Mirror
/
MinIO
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3618 Commits
4 Branches
520 Tags
175 MiB
Tree: 85a5c358d8
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '85a5c358d8'
${ noResults }
MinIO/cmd/bucket-policy-parser_test.go

711 lines
28 KiB
Raw Normal View History

bucket-policy parset tests, and bug fixes (#1317)
9 years ago
server: Move all the top level files into cmd folder. (#2490) This change brings a change which was done for the 'mc' package to allow for clean repo and have a cleaner github drop in experience.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
policies: Parser should handle Principals with various forms. (#2733) Handles cases for these three combinations - "Principal": "*", - "Principal": { "AWS" : "*" } - "Principal": { "AWS" : [ "*" ]} Fixes #2732
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
policies: Parser should handle Principals with various forms. (#2733) Handles cases for these three combinations - "Principal": "*", - "Principal": { "AWS" : "*" } - "Principal": { "AWS" : [ "*" ]} Fixes #2732
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
policies: Parser should handle Principals with various forms. (#2733) Handles cases for these three combinations - "Principal": "*", - "Principal": { "AWS" : "*" } - "Principal": { "AWS" : [ "*" ]} Fixes #2732
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
policies: Parser should handle Principals with various forms. (#2733) Handles cases for these three combinations - "Principal": "*", - "Principal": { "AWS" : "*" } - "Principal": { "AWS" : [ "*" ]} Fixes #2732
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
policies: Parser should handle Principals with various forms. (#2733) Handles cases for these three combinations - "Principal": "*", - "Principal": { "AWS" : "*" } - "Principal": { "AWS" : [ "*" ]} Fixes #2732
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
policies: Parser should handle Principals with various forms. (#2733) Handles cases for these three combinations - "Principal": "*", - "Principal": { "AWS" : "*" } - "Principal": { "AWS" : [ "*" ]} Fixes #2732
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
policies: Parser should handle Principals with various forms. (#2733) Handles cases for these three combinations - "Principal": "*", - "Principal": { "AWS" : "*" } - "Principal": { "AWS" : [ "*" ]} Fixes #2732
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
typo: Fix typos across the codebase. (#2442)
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
bucketPolicy: Do not use regexes, just do prefix matches. (#1497) AWS arn supports wildcards and this is flat namespace, simple prefix matching is fine. Fixes #1481 Fixes #1482
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucketPolicy: Do not use regexes, just do prefix matches. (#1497) AWS arn supports wildcards and this is flat namespace, simple prefix matching is fine. Fixes #1481 Fixes #1482
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
typo: Fix typos across the codebase. (#2442)
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
bucketPolicy: Do not use regexes, just do prefix matches. (#1497) AWS arn supports wildcards and this is flat namespace, simple prefix matching is fine. Fixes #1481 Fixes #1482
9 years ago
Cleanup: mispell fixes
9 years ago
bucketPolicy: Do not use regexes, just do prefix matches. (#1497) AWS arn supports wildcards and this is flat namespace, simple prefix matching is fine. Fixes #1481 Fixes #1482
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
typo: Fix typos across the codebase. (#2442)
9 years ago
api: Add new bucket policy nesting error (#1883) * Added ErrPolicyNesting which is returned when nesting of policies has occured * Replaces ErrMalformedPolicy in the case of nesting * Changed test case in bucket-policy-parser_test.go (ErrMalformedPolicy -> ErrPolicyNesting)
9 years ago
bucketPolicy: Do not use regexes, just do prefix matches. (#1497) AWS arn supports wildcards and this is flat namespace, simple prefix matching is fine. Fixes #1481 Fixes #1482
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
policies: Parser should handle Principals with various forms. (#2733) Handles cases for these three combinations - "Principal": "*", - "Principal": { "AWS" : "*" } - "Principal": { "AWS" : [ "*" ]} Fixes #2732
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
9 years ago
bucket-policy parset tests, and bug fixes (#1317)
9 years ago
  1. /*
  2. * Minio Cloud Storage, (C) 2015, 2016 Minio, Inc.
  3. *
  4. * Licensed under the Apache License, Version 2.0 (the "License");
  5. * you may not use this file except in compliance with the License.
  6. * You may obtain a copy of the License at
  7. *
  8. * http://www.apache.org/licenses/LICENSE-2.0
  9. *
  10. * Unless required by applicable law or agreed to in writing, software
  11. * distributed under the License is distributed on an "AS IS" BASIS,
  12. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13. * See the License for the specific language governing permissions and
  14. * limitations under the License.
  15. */
  16. package cmd
  18. import (
  19. "bytes"
  20. "encoding/json"
  21. "errors"
  22. "fmt"
  23. "testing"
  25. "github.com/minio/minio-go/pkg/set"
  26. )
  28. // Common bucket actions for both read and write policies.
  29. var (
  30. readWriteBucketActions = []string{
  31. "s3:GetBucketLocation",
  32. "s3:ListBucket",
  33. "s3:ListBucketMultipartUploads",
  34. // Add more bucket level read-write actions here.
