@ -16,10 +16,10 @@
package main
import (
"bytes"
"encoding/json"
"errors"
"fmt"
"reflect"
"testing"
)
@ -69,7 +69,7 @@ var (
}
)
// Obtain bucket statement for read-write B ucketPolicy.
// Obtain bucket statement for read-write b ucketPolicy.
func getReadWriteObjectStatement ( bucketName , objectPrefix string ) policyStatement {
objectResourceStatement := policyStatement { }
objectResourceStatement . Effect = "Allow"
@ -79,7 +79,7 @@ func getReadWriteObjectStatement(bucketName, objectPrefix string) policyStatemen
return objectResourceStatement
}
// Obtain object statement for read-write B ucketPolicy.
// Obtain object statement for read-write b ucketPolicy.
func getReadWriteBucketStatement ( bucketName , objectPrefix string ) policyStatement {
bucketResourceStatement := policyStatement { }
bucketResourceStatement . Effect = "Allow"
@ -89,7 +89,7 @@ func getReadWriteBucketStatement(bucketName, objectPrefix string) policyStatemen
return bucketResourceStatement
}
// Obtain statements for read-write B ucketPolicy.
// Obtain statements for read-write b ucketPolicy.
func getReadWriteStatement ( bucketName , objectPrefix string ) [ ] policyStatement {
statements := [ ] policyStatement { }
// Save the read write policy.
@ -97,7 +97,7 @@ func getReadWriteStatement(bucketName, objectPrefix string) []policyStatement {
return statements
}
// Obtain bucket statement for read only B ucketPolicy.
// Obtain bucket statement for read only b ucketPolicy.
func getReadOnlyBucketStatement ( bucketName , objectPrefix string ) policyStatement {
bucketResourceStatement := policyStatement { }
bucketResourceStatement . Effect = "Allow"
@ -107,7 +107,7 @@ func getReadOnlyBucketStatement(bucketName, objectPrefix string) policyStatement
return bucketResourceStatement
}
// Obtain object statement for read only B ucketPolicy.
// Obtain object statement for read only b ucketPolicy.
func getReadOnlyObjectStatement ( bucketName , objectPrefix string ) policyStatement {
objectResourceStatement := policyStatement { }
objectResourceStatement . Effect = "Allow"
@ -117,7 +117,7 @@ func getReadOnlyObjectStatement(bucketName, objectPrefix string) policyStatement
return objectResourceStatement
}
// Obtain statements for read only B ucketPolicy.
// Obtain statements for read only b ucketPolicy.
func getReadOnlyStatement ( bucketName , objectPrefix string ) [ ] policyStatement {
statements := [ ] policyStatement { }
// Save the read only policy.
@ -125,7 +125,7 @@ func getReadOnlyStatement(bucketName, objectPrefix string) []policyStatement {
return statements
}
// Obtain bucket statements for write only B ucketPolicy.
// Obtain bucket statements for write only b ucketPolicy.
func getWriteOnlyBucketStatement ( bucketName , objectPrefix string ) policyStatement {
bucketResourceStatement := policyStatement { }
@ -136,7 +136,7 @@ func getWriteOnlyBucketStatement(bucketName, objectPrefix string) policyStatemen
return bucketResourceStatement
}
// Obtain object statements for write only B ucketPolicy.
// Obtain object statements for write only b ucketPolicy.
func getWriteOnlyObjectStatement ( bucketName , objectPrefix string ) policyStatement {
objectResourceStatement := policyStatement { }
objectResourceStatement . Effect = "Allow"
@ -146,7 +146,7 @@ func getWriteOnlyObjectStatement(bucketName, objectPrefix string) policyStatemen
return objectResourceStatement
}
// Obtain statements for write only B ucketPolicy.
// Obtain statements for write only b ucketPolicy.
func getWriteOnlyStatement ( bucketName , objectPrefix string ) [ ] policyStatement {
statements := [ ] policyStatement { }
// Write only policy.
@ -471,7 +471,7 @@ func TestIsValidConditions(t *testing.T) {
}
// Tests validate Policy Action and Resource fields.
func TestCheckB ucketPolicyResources ( t * testing . T ) {
func TestCheckb ucketPolicyResources ( t * testing . T ) {
// constructing policy statement without invalidPrefixActions (check bucket-policy-parser.go).
setValidPrefixActions := func ( statements [ ] policyStatement ) [ ] policyStatement {
statements [ 0 ] . Actions = [ ] string { "s3:DeleteObject" , "s3:PutObject" }
@ -491,27 +491,27 @@ func TestCheckBucketPolicyResources(t *testing.T) {
return statements
}
// List of B ucketPolicy used for tests.
bucketAccessPolicies := [ ] B ucketPolicy{
// B ucketPolicy - 1.
// List of b ucketPolicy used for tests.
bucketAccessPolicies := [ ] b ucketPolicy{
// b ucketPolicy - 1.
// Contains valid read only policy statement.
{ Version : "1.0" , Statements : getReadOnlyStatement ( "minio-bucket" , "" ) } ,
// B ucketPolicy - 2.
// b ucketPolicy - 2.
// Contains valid read-write only policy statement.
{ Version : "1.0" , Statements : getReadWriteStatement ( "minio-bucket" , "Asia/" ) } ,
// B ucketPolicy - 3.
// b ucketPolicy - 3.
// Contains valid write only policy statement.
{ Version : "1.0" , Statements : getWriteOnlyStatement ( "minio-bucket" , "