web: add method to get all policies for given bucket name. (#2756)

Refer #1858
master
Bala FA 8 years ago committed by Harshavardhana
parent e375d822da
commit aa579bbc20
  1. 34
      cmd/web-handlers.go
  2. 67
      cmd/web-handlers_test.go
  3. 27
      vendor/github.com/minio/minio-go/pkg/policy/bucket-policy.go
  4. 6
      vendor/vendor.json

@ -582,6 +582,40 @@ func (web *webAPIHandlers) GetBucketPolicy(r *http.Request, args *GetBucketPolic
return nil return nil
} }
// GetAllBucketPolicyArgs - get all bucket policy args.
type GetAllBucketPolicyArgs struct {
BucketName string `json:"bucketName"`
}
// GetAllBucketPolicyRep - get all bucket policy reply.
type GetAllBucketPolicyRep struct {
UIVersion string `json:"uiVersion"`
Policies map[string]policy.BucketPolicy `json:"policies"`
}
// GetAllBucketPolicy - get all bucket policy.
func (web *webAPIHandlers) GetAllBucketPolicy(r *http.Request, args *GetAllBucketPolicyArgs, reply *GetAllBucketPolicyRep) error {
if !isJWTReqAuthenticated(r) {
return &json2.Error{Message: "Unauthorized request"}
}
objectAPI := web.ObjectAPI()
if objectAPI == nil {
return &json2.Error{Message: "Server not initialized"}
}
policyInfo, err := readBucketAccessPolicy(objectAPI, args.BucketName)
if err != nil {
return &json2.Error{Message: err.Error()}
}
policies := policy.GetPolicies(policyInfo.Statements, args.BucketName)
reply.UIVersion = miniobrowser.UIVersion
reply.Policies = policies
return nil
}
// SetBucketPolicyArgs - set bucket policy args. // SetBucketPolicyArgs - set bucket policy args.
type SetBucketPolicyArgs struct { type SetBucketPolicyArgs struct {
BucketName string `json:"bucketName"` BucketName string `json:"bucketName"`

@ -22,6 +22,7 @@ import (
"io/ioutil" "io/ioutil"
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"reflect"
"strconv" "strconv"
"strings" "strings"
"testing" "testing"
@ -781,6 +782,72 @@ func testWebGetBucketPolicyHandler(obj ObjectLayer, instanceType string, t TestE
} }
} }
// Wrapper for calling GetAllBucketPolicy Handler
func TestWebHandlerGetAllBucketPolicyHandler(t *testing.T) {
ExecObjectLayerTest(t, testWebGetAllBucketPolicyHandler)
}
// testWebGetAllBucketPolicyHandler - Test GetAllBucketPolicy web handler
func testWebGetAllBucketPolicyHandler(obj ObjectLayer, instanceType string, t TestErrHandler) {
// Register the API end points with XL/FS object layer.
apiRouter := initTestWebRPCEndPoint(obj)
// initialize the server and obtain the credentials and root.
// credentials are necessary to sign the HTTP request.
rootPath, err := newTestConfig("us-east-1")
if err != nil {
t.Fatalf("Init Test config failed")
}
// remove the root folder after the test ends.
defer removeAll(rootPath)
credentials := serverConfig.GetCredential()
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
if err != nil {
t.Fatal("Cannot authenticate")
}
rec := httptest.NewRecorder()
bucketName := getRandomBucketName()
if err := obj.MakeBucket(bucketName); err != nil {
t.Fatal("Unexpected error: ", err)
}
policyDoc := `{"Version":"2012-10-17","Statement":[{"Action":["s3:GetBucketLocation"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::` + bucketName + `"],"Sid":""},{"Action":["s3:ListBucket"],"Condition":{"StringEquals":{"s3:prefix":["hello"]}},"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::` + bucketName + `"],"Sid":""},{"Action":["s3:ListBucketMultipartUploads"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::` + bucketName + `"],"Sid":""},{"Action":["s3:AbortMultipartUpload","s3:DeleteObject","s3:GetObject","s3:ListMultipartUploadParts","s3:PutObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::` + bucketName + `/hello*"],"Sid":""}]}`
if err := writeBucketPolicy(bucketName, obj, bytes.NewReader([]byte(policyDoc)), int64(len(policyDoc))); err != nil {
t.Fatal("Unexpected error: ", err)
}
testCaseResult1 := make(map[string]policy.BucketPolicy)
testCaseResult1[bucketName+"/hello*"] = policy.BucketPolicyReadWrite
testCases := []struct {
bucketName string
expectedResult map[string]policy.BucketPolicy
}{
{bucketName, testCaseResult1},
}
for i, testCase := range testCases {
args := &GetAllBucketPolicyArgs{BucketName: testCase.bucketName}
reply := &GetAllBucketPolicyRep{}
req, err := newTestWebRPCRequest("Web.GetAllBucketPolicy", authorization, args)
if err != nil {
t.Fatalf("Test %d: Failed to create HTTP request: <ERROR> %v", i+1, err)
}
apiRouter.ServeHTTP(rec, req)
if rec.Code != http.StatusOK {
t.Fatalf("Test %d: Expected the response status to be 200, but instead found `%d`", i+1, rec.Code)
}
if err = getTestWebRPCResponse(rec, &reply); err != nil {
t.Fatalf("Test %d: Should succeed but it didn't, %v", i+1, err)
}
if !reflect.DeepEqual(testCase.expectedResult, reply.Policies) {
t.Fatalf("Test %d: expected: %v, got: %v", i+1, testCase.expectedResult, reply.Policies)
}
}
}
// Wrapper for calling SetBucketPolicy Handler // Wrapper for calling SetBucketPolicy Handler
func TestWebHandlerSetBucketPolicyHandler(t *testing.T) { func TestWebHandlerSetBucketPolicyHandler(t *testing.T) {
ExecObjectLayerTest(t, testWebSetBucketPolicyHandler) ExecObjectLayerTest(t, testWebSetBucketPolicyHandler)

