From 33400b148be3c8ead9f4e2ac7faa789ff479aace Mon Sep 17 00:00:00 2001
From: Eddie Knight <knight@linux.com>
Date: Fri, 6 Dec 2024 03:04:17 -0600
Subject: [PATCH] Polished ObjStor Test Requirements (#577)

Signed-off-by: Eddie Knight <knight@linux.com>
Co-authored-by: Michael Lysaght <31510876+mlysaght2017@users.noreply.github.com>
---
 services/storage/object/controls.yaml | 103 ++++++++++++++++++++------
 1 file changed, 79 insertions(+), 24 deletions(-)

diff --git a/services/storage/object/controls.yaml b/services/storage/object/controls.yaml
index 32b26be1..10f6d771 100644
--- a/services/storage/object/controls.yaml
+++ b/services/storage/object/controls.yaml
@@ -32,8 +32,35 @@ controls:
     test_requirements:
       - id: CCC.ObjStor.C01.TR01
         text: |
-          The service prevents access to any object storage bucket or object
-          that uses KMS keys not listed as trusted by the organization.
+          When a request is made to read a protected bucket, the service
+          MUST prevent any request using KMS keys not listed as trusted by
+          the organization.
+        tlp_levels:
+          - tlp_amber
+          - tlp_red
+      - id: CCC.ObjStor.C01.TR02
+        text: |
+          When a request is made to read a protected object, the service
+          MUST prevent any request using KMS keys not listed as trusted by
+          the organization.
+        tlp_levels:
+          - tlp_amber
+          - tlp_red
+      - id: CCC.ObjStor.C01.TR03
+        text: |
+          When a request is made to write to a bucket, the service MUST
+          prevent any request using KMS keys not listed as trusted by the
+          organization.
+        tlp_levels:
+          - tlp_clear
+          - tlp_green
+          - tlp_amber
+          - tlp_red
+      - id: CCC.ObjStor.C01.TR04
+        text: |
+          When a request is made to write to an object, the service MUST
+          prevent any request using KMS keys not listed as trusted by the
+          organization.
         tlp_levels:
           - tlp_clear
           - tlp_green
@@ -41,8 +68,7 @@ controls:
           - tlp_red
 
   - id: CCC.ObjStor.C02 # Enforce uniform bucket-level access to prevent inconsistent
-    title: Enforce uniform bucket-level access to prevent inconsistent
-      permissions
+    title: Enforce uniform bucket-level access to prevent inconsistent permissions
     control_family: Identity and Access Management
     objective: |
       Ensure that uniform bucket-level access is enforced across all
@@ -52,9 +78,6 @@ controls:
       principle of least privilege.
     threats:
       - CCC.TH01 # Access control is misconfigured
-      - CCC.ObjStor.TH02 # Improper enforcement of object modification locks
-    # Access permissions and authorizations are managed,
-    # incorporating the principles of least privilege and separation of duties
     nist_csf: PR.AC-4
     control_mappings:
       CCM:
@@ -67,10 +90,22 @@ controls:
     test_requirements:
       - id: CCC.ObjStor.C02.TR01
         text: |
-          Bucket-level permissions must be configured uniformly
-          across all buckets, ensuring that object-level permissions
-          cannot be applied without explicit authorization.
+          When a permission set is allowed for an object in a bucket, the
+          service MUST allow the same permission set to access all objects
+          in the same bucket.
+        tlp_levels:
+          - tlp_clear
+          - tlp_green
+          - tlp_amber
+          - tlp_red
+      - id: CCC.ObjStor.C02.TR02
+        text: |
+          When a permission set is denied for an object in a bucket, the
+          service MUST deny the same permission set to access all objects
+          in the same bucket.
         tlp_levels:
+          - tlp_clear
+          - tlp_green
           - tlp_amber
           - tlp_red
 
@@ -86,7 +121,7 @@ controls:
     test_requirements:
       - id: CCC.ObjStor.C03.TR01
         text: |
-          When an object storage bucket deletion is attempted, the bucket must be
+          When an object storage bucket deletion is attempted, the bucket MUST be
           fully recoverable for a set time-frame after deletion is requested.
         tlp_levels:
           - tlp_clear
@@ -95,7 +130,8 @@ controls:
           - tlp_red
       - id: CCC.ObjStor.C03.TR03
         text: |
-          The retention policy for object storage buckets cannot be unset.
+          When an attempt is made to modify the retention policy for an object
+          storage bucket, the service MUST prevent the policy from being modified.
         tlp_levels:
           - tlp_clear
           - tlp_green
@@ -116,9 +152,9 @@ controls:
     test_requirements:
       - id: CCC.ObjStor.C05.TR01
         text: |
-          All objects stored in the object storage system automatically receive
-          a default retention policy that prevents premature deletion or
-          modification.
+          When an object is uploaded to the object storage system, the object
+          MUST automatically receive a default retention policy that prevents
+          premature deletion or modification.
         tlp_levels:
           - tlp_clear
           - tlp_green
@@ -126,8 +162,9 @@ controls:
           - tlp_red
       - id: CCC.ObjStor.C05.TR04
         text: |
-          Attempts to delete or modify objects that are subject to an active
-          retention policy are prevented.
+          When an attempt is made to delete or modify an object that is subject
+          to an active retention policy, the service MUST prevent the action
+          from being completed.
         tlp_levels:
           - tlp_clear
           - tlp_green
@@ -147,9 +184,27 @@ controls:
     test_requirements:
       - id: CCC.ObjStor.C06.TR01
         text: |
-          Verify that when two objects with the same name are uploaded to the
-          bucket, the object with the same name is not overwritten and that
-          both objects are stored with unique identifiers.
+          When an object is uploaded to the object storage bucket, the object
+          MUST be stored with a unique identifier.
+        tlp_levels:
+          - tlp_clear
+          - tlp_green
+          - tlp_amber
+          - tlp_red
+      - id: CCC.ObjStor.C06.TR02
+        text: |
+          When an object is modified, the service MUST assign a new unique
+          identifier to the modified object to differentiate it from the
+          previous version.
+        tlp_levels:
+          - tlp_clear
+          - tlp_green
+          - tlp_amber
+          - tlp_red
+      - id: CCC.ObjStor.C06.TR03
+        text: |
+          When an object is modified, the service MUST allow for recovery
+          of previous versions of the object.
         tlp_levels:
           - tlp_clear
           - tlp_green
@@ -157,8 +212,8 @@ controls:
           - tlp_red
       - id: CCC.ObjStor.C06.TR04
         text: |
-          Previous versions of an object can be accessed and restored after
-          an object is modified or deleted.
+          When an object is deleted, the service MUST retain other versions of
+          the object to allow for recovery of previous versions.
         tlp_levels:
           - tlp_clear
           - tlp_green
@@ -180,8 +235,8 @@ controls:
     test_requirements:
       - id: CCC.ObjStor.C07.TR01
         text: |
-          Access logs for all object storage buckets are stored in a separate
-          data store.
+          When an object storage bucket is accessed, the service MUST store
+          access logs in a separate data store.
         tlp_levels:
           - tlp_amber
           - tlp_red