oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

web: add method to get all policies for given bucket name. (#2756)

Browse Source 
Refer #1858
master
Bala FA 8 years ago committed by Harshavardhana
parent e375d822da
commit aa579bbc20
4 changed files with 131 additions and 3 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 34
      cmd/web-handlers.go
  2. 67
      cmd/web-handlers_test.go
  3. 27
      vendor/github.com/minio/minio-go/pkg/policy/bucket-policy.go
  4. 6
      vendor/vendor.json

34
cmd/web-handlers.go
Unescape View File

@ -582,6 +582,40 @@ func (web *webAPIHandlers) GetBucketPolicy(r *http.Request, args *GetBucketPolic
return nil return nil
} }
// GetAllBucketPolicyArgs - get all bucket policy args.
type GetAllBucketPolicyArgs struct {
BucketName string `json:"bucketName"`
}
// GetAllBucketPolicyRep - get all bucket policy reply.
type GetAllBucketPolicyRep struct {
UIVersion string `json:"uiVersion"`
Policies map[string]policy.BucketPolicy `json:"policies"`
}
// GetAllBucketPolicy - get all bucket policy.
func (web *webAPIHandlers) GetAllBucketPolicy(r *http.Request, args *GetAllBucketPolicyArgs, reply *GetAllBucketPolicyRep) error {
if !isJWTReqAuthenticated(r) {
return &json2.Error{Message: "Unauthorized request"}
}
objectAPI := web.ObjectAPI()
if objectAPI == nil {
return &json2.Error{Message: "Server not initialized"}
}
policyInfo, err := readBucketAccessPolicy(objectAPI, args.BucketName)
if err != nil {
return &json2.Error{Message: err.Error()}
}
policies := policy.GetPolicies(policyInfo.Statements, args.BucketName)
reply.UIVersion = miniobrowser.UIVersion
reply.Policies = policies
return nil
}
// SetBucketPolicyArgs - set bucket policy args. // SetBucketPolicyArgs - set bucket policy args.
type SetBucketPolicyArgs struct { type SetBucketPolicyArgs struct {
BucketName string `json:"bucketName"` BucketName string `json:"bucketName"`

67
cmd/web-handlers_test.go
Unescape View File

@ -22,6 +22,7 @@ import (
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"reflect"
"strconv" "strconv"
"strings" "strings"
"testing" "testing"
@ -781,6 +782,72 @@ func testWebGetBucketPolicyHandler(obj ObjectLayer, instanceType string, t TestE
} }
} }
// Wrapper for calling GetAllBucketPolicy Handler
func TestWebHandlerGetAllBucketPolicyHandler(t *testing.T) {
ExecObjectLayerTest(t, testWebGetAllBucketPolicyHandler)
}
// testWebGetAllBucketPolicyHandler - Test GetAllBucketPolicy web handler
func testWebGetAllBucketPolicyHandler(obj ObjectLayer, instanceType string, t TestErrHandler) {
// Register the API end points with XL/FS object layer.
apiRouter := initTestWebRPCEndPoint(obj)
// initialize the server and obtain the credentials and root.
// credentials are necessary to sign the HTTP request.
rootPath, err := newTestConfig("us-east-1")
if err != nil {
t.Fatalf("Init Test config failed")
}
// remove the root folder after the test ends.
defer removeAll(rootPath)
credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
if err != nil {
t.Fatal("Cannot authenticate")
}
rec := httptest.NewRecorder()
bucketName := getRandomBucketName()
if err := obj.MakeBucket(bucketName); err != nil {
t.Fatal("Unexpected error: ", err)
}
policyDoc := `{"Version":"2012-10-17","Statement":[{"Action":["s3:GetBucketLocation"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::` + bucketName + `"],"Sid":""},{"Action":["s3:ListBucket"],"Condition":{"StringEquals":{"s3:prefix":["hello"]}},"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::` + bucketName + `"],"Sid":""},{"Action":["s3:ListBucketMultipartUploads"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::` + bucketName + `"],"Sid":""},{"Action":["s3:AbortMultipartUpload","s3:DeleteObject","s3:GetObject","s3:ListMultipartUploadParts","s3:PutObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::` + bucketName + `/hello*"],"Sid":""}]}`
if err := writeBucketPolicy(bucketName, obj, bytes.NewReader([]byte(policyDoc)), int64(len(policyDoc))); err != nil {
t.Fatal("Unexpected error: ", err)
}
testCaseResult1 := make(map[string]policy.BucketPolicy)
testCaseResult1[bucketName+"/hello*"] = policy.BucketPolicyReadWrite
testCases := []struct {
bucketName string
expectedResult map[string]policy.BucketPolicy
}{
{bucketName, testCaseResult1},
}
for i, testCase := range testCases {
args := &GetAllBucketPolicyArgs{BucketName: testCase.bucketName}
reply := &GetAllBucketPolicyRep{}
req, err := newTestWebRPCRequest("Web.GetAllBucketPolicy", authorization, args)
if err != nil {
t.Fatalf("Test %d: Failed to create HTTP request: <ERROR> %v", i+1, err)
}
apiRouter.ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Fatalf("Test %d: Expected the response status to be 200, but instead found `%d`", i+1, rec.Code)
}
if err = getTestWebRPCResponse(rec, &reply); err != nil {
t.Fatalf("Test %d: Should succeed but it didn't, %v", i+1, err)
}
if !reflect.DeepEqual(testCase.expectedResult, reply.Policies) {
t.Fatalf("Test %d: expected: %v, got: %v", i+1, testCase.expectedResult, reply.Policies)
}
}
}
// Wrapper for calling SetBucketPolicy Handler // Wrapper for calling SetBucketPolicy Handler
func TestWebHandlerSetBucketPolicyHandler(t *testing.T) { func TestWebHandlerSetBucketPolicyHandler(t *testing.T) {
ExecObjectLayerTest(t, testWebSetBucketPolicyHandler) ExecObjectLayerTest(t, testWebSetBucketPolicyHandler)

