api: Add new bucket policy nesting error (#1883)

* Added ErrPolicyNesting which is returned when nesting of policies has occured * Replaces ErrMalformedPolicy in the case of nesting * Changed test case in bucket-policy-parser_test.go (ErrMalformedPolicy -> ErrPolicyNesting)
8 years ago · 6f3bd76754
parent f2765d98a8
commit 6f3bd76754
3 changed files with 9 additions and 3 deletions
--- a/api-errors.go
+++ b/api-errors.go
@ -109,6 +109,7 @@ const (
 	ErrWriteQuorum
 	ErrStorageFull
 	ErrObjectExistsAsDirectory
+	ErrPolicyNesting
 )

 // error code to APIError structure, these fields carry respective
@ -415,6 +416,11 @@ var errorCodeResponse = map[APIErrorCode]APIError{
 		Description:    "Multiple disks failures, unable to write data.",
 		HTTPStatusCode: http.StatusServiceUnavailable,
 	},
+	ErrPolicyNesting: {
+		Code:           "XMinioPolicyNesting",
+		Description:    "Policy nesting conflict has occurred.",
+		HTTPStatusCode: http.StatusConflict,
+	},
 	// Add your error structure here.
 }

--- a/bucket-policy-parser.go
+++ b/bucket-policy-parser.go
@ -255,7 +255,7 @@ func checkBucketPolicyResources(bucket string, bucketPolicy BucketPolicy) APIErr
 		for _, otherResource := range resources {
 			// Common prefix reject such rules.
 			if strings.HasPrefix(otherResource, resource) {
-				return ErrMalformedPolicy
+				return ErrPolicyNesting
 			}
 		}
 	}
--- a/bucket-policy-parser_test.go
+++ b/bucket-policy-parser_test.go
@ -514,8 +514,8 @@ func TestCheckBucketPolicyResources(t *testing.T) {
 		{bucketAccessPolicies[4], ErrMalformedPolicy, false},
 		// Test case - 6.
 		// contructing policy statement with recursive resources.
-		// should result in ErrMalformedPolicy.
-		{bucketAccessPolicies[5], ErrMalformedPolicy, false},
+		// should result in ErrPolicyNesting.
+		{bucketAccessPolicies[5], ErrPolicyNesting, false},
 		// Test case - 7.
 		// constructing policy statement with lexically close
 		// characters.