous
mc mb <alias>/bucket-name

mc cp <file> <alias>/bucket-name/test/hosts

2.- Create a user with restricted privileges using s3:DeleteObject*
e.g.

cat << EOF > bucketpolicy.json
{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Effect": "Allow",
           "Action": [
               "s3:ListBucket",
               "s3:ListAllMyBuckets",
               "s3:GetBucketVersioning",
               "s3:DeleteObject*",
               "s3:ListBucketVersions",
               "s3:GetObject*",
               "s3:PutObject*"
           ],
           "Resource": [
               "arn:aws:s3:::bucket-name",
               "arn:aws:s3:::bucket-name/*"
           ]
       }
   ]
}
EOF

mc admin user rm <alias> test-user
mc admin user add <alias> test-user test-usertest-user
mc alias set test-user <endpoint> test-user test-usertest-user

mc admin policy create <alias> test-policy bucketpolicy.json
mc admin policy detach <alias> test-policy --user test-user
mc admin policy attach <alias> test-policy --user test-user

3.- Login to the UI as test-user and successfully delete the uploaded file

fixes #3217

[bayasdev]

@allanrogerr could you please take a look at the failing test? Thanks!

[allanrogerr]

@allanrogerr could you please take a look at the failing test? Thanks!

It has been failing for > 1 month:
https://github.com/minio/console/actions/runs/12928151749
https://github.com/minio/console/actions/runs/12760775372
https://github.com/minio/console/actions/runs/12550431089
...

Not sure what broke earlier @bayasdev

[allanrogerr]

@allanrogerr could you please take a look at the failing test? Thanks!

I will take a look in a subsequent PR.

[prakashsvmx]

@allanrogerr , Please note , the action needs to be checked for :

• Deleting versions
• Deleting Object tags
• s3:DeleteObjectTagging , s3:DeleteObjectVersion , s3:DeleteObjectVersionTagging these are the action matches for the s3:DeleteObject*

[cesnietor]

@allanrogerr , Please note , the action needs to be checked for :

• Deleting versions
• Deleting Object tags
• s3:DeleteObjectTagging , s3:DeleteObjectVersion , s3:DeleteObjectVersionTagging these are the action matches for the s3:DeleteObject*

@prakashsvmx regarding your comment, is this PR not complete? were you able to test it?