  35. }
  36. readWriteObjectActions = []string{
  37. "s3:AbortMultipartUpload",
  38. "s3:DeleteObject",
  39. "s3:GetObject",
  40. "s3:ListMultipartUploadParts",
  41. "s3:PutObject",
  42. // Add more object level read-write actions here.
  43. }
  44. )
  46. // Write only actions.
  47. var (
  48. writeOnlyBucketActions = []string{
  49. "s3:GetBucketLocation",
  50. "s3:ListBucketMultipartUploads",
  51. // Add more bucket level write actions here.
  52. }
  53. writeOnlyObjectActions = []string{
  54. "s3:AbortMultipartUpload",
  55. "s3:DeleteObject",
  56. "s3:ListMultipartUploadParts",
  57. "s3:PutObject",
  58. // Add more object level write actions here.
  59. }
  60. )
  62. // Read only actions.
  63. var (
  64. readOnlyBucketActions = []string{
  65. "s3:GetBucketLocation",
  66. "s3:ListBucket",
  67. // Add more bucket level read actions here.
  68. }
  69. readOnlyObjectActions = []string{
  70. "s3:GetObject",
  71. // Add more object level read actions here.
  72. }
  73. )
  75. // Obtain bucket statement for read-write bucketPolicy.
  76. func getReadWriteObjectStatement(bucketName, objectPrefix string) policyStatement {
  77. objectResourceStatement := policyStatement{}
  78. objectResourceStatement.Effect = "Allow"
  79. objectResourceStatement.Principal = map[string]interface{}{
  80. "AWS": "*",
  81. }
  82. objectResourceStatement.Resources = set.CreateStringSet([]string{fmt.Sprintf("%s%s", AWSResourcePrefix, bucketName+"/"+objectPrefix+"*")}...)
  83. objectResourceStatement.Actions = set.CreateStringSet(readWriteObjectActions...)
  84. return objectResourceStatement
  85. }
  87. // Obtain object statement for read-write bucketPolicy.
  88. func getReadWriteBucketStatement(bucketName, objectPrefix string) policyStatement {
  89. bucketResourceStatement := policyStatement{}
  90. bucketResourceStatement.Effect = "Allow"
  91. bucketResourceStatement.Principal = map[string]interface{}{
  92. "AWS": "*",
  93. }
  94. bucketResourceStatement.Resources = set.CreateStringSet([]string{fmt.Sprintf("%s%s", AWSResourcePrefix, bucketName)}...)
  95. bucketResourceStatement.Actions = set.CreateStringSet(readWriteBucketActions...)
  96. return bucketResourceStatement
  97. }
  99. // Obtain statements for read-write bucketPolicy.
  100. func getReadWriteStatement(bucketName, objectPrefix string) []policyStatement {
  101. statements := []policyStatement{}
  102. // Save the read write policy.
  103. statements = append(statements, getReadWriteBucketStatement(bucketName, objectPrefix), getReadWriteObjectStatement(bucketName, objectPrefix))
  104. return statements
  105. }
  107. // Obtain bucket statement for read only bucketPolicy.
  108. func getReadOnlyBucketStatement(bucketName, objectPrefix string) policyStatement {
  109. bucketResourceStatement := policyStatement{}
  110. bucketResourceStatement.Effect = "Allow"
  111. bucketResourceStatement.Principal = map[string]interface{}{
  112. "AWS": "*",
  113. }
  114. bucketResourceStatement.Resources = set.CreateStringSet([]string{fmt.Sprintf("%s%s", AWSResourcePrefix, bucketName)}...)
  115. bucketResourceStatement.Actions = set.CreateStringSet(readOnlyBucketActions...)
  116. return bucketResourceStatement
  117. }
  119. // Obtain object statement for read only bucketPolicy.
  120. func getReadOnlyObjectStatement(bucketName, objectPrefix string) policyStatement {
  121. objectResourceStatement := policyStatement{}
  122. objectResourceStatement.Effect = "Allow"
  123. objectResourceStatement.Principal = map[string]interface{}{
  124. "AWS": "*",
  125. }
  126. objectResourceStatement.Resources = set.CreateStringSet([]string{fmt.Sprintf("%s%s", AWSResourcePrefix, bucketName+"/"+objectPrefix+"*")}...)
  127. objectResourceStatement.Actions = set.CreateStringSet(readOnlyObjectActions...)
  128. return objectResourceStatement
  129. }
  131. // Obtain statements for read only bucketPolicy.
  132. func getReadOnlyStatement(bucketName, objectPrefix string) []policyStatement {
  133. statements := []policyStatement{}
  134. // Save the read only policy.
  135. statements = append(statements, getReadOnlyBucketStatement(bucketName, objectPrefix), getReadOnlyObjectStatement(bucketName, objectPrefix))
  136. return statements
  137. }
  139. // Obtain bucket statements for write only bucketPolicy.
