CR changes

Signed-off-by: shirady <57721533+shirady@users.noreply.github.com>

Author: shirady

src/endpoint/iam/iam_utils.js

@@ -67,16 +67,17 @@ function get_iam_username(requested_account_name) {
 }
 
 /**
- * _create_detailed_message_for_access_in_s3 returns a detailed message with details needed for user who
+ * _create_detailed_message_for_iam_user_access_in_s3 returns a detailed message with details needed for user who
  * tried to perform S3 operation
  *  - resource_arn is only relevant for operations related to a bucket
- * @param {object} requesting_account
+ * @param {object} user_account
  * @param {string|string[]} method
  * @param {string} resource_arn
  */
-function _create_detailed_message_for_access_in_s3(requesting_account, method, resource_arn) {
-    const arn_for_requesting_account = create_arn_for_user(requesting_account.owner,
-        get_iam_username(requesting_account.name.unwrap()), requesting_account.iam_path);
+function _create_detailed_message_for_iam_user_access_in_s3(user_account, method, resource_arn) {
+    const owner_account_id = get_owner_account_id(user_account);
+    const arn_for_requesting_account = create_arn_for_user(owner_account_id,
+        get_iam_username(user_account.name.unwrap()), user_account.iam_path);
     const full_action_name = Array.isArray(method) && method.length > 1 ? method[1] : method; // special case for get_object_attributes
 
     const message_start = `User: ${arn_for_requesting_account} is not authorized to perform: ${full_action_name} `;
@@ -878,5 +879,5 @@ exports.validate_tag_user_params = validate_tag_user_params;
 exports.validate_untag_user_params = validate_untag_user_params;
 exports.validate_list_user_tags_params = validate_list_user_tags_params;
 exports.get_owner_account_id = get_owner_account_id;
-exports._create_detailed_message_for_access_in_s3 = _create_detailed_message_for_access_in_s3;
+exports._create_detailed_message_for_iam_user_access_in_s3 = _create_detailed_message_for_iam_user_access_in_s3;
 

src/endpoint/s3/s3_rest.js

@@ -14,7 +14,7 @@ const http_utils = require('../../util/http_utils');
 const signature_utils = require('../../util/signature_utils');
 const config = require('../../../config');
 const s3_utils = require('./s3_utils');
-const { _create_detailed_message_for_access_in_s3 } = require('../iam/iam_utils'); // authorize_request for IAM policy
+const { _create_detailed_message_for_iam_user_access_in_s3 } = require('../iam/iam_utils'); // for IAM policy
 
 const S3_MAX_BODY_LEN = 4 * 1024 * 1024;
 
@@ -378,7 +378,7 @@ async function authorize_request_iam_policy(req) {
 }
 
 function _throw_iam_access_denied_error_for_s3_operation(requesting_account, method, resource_arn) {
-    const message_with_details = _create_detailed_message_for_access_in_s3(requesting_account, method, resource_arn);
+    const message_with_details = _create_detailed_message_for_iam_user_access_in_s3(requesting_account, method, resource_arn);
     const { code, http_code } = S3Error.AccessDenied;
     throw new S3Error({ code, message: message_with_details, http_code});
 }