Improvement/arsn 362 implicit deny

[benzekrimaha]

Opened after closed PR here

Adds ImplicitDeny logic to policy checks, where an ImplicitDeny will be sent back in case no policy validates an action, but does not explicitly Deny it either, allowing for bucket policies and other authorization mechanisms to grant permission.

Part of the bucket policy redo epic: https://scality.atlassian.net/jira/software/c/projects/OS/boards/214?selectedIssue=S3C-7756

Green build in Vault and CS: https://github.com/scality/Vault/actions/runs/6694175632/job/18186886853?pr=2135 https://github.com/scality/cloudserver/actions/runs/6693681174/job/18185346914?pr=5322

Would appreciate reviews on Integration branches as well Arsenal version has been bumped lastly

[bert-e]

Hello benzekrimaha,

My role is to assist you with the merge of this pull request. Please type @bert-e help to get information on this process, or consult the user documentation.

Status report is not available.

[bert-e]

Incorrect fix version

The Fix Version/s in issue ARSN-362 contains:

• 7.10.49

• 7.70.13

• 8.1.113

Considering where you are trying to merge, I ignored possible hotfix versions and I expected to find:

• 7.10.49

• 7.70.13

• 8.1.114

Please check the Fix Version/s of ARSN-362, or the target branch of this pull request.

[benzekrimaha]

ping

[bert-e]

Request integration branches

Waiting for integration branch creation to be requested by the user.

To request integration branches, please comment on this pull request with the following command:

/create_integration_branches

Alternatively, the /approve and /create_pull_requests commands will automatically create the integration branches.

[benzekrimaha]

/create_integration_branches

[bert-e]

Integration data created

I have created the integration data for the additional destination branches.

• this pull request will merge improvement/ARSN-362-implicitDeny into development/7.10
• w/7.70/improvement/ARSN-362-implicitDeny will be merged into development/7.70
• w/8.1/improvement/ARSN-362-implicitDeny will be merged into development/8.1

The following branches will NOT be impacted:

• development/6.4
• development/7.4

You can set option create_pull_requests if you need me to create integration pull requests in addition to integration branches, with:

@bert-e create_pull_requests

The following options are set: create_integration_branches

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers

The following options are set: create_integration_branches

[benzekrimaha]

@bert-e create_pull_requests

[bert-e]

Integration data created

I have created the integration data for the additional destination branches.

• this pull request will merge improvement/ARSN-362-implicitDeny into development/7.10
• w/7.70/improvement/ARSN-362-implicitDeny will be merged into development/7.70 (pull request #2182)
• w/8.1/improvement/ARSN-362-implicitDeny will be merged into development/8.1 (pull request #2183)

The following branches will NOT be impacted:

• development/6.4
• development/7.4

Follow integration pull requests if you would like to be notified of build statuses by email.

The following options are set: create_pull_requests, create_integration_branches

[bert-e]

Waiting for approval

The following approvals are needed before I can proceed with the merge:

• the author

• 2 peers

The following options are set: create_pull_requests, create_integration_branches

[benzekrimaha]

ping

[benzekrimaha]

@bert-e approve

[bert-e]

In the queue

The changeset has received all authorizations and has been added to the relevant queue(s). The queue(s) will be merged in the target development branch(es) as soon as builds have passed.

The changeset will be merged in:

• :heavy_check_mark: development/7.10

• :heavy_check_mark: development/7.70

• :heavy_check_mark: development/8.1

The following branches will NOT be impacted:

• development/6.4
• development/7.4

There is no action required on your side. You will be notified here once the changeset has been merged. In the unlikely event that the changeset fails permanently on the queue, a member of the admin team will contact you to help resolve the matter.

IMPORTANT

Please do not attempt to modify this pull request.

• Any commit you add on the source branch will trigger a new cycle after the current queue is merged.
• Any commit you add on one of the integration branches will be lost.

If you need this pull request to be removed from the queue, please contact a member of the admin team now.

The following options are set: approve, create_pull_requests, create_integration_branches

[bert-e]

I have successfully merged the changeset of this pull request into targetted development branches:

• :heavy_check_mark: development/7.10

• :heavy_check_mark: development/7.70

• :heavy_check_mark: development/8.1

The following branches have NOT changed:

• development/6.4
• development/7.4

Please check the status of the associated issue ARSN-362.

Goodbye benzekrimaha.