  140. func getWriteOnlyBucketStatement(bucketName, objectPrefix string) policyStatement {
  142. bucketResourceStatement := policyStatement{}
  143. bucketResourceStatement.Effect = "Allow"
  144. bucketResourceStatement.Principal = map[string]interface{}{
  145. "AWS": "*",
  146. }
  147. bucketResourceStatement.Resources = set.CreateStringSet([]string{fmt.Sprintf("%s%s", AWSResourcePrefix, bucketName)}...)
  148. bucketResourceStatement.Actions = set.CreateStringSet(writeOnlyBucketActions...)
  149. return bucketResourceStatement
  150. }
  152. // Obtain object statements for write only bucketPolicy.
  153. func getWriteOnlyObjectStatement(bucketName, objectPrefix string) policyStatement {
  154. objectResourceStatement := policyStatement{}
  155. objectResourceStatement.Effect = "Allow"
  156. objectResourceStatement.Principal = map[string]interface{}{
  157. "AWS": "*",
  158. }
  159. objectResourceStatement.Resources = set.CreateStringSet([]string{fmt.Sprintf("%s%s", AWSResourcePrefix, bucketName+"/"+objectPrefix+"*")}...)
  160. objectResourceStatement.Actions = set.CreateStringSet(writeOnlyObjectActions...)
  161. return objectResourceStatement
  162. }
  164. // Obtain statements for write only bucketPolicy.
  165. func getWriteOnlyStatement(bucketName, objectPrefix string) []policyStatement {
  166. statements := []policyStatement{}
  167. // Write only policy.
  168. // Save the write only policy.
  169. statements = append(statements, getWriteOnlyBucketStatement(bucketName, objectPrefix), getWriteOnlyBucketStatement(bucketName, objectPrefix))
  170. return statements
  171. }
  173. // Tests validate Action validator.
  174. func TestIsValidActions(t *testing.T) {
  175. testCases := []struct {
  176. // input.
  177. actions set.StringSet
  178. // expected output.
  179. err error
  180. // flag indicating whether the test should pass.
  181. shouldPass bool
  182. }{
  183. // Inputs with unsupported Action.
  184. // Test case - 1.
  185. // "s3:ListObject" is an invalid Action.
  186. {set.CreateStringSet([]string{"s3:GetObject", "s3:ListObject", "s3:RemoveObject"}...),
  187. errors.New("Unsupported actions found: ‘set.StringSet{\"s3:RemoveObject\":struct {}{}, \"s3:ListObject\":struct {}{}}’, please validate your policy document."), false},
  188. // Test case - 2.
  189. // Empty Actions.
  190. {set.CreateStringSet([]string{}...), errors.New("Action list cannot be empty."), false},
  191. // Test case - 3.
  192. // "s3:DeleteEverything"" is an invalid Action.
  193. {set.CreateStringSet([]string{"s3:GetObject", "s3:ListBucket", "s3:PutObject", "s3:DeleteEverything"}...),
  194. errors.New("Unsupported actions found: ‘set.StringSet{\"s3:DeleteEverything\":struct {}{}}’, please validate your policy document."), false},
  195. // Inputs with valid Action.
  196. // Test Case - 4.
  197. {set.CreateStringSet([]string{
  198. "s3:*", "*", "s3:GetObject", "s3:ListBucket",
  199. "s3:PutObject", "s3:GetBucketLocation", "s3:DeleteObject",
  200. "s3:AbortMultipartUpload", "s3:ListBucketMultipartUploads",
  201. "s3:ListMultipartUploadParts"}...), nil, true},
  202. }
  203. for i, testCase := range testCases {
  204. err := isValidActions(testCase.actions)
  205. if err != nil && testCase.shouldPass {
  206. t.Errorf("Test %d: Expected to pass, but failed with: <ERROR> %s", i+1, err.Error())
  207. }
  208. if err == nil && !testCase.shouldPass {
  209. t.Errorf("Test %d: Expected to fail with <ERROR> \"%s\", but passed instead", i+1, testCase.err.Error())
  210. }
  211. }
  212. }
  214. // Tests validate Effect validator.
  215. func TestIsValidEffect(t *testing.T) {
  216. testCases := []struct {
  217. // input.
  218. effect string
  219. // expected output.
  220. err error
  221. // flag indicating whether the test should pass.
  222. shouldPass bool
  223. }{
  224. // Inputs with unsupported Effect.
  225. // Test case - 1.
  226. {"", errors.New("Policy effect cannot be empty."), false},
  227. // Test case - 2.
  228. {"DontAllow", errors.New("Unsupported Effect found: ‘DontAllow’, please validate your policy document."), false},
  229. // Test case - 3.
  230. {"NeverAllow", errors.New("Unsupported Effect found: ‘NeverAllow’, please validate your policy document."), false},
  231. // Test case - 4.
  232. {"AllowAlways", errors.New("Unsupported Effect found: ‘AllowAlways’, please validate your policy document."), false},
  234. // Inputs with valid Effect.