@ -563,6 +563,33 @@ func GetPolicy(statements []Statement, bucketName string, prefix string) BucketP
return policy return policy
} }
// GetPolicies returns a map of policies rules of given bucket name, prefix in given statements.
func GetPolicies(statements []Statement, bucketName string) map[string]BucketPolicy {
policyRules := map[string]BucketPolicy{}
objResources := set.NewStringSet()
// Search all resources related to objects policy
for _, s := range statements {
for r := range s.Resources {
if strings.HasPrefix(r, awsResourcePrefix+bucketName+"/") {
objResources.Add(r)
}
}
}
// Pretend that policy resource as an actual object and fetch its policy
for r := range objResources {
// Put trailing * if exists in asterisk
asterisk := ""
if strings.HasSuffix(r, "*") {
r = r[:len(r)-1]
asterisk = "*"
}
objectPath := r[len(awsResourcePrefix+bucketName)+1 : len(r)]
p := GetPolicy(statements, bucketName, objectPath)
policyRules[bucketName+"/"+objectPath+asterisk] = p
}
return policyRules
}
// Returns new statements containing policy of given bucket name and // Returns new statements containing policy of given bucket name and
// prefix are appended. // prefix are appended.
func SetPolicy(statements []Statement, policy BucketPolicy, bucketName string, prefix string) []Statement { func SetPolicy(statements []Statement, policy BucketPolicy, bucketName string, prefix string) []Statement {

@ -114,10 +114,10 @@
"revisionTime": "2016-02-29T08:42:30-08:00" "revisionTime": "2016-02-29T08:42:30-08:00"
}, },
{ {
"checksumSHA1": "0OZaeJPgMlA2Txn+1yeAIwEpJvM=", "checksumSHA1": "qTxOBp3GVxCC70ykb7Hxg6UgWwA=",
"path": "github.com/minio/minio-go/pkg/policy", "path": "github.com/minio/minio-go/pkg/policy",
"revision": "a2e27c84cd20b86cd781b76639781d6366235d0c", "revision": "40505f5d08c721dfe5a6450fbdef3bcd6567aa97",
"revisionTime": "2016-08-23T00:31:21Z" "revisionTime": "2016-09-04T08:12:15Z"
}, },
{ {
"checksumSHA1": "A8QOw1aWwc+RtjGozY0XeS5varo=", "checksumSHA1": "A8QOw1aWwc+RtjGozY0XeS5varo=",

Loading…
Cancel
Save