27
vendor/github.com/minio/minio-go/pkg/policy/bucket-policy.go generated vendored
Unescape View File

@ -563,6 +563,33 @@ func GetPolicy(statements []Statement, bucketName string, prefix string) BucketP
return policy return policy
} }
// GetPolicies returns a map of policies rules of given bucket name, prefix in given statements.
func GetPolicies(statements []Statement, bucketName string) map[string]BucketPolicy {
policyRules := map[string]BucketPolicy{}
objResources := set.NewStringSet()
// Search all resources related to objects policy
for _, s := range statements {
for r := range s.Resources {
if strings.HasPrefix(r, awsResourcePrefix+bucketName+"/") {
objResources.Add(r)
}
}
}
// Pretend that policy resource as an actual object and fetch its policy
for r := range objResources {
// Put trailing * if exists in asterisk
asterisk := ""
if strings.HasSuffix(r, "*") {
r = r[:len(r)-1]
asterisk = "*"
}
objectPath := r[len(awsResourcePrefix+bucketName)+1 : len(r)]
p := GetPolicy(statements, bucketName, objectPath)
policyRules[bucketName+"/"+objectPath+asterisk] = p
}
return policyRules
}
// Returns new statements containing policy of given bucket name and // Returns new statements containing policy of given bucket name and
// prefix are appended. // prefix are appended.
func SetPolicy(statements []Statement, policy BucketPolicy, bucketName string, prefix string) []Statement { func SetPolicy(statements []Statement, policy BucketPolicy, bucketName string, prefix string) []Statement {

6
vendor/vendor.json vendored
Unescape View File

@ -114,10 +114,10 @@
"revisionTime": "2016-02-29T08:42:30-08:00" "revisionTime": "2016-02-29T08:42:30-08:00"
}, },
{ {
"checksumSHA1": "0OZaeJPgMlA2Txn+1yeAIwEpJvM=", "checksumSHA1": "qTxOBp3GVxCC70ykb7Hxg6UgWwA=",
"path": "github.com/minio/minio-go/pkg/policy", "path": "github.com/minio/minio-go/pkg/policy",
"revision": "a2e27c84cd20b86cd781b76639781d6366235d0c", "revision": "40505f5d08c721dfe5a6450fbdef3bcd6567aa97",
"revisionTime": "2016-08-23T00:31:21Z" "revisionTime": "2016-09-04T08:12:15Z"
}, },
{ {
"checksumSHA1": "A8QOw1aWwc+RtjGozY0XeS5varo=", "checksumSHA1": "A8QOw1aWwc+RtjGozY0XeS5varo=",

Write Preview
Loading…
Cancel
Save