  235. // Test Case - 5.
  236. {"Allow", nil, true},
  237. // Test Case - 6.
  238. {"Deny", nil, true},
  239. }
  240. for i, testCase := range testCases {
  241. err := isValidEffect(testCase.effect)
  242. if err != nil && testCase.shouldPass {
  243. t.Errorf("Test %d: Expected to pass, but failed with: <ERROR> %s", i+1, err.Error())
  244. }
  245. if err == nil && !testCase.shouldPass {
  246. t.Errorf("Test %d: Expected to fail with <ERROR> \"%s\", but passed instead", i+1, testCase.err.Error())
  247. }
  248. // Failed as expected, but does it fail for the expected reason.
  249. if err != nil && !testCase.shouldPass {
  250. if err.Error() != testCase.err.Error() {
  251. t.Errorf("Test %d: Expected to fail with error \"%s\", but instead failed with error \"%s\"", i+1, testCase.err.Error(), err.Error())
  252. }
  253. }
  254. }
  255. }
  257. // Tests validate Resources validator.
  258. func TestIsValidResources(t *testing.T) {
  259. testCases := []struct {
  260. // input.
  261. resources []string
  262. // expected output.
  263. err error
  264. // flag indicating whether the test should pass.
  265. shouldPass bool
  266. }{
  267. // Inputs with unsupported Action.
  268. // Test case - 1.
  269. // Empty Resources.
  270. {[]string{}, errors.New("Resource list cannot be empty."), false},
  271. // Test case - 2.
  272. // A valid resource should have prefix "arn:aws:s3:::".
  273. {[]string{"my-resource"}, errors.New("Unsupported resource style found: ‘my-resource’, please validate your policy document."), false},
  274. // Test case - 3.
  275. // A Valid resource should have bucket name followed by "arn:aws:s3:::".
  276. {[]string{"arn:aws:s3:::"}, errors.New("Invalid resource style found: ‘arn:aws:s3:::’, please validate your policy document."), false},
  277. // Test Case - 4.
  278. // Valid resource shouldn't have slash('/') followed by "arn:aws:s3:::".
  279. {[]string{"arn:aws:s3:::/"}, errors.New("Invalid resource style found: ‘arn:aws:s3:::/’, please validate your policy document."), false},
  281. // Test cases with valid Resources.
  282. {[]string{"arn:aws:s3:::my-bucket"}, nil, true},
  283. {[]string{"arn:aws:s3:::my-bucket/Asia/*"}, nil, true},
  284. {[]string{"arn:aws:s3:::my-bucket/Asia/India/*"}, nil, true},
  285. }
  286. for i, testCase := range testCases {
  287. err := isValidResources(set.CreateStringSet(testCase.resources...))
  288. if err != nil && testCase.shouldPass {
  289. t.Errorf("Test %d: Expected to pass, but failed with: <ERROR> %s", i+1, err.Error())
  290. }
  291. if err == nil && !testCase.shouldPass {
  292. t.Errorf("Test %d: Expected to fail with <ERROR> \"%s\", but passed instead", i+1, testCase.err.Error())
  293. }
  294. // Failed as expected, but does it fail for the expected reason.
  295. if err != nil && !testCase.shouldPass {
  296. if err.Error() != testCase.err.Error() {
  297. t.Errorf("Test %d: Expected to fail with error \"%s\", but instead failed with error \"%s\"", i+1, testCase.err.Error(), err.Error())
  298. }
  299. }
  300. }
  301. }
  303. // Tests validate principals validator.
  304. func TestIsValidPrincipals(t *testing.T) {
  305. testCases := []struct {
  306. // input.
  307. principals []string
  308. // expected output.
  309. err error
  310. // flag indicating whether the test should pass.
  311. shouldPass bool
  312. }{
  313. // Inputs with unsupported Principals.
  314. // Test case - 1.
  315. // Empty Principals list.
  316. {[]string{}, errors.New("Principal cannot be empty."), false},
  317. // Test case - 2.
  318. // "*" is the only valid principal.
  319. {[]string{"my-principal"}, errors.New("Unsupported principals found: ‘set.StringSet{\"my-principal\":struct {}{}}’, please validate your policy document."), false},
  320. // Test case - 3.
  321. {[]string{"*", "111122233"}, errors.New("Unsupported principals found: ‘set.StringSet{\"111122233\":struct {}{}}’, please validate your policy document."), false},
  322. // Test case - 4.
  323. // Test case with valid principal value.
  324. {[]string{"*"}, nil, true},
  325. }
  326. for i, testCase := range testCases {
  327. err := isValidPrincipals(map[string]interface{}{
  328. "AWS": testCase.principals,
  329. })
  330. if err != nil && testCase.shouldPass {
  331. t.Errorf("Test %d: Expected to pass, but failed with: <ERROR> %s", i+1, err.Error())
  332. }
  333. if err == nil && !testCase.shouldPass {
  334. t.Errorf("Test %d: Expected to fail with <ERROR> \"%s\", but passed instead", i+1, testCase.err.Error())
  335. }
  336. // Failed as expected, but does it fail for the expected reason.
