Enhance IAM policy validation

[kshamajain99]

Is this a BUG REPORT or FEATURE REQUEST?:

What happened:
Currently, in order to validate an iam policy we ask administrator to configure two different parameters (allowedPolicyAction and restrictedS3Resource). After which, for a policy action we loop through list of allowed policy actions. Once found in allowed list we check that if it is a S3 related action, we make sure that in is not in the list of restricted s3 resources.

In future, someone might want to restricted another resource lets say route53. Then, instead of adding one more parameter for restricted route53 resource in config map. We should enhance validation logic to take one document for validIAMPolicy which contains all whitelist and restricted resources.

What you expected to happen:
We should make our validation logic more scalable.

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

Environment:

• iam-manager version
• Kubernetes version :

$ kubectl version -o yaml

Other debugging information (if applicable):

- controller logs:

$ kubectl logs

[wanghong230]

• Design the pattern as the first target