  337. if err != nil && !testCase.shouldPass {
  338. if err.Error() != testCase.err.Error() {
  339. t.Errorf("Test %d: Expected to fail with error \"%s\", but instead failed with error \"%s\"", i+1, testCase.err.Error(), err.Error())
  340. }
  341. }
  342. }
  343. }
  345. // Tests validate policyStatement condition validator.
  346. func TestIsValidConditions(t *testing.T) {
  347. // returns empty conditions map.
  348. setEmptyConditions := func() map[string]map[string]set.StringSet {
  349. return make(map[string]map[string]set.StringSet)
  350. }
  352. // returns map with the "StringEquals" set to empty map.
  353. setEmptyStringEquals := func() map[string]map[string]set.StringSet {
  354. emptyMap := make(map[string]set.StringSet)
  355. conditions := make(map[string]map[string]set.StringSet)
  356. conditions["StringEquals"] = emptyMap
  357. return conditions
  359. }
  361. // returns map with the "StringNotEquals" set to empty map.
  362. setEmptyStringNotEquals := func() map[string]map[string]set.StringSet {
  363. emptyMap := make(map[string]set.StringSet)
  364. conditions := make(map[string]map[string]set.StringSet)
  365. conditions["StringNotEquals"] = emptyMap
  366. return conditions
  368. }
  369. // Generate conditions.
  370. generateConditions := func(key1, key2, value string) map[string]map[string]set.StringSet {
  371. innerMap := make(map[string]set.StringSet)
  372. innerMap[key2] = set.CreateStringSet(value)
  373. conditions := make(map[string]map[string]set.StringSet)
  374. conditions[key1] = innerMap
  375. return conditions
  376. }
  378. // generate ambigious conditions.
  379. generateAmbigiousConditions := func() map[string]map[string]set.StringSet {
  380. innerMap := make(map[string]set.StringSet)
  381. innerMap["s3:prefix"] = set.CreateStringSet("Asia/")
  382. conditions := make(map[string]map[string]set.StringSet)
  383. conditions["StringEquals"] = innerMap
  384. conditions["StringNotEquals"] = innerMap
  385. return conditions
  386. }
  388. // generate valid and non valid type in the condition map.
  389. generateValidInvalidConditions := func() map[string]map[string]set.StringSet {
  390. innerMap := make(map[string]set.StringSet)
  391. innerMap["s3:prefix"] = set.CreateStringSet("Asia/")
  392. conditions := make(map[string]map[string]set.StringSet)
  393. conditions["StringEquals"] = innerMap
  394. conditions["InvalidType"] = innerMap
  395. return conditions
  396. }
  398. // generate valid and invalid keys for valid types in the same condition map.
  399. generateValidInvalidConditionKeys := func() map[string]map[string]set.StringSet {
  400. innerMapValid := make(map[string]set.StringSet)
  401. innerMapValid["s3:prefix"] = set.CreateStringSet("Asia/")
  402. innerMapInValid := make(map[string]set.StringSet)
  403. innerMapInValid["s3:invalid"] = set.CreateStringSet("Asia/")
  404. conditions := make(map[string]map[string]set.StringSet)
  405. conditions["StringEquals"] = innerMapValid
  406. conditions["StringEquals"] = innerMapInValid
  407. return conditions
  408. }
  410. // List of Conditions used for test cases.
  411. testConditions := []map[string]map[string]set.StringSet{
  412. generateConditions("StringValues", "s3:max-keys", "100"),
  413. generateConditions("StringEquals", "s3:Object", "100"),
  414. generateAmbigiousConditions(),
  415. generateValidInvalidConditions(),
  416. generateValidInvalidConditionKeys(),
  417. setEmptyConditions(),
  418. setEmptyStringEquals(),
  419. setEmptyStringNotEquals(),
  420. generateConditions("StringEquals", "s3:prefix", "Asia/"),
  421. generateConditions("StringEquals", "s3:max-keys", "100"),
  422. generateConditions("StringNotEquals", "s3:prefix", "Asia/"),
  423. generateConditions("StringNotEquals", "s3:max-keys", "100"),
  424. }
  426. testCases := []struct {
  427. inputCondition map[string]map[string]set.StringSet
  428. // expected result.
  429. expectedErr error
  430. // flag indicating whether test should pass.
  431. shouldPass bool
  432. }{
  433. // Malformed conditions.
  434. // Test case - 1.
  435. // "StringValues" is an invalid type.
  436. {testConditions[0], fmt.Errorf("Unsupported condition type 'StringValues', " +
  437. "please validate your policy document."), false},
  438. // Test case - 2.
  439. // "s3:Object" is an invalid key.
  440. {testConditions[1], fmt.Errorf("Unsupported condition key " +
  441. "'StringEquals', please validate your policy document."), false},
  442. // Test case - 3.
  443. // Test case with Ambigious conditions set.
  444. {testConditions[2], fmt.Errorf("Ambigious condition values for key 's3:prefix', " +
  445. "please validate your policy document."), false},
  446. // Test case - 4.
  447. // Test case with valid and invalid condition types.
  448. {testConditions[3], fmt.Errorf("Unsupported condition type 'InvalidType', " +
  449. "please validate your policy document."), false},
  450. // Test case - 5.
  451. // Test case with valid and invalid condition keys.
  452. {testConditions[4], fmt.Errorf("Unsupported condition key 'StringEquals', " +
  453. "please validate your policy document."), false},
  454. // Test cases with valid conditions.
  455. // Test case - 6.
  456. {testConditions[5], nil, true},
  457. // Test case - 7.
  458. {testConditions[6], nil, true},
  459. // Test case - 8.
  460. {testConditions[7], nil, true},
  461. // Test case - 9.
  462. {testConditions[8], nil, true},
  463. // Test case - 10.
  464. {testConditions[9], nil, true},
  465. // Test case - 11.
  466. {testConditions[10], nil, true},
  467. // Test case 10.
  468. {testConditions[11], nil, true},
  469. }
  470. for i, testCase := range testCases {
  471. actualErr := isValidConditions(testCase.inputCondition)
  472. if actualErr != nil && testCase.shouldPass {
  473. t.Errorf("Test %d: Expected to pass, but failed with: <ERROR> %s", i+1, actualErr.Error())
  474. }
  475. if actualErr == nil && !testCase.shouldPass {
  476. t.Errorf("Test %d: Expected to fail with <ERROR> \"%s\", but passed instead", i+1, testCase.expectedErr.Error())
  477. }
  478. // Failed as expected, but does it fail for the expected reason.
  479. if actualErr != nil && !testCase.shouldPass {
  480. if actualErr.Error() != testCase.expectedErr.Error() {
  481. t.Errorf("Test %d: Expected to fail with error \"%s\", but instead failed with error \"%s\"", i+1, testCase.expectedErr.Error(), actualErr.Error())
  482. }
  483. }
  484. }
  485. }
  487. // Tests validate Policy Action and Resource fields.
  488. func TestCheckbucketPolicyResources(t *testing.T) {
  489. // constructing policy statement without invalidPrefixActions (check bucket-policy-parser.go).
  490. setValidPrefixActions := func(statements []policyStatement) []policyStatement {
  491. statements[0].Actions = set.CreateStringSet([]string{"s3:DeleteObject", "s3:PutObject"}...)
  492. return statements
  493. }
  494. // contracting policy statement with recursive resources.
  495. // should result in ErrMalformedPolicy
  496. setRecurseResource := func(statements []policyStatement) []policyStatement {
  497. statements[0].Resources = set.CreateStringSet([]string{"arn:aws:s3:::minio-bucket/Asia/*", "arn:aws:s3:::minio-bucket/Asia/India/*"}...)
  498. return statements
  499. }
  501. // constructing policy statement with lexically close characters.
  502. // should not result in ErrMalformedPolicy
  503. setResourceLexical := func(statements []policyStatement) []policyStatement {
  504. statements[0].Resources = set.CreateStringSet([]string{"arn:aws:s3:::minio-bucket/op*", "arn:aws:s3:::minio-bucket/oo*"}...)
  505. return statements
  506. }
  508. // List of bucketPolicy used for tests.
  509. bucketAccessPolicies := []bucketPolicy{
  510. // bucketPolicy - 1.
  511. // Contains valid read only policy statement.
  512. {Version: "1.0", Statements: getReadOnlyStatement("minio-bucket", "")},
  513. // bucketPolicy - 2.
  514. // Contains valid read-write only policy statement.
  515. {Version: "1.0", Statements: getReadWriteStatement("minio-bucket", "Asia/")},
  516. // bucketPolicy - 3.
  517. // Contains valid write only policy statement.
  518. {Version: "1.0", Statements: getWriteOnlyStatement("minio-bucket", "Asia/India/")},
  519. // bucketPolicy - 4.
  520. // Contains invalidPrefixActions.
  521. // Since resourcePrefix is not to the bucket-name, it return ErrMalformedPolicy.
  522. {Version: "1.0", Statements: getReadOnlyStatement("minio-bucket-fail", "Asia/India/")},
  523. // bucketPolicy - 5.
  524. // constructing policy statement without invalidPrefixActions (check bucket-policy-parser.go).
  525. // but bucket part of the resource is not equal to the bucket name.
  526. // this results in return of ErrMalformedPolicy.
  527. {Version: "1.0", Statements: setValidPrefixActions(getWriteOnlyStatement("minio-bucket-fail", "Asia/India/"))},
  528. // bucketPolicy - 6.
  529. // contracting policy statement with recursive resources.
  530. // should result in ErrMalformedPolicy
  531. {Version: "1.0", Statements: setRecurseResource(setValidPrefixActions(getWriteOnlyStatement("minio-bucket", "")))},
  532. // BucketPolciy - 7.
  533. // constructing policy statement with non recursive but
  534. // lexically close resources.
  535. // should result in ErrNone.
  536. {Version: "1.0", Statements: setResourceLexical(setValidPrefixActions(getWriteOnlyStatement("minio-bucket", "oo")))},
  537. }
  539. testCases := []struct {
  540. inputPolicy bucketPolicy
  541. // expected results.
  542. apiErrCode APIErrorCode
  543. // Flag indicating whether the test should pass.
  544. shouldPass bool
  545. }{
  546. // Test case - 1.
  547. {bucketAccessPolicies[0], ErrNone, true},
  548. // Test case - 2.
  549. {bucketAccessPolicies[1], ErrNone, true},
  550. // Test case - 3.
  551. {bucketAccessPolicies[2], ErrNone, true},
  552. // Test case - 4.
  553. // contains invalidPrefixActions (check bucket-policy-parser.go).
  554. // Resource prefix will not be equal to the bucket name in this case.
  555. {bucketAccessPolicies[3], ErrMalformedPolicy, false},
  556. // Test case - 5.
  557. // actions contain invalidPrefixActions (check bucket-policy-parser.go).
  558. // Resource prefix bucket part is not equal to the bucket name in this case.
  559. {bucketAccessPolicies[4], ErrMalformedPolicy, false},
  560. // Test case - 6.
  561. // contracting policy statement with recursive resources.
  562. // should result in ErrPolicyNesting.
  563. {bucketAccessPolicies[5], ErrPolicyNesting, false},
  564. // Test case - 7.
  565. // constructing policy statement with lexically close
  566. // characters.
  567. // should result in ErrNone.
  568. {bucketAccessPolicies[6], ErrNone, true},
  569. }
  570. for i, testCase := range testCases {
  571. apiErrCode := checkBucketPolicyResources("minio-bucket", &testCase.inputPolicy)
  572. if apiErrCode != ErrNone && testCase.shouldPass {
  573. t.Errorf("Test %d: Expected to pass, but failed with Errocode %v", i+1, apiErrCode)
  574. }
  575. if apiErrCode == ErrNone && !testCase.shouldPass {
  576. t.Errorf("Test %d: Expected to fail with ErrCode %v, but passed instead", i+1, testCase.apiErrCode)
  577. }
  578. // Failed as expected, but does it fail for the expected reason.
  579. if apiErrCode != ErrNone && !testCase.shouldPass {
  580. if testCase.apiErrCode != apiErrCode {
  581. t.Errorf("Test %d: Expected to fail with error code %v, but instead failed with error code %v", i+1, testCase.apiErrCode, apiErrCode)
  582. }
  583. }
  584. }
  585. }
  587. // Tests validate parsing of BucketAccessPolicy.
  588. func TestParseBucketPolicy(t *testing.T) {
  589. // set Unsupported Actions.
  590. setUnsupportedActions := func(statements []policyStatement) []policyStatement {
  591. // "s3:DeleteEverything"" is an Unsupported Action.
  592. statements[0].Actions = set.CreateStringSet([]string{"s3:GetObject", "s3:ListBucket", "s3:PutObject", "s3:DeleteEverything"}...)
  593. return statements
  594. }
  595. // set unsupported Effect.
  596. setUnsupportedEffect := func(statements []policyStatement) []policyStatement {
  597. // Effect "Don't allow" is Unsupported.
  598. statements[0].Effect = "DontAllow"
  599. return statements
  600. }
  601. // set unsupported principals.
  602. setUnsupportedPrincipals := func(statements []policyStatement) []policyStatement {
  603. // "User1111"" is an Unsupported Principal.
  604. statements[0].Principal = map[string]interface{}{
  605. "AWS": []string{"*", "User1111"},
  606. }
  607. return statements
  608. }
  609. // set unsupported Resources.
  610. setUnsupportedResources := func(statements []policyStatement) []policyStatement {
  611. // "s3:DeleteEverything"" is an Unsupported Action.
  612. statements[0].Resources = set.CreateStringSet([]string{"my-resource"}...)
  613. return statements
  614. }
  615. // List of bucketPolicy used for test cases.
  616. bucketAccesPolicies := []bucketPolicy{
  617. // bucketPolicy - 0.
  618. // bucketPolicy statement empty.
  619. {Version: "1.0"},
  620. // bucketPolicy - 1.
  621. // bucketPolicy version empty.
  622. {Version: "", Statements: []policyStatement{}},
  623. // bucketPolicy - 2.
  624. // Readonly bucketPolicy.
  625. {Version: "1.0", Statements: getReadOnlyStatement("minio-bucket", "")},
  626. // bucketPolicy - 3.
  627. // Read-Write bucket policy.
  628. {Version: "1.0", Statements: getReadWriteStatement("minio-bucket", "Asia/")},
  629. // bucketPolicy - 4.
  630. // Write only bucket policy.
  631. {Version: "1.0", Statements: getWriteOnlyStatement("minio-bucket", "Asia/India/")},
  632. // bucketPolicy - 5.
  633. // bucketPolicy statement contains unsupported action.
  634. {Version: "1.0", Statements: setUnsupportedActions(getReadOnlyStatement("minio-bucket", ""))},
  635. // bucketPolicy - 6.
  636. // bucketPolicy statement contains unsupported Effect.
  637. {Version: "1.0", Statements: setUnsupportedEffect(getReadWriteStatement("minio-bucket", "Asia/"))},
  638. // bucketPolicy - 7.
  639. // bucketPolicy statement contains unsupported Principal.
  640. {Version: "1.0", Statements: setUnsupportedPrincipals(getWriteOnlyStatement("minio-bucket", "Asia/India/"))},
  641. // bucketPolicy - 8.
  642. // bucketPolicy statement contains unsupported Resource.
  643. {Version: "1.0", Statements: setUnsupportedResources(getWriteOnlyStatement("minio-bucket", "Asia/India/"))},
  644. }
  646. testCases := []struct {
  647. inputPolicy bucketPolicy
  648. // expected results.
  649. expectedPolicy bucketPolicy
  650. err error
  651. // Flag indicating whether the test should pass.
  652. shouldPass bool
  653. }{
  654. // Test case - 1.
  655. // bucketPolicy statement empty.
  656. {bucketAccesPolicies[0], bucketPolicy{}, errors.New("Policy statement cannot be empty."), false},
  657. // Test case - 2.
  658. // bucketPolicy version empty.
  659. {bucketAccesPolicies[1], bucketPolicy{}, errors.New("Policy version cannot be empty."), false},
  660. // Test case - 3.
  661. // Readonly bucketPolicy.
  662. {bucketAccesPolicies[2], bucketAccesPolicies[2], nil, true},
  663. // Test case - 4.
  664. // Read-Write bucket policy.
  665. {bucketAccesPolicies[3], bucketAccesPolicies[3], nil, true},
  666. // Test case - 5.
  667. // Write only bucket policy.
  668. {bucketAccesPolicies[4], bucketAccesPolicies[4], nil, true},
  669. // Test case - 6.
  670. // bucketPolicy statement contains unsupported action.
  671. {bucketAccesPolicies[5], bucketAccesPolicies[5], fmt.Errorf("Unsupported actions found: ‘set.StringSet{\"s3:DeleteEverything\":struct {}{}}’, please validate your policy document."), false},
  672. // Test case - 7.
  673. // bucketPolicy statement contains unsupported Effect.
  674. {bucketAccesPolicies[6], bucketAccesPolicies[6], fmt.Errorf("Unsupported Effect found: ‘DontAllow’, please validate your policy document."), false},
  675. // Test case - 8.
  676. // bucketPolicy statement contains unsupported Principal.
  677. {bucketAccesPolicies[7], bucketAccesPolicies[7], fmt.Errorf("Unsupported principals found: ‘set.StringSet{\"User1111\":struct {}{}}’, please validate your policy document."), false},
  678. // Test case - 9.
  679. // bucketPolicy statement contains unsupported Resource.
  680. {bucketAccesPolicies[8], bucketAccesPolicies[8], fmt.Errorf("Unsupported resource style found: ‘my-resource’, please validate your policy document."), false},
  681. }
  682. for i, testCase := range testCases {
  683. var buffer bytes.Buffer
  684. encoder := json.NewEncoder(&buffer)
  685. err := encoder.Encode(testCase.inputPolicy)
  686. if err != nil {
  687. t.Fatalf("Test %d: Couldn't Marshal bucket policy %s", i+1, err)
  688. }
  690. var actualAccessPolicy = &bucketPolicy{}
  691. err = parseBucketPolicy(&buffer, actualAccessPolicy)
  692. if err != nil && testCase.shouldPass {
  693. t.Errorf("Test %d: Expected to pass, but failed with: <ERROR> %s", i+1, err.Error())
  694. }
  695. if err == nil && !testCase.shouldPass {
  696. t.Errorf("Test %d: Expected to fail with <ERROR> \"%s\", but passed instead", i+1, testCase.err.Error())
  697. }
  698. // Failed as expected, but does it fail for the expected reason.
  699. if err != nil && !testCase.shouldPass {
  700. if err.Error() != testCase.err.Error() {
  701. t.Errorf("Test %d: Expected to fail with error \"%s\", but instead failed with error \"%s\"", i+1, testCase.err.Error(), err.Error())
  702. }
  703. }
  704. // Test passes as expected, but the output values are verified for correctness here.
  705. if err == nil && testCase.shouldPass {
  706. if testCase.expectedPolicy.String() != actualAccessPolicy.String() {
  707. t.Errorf("Test %d: The expected statements from resource statement generator doesn't match the actual statements", i+1)
  708. }
  709. }
  710. }
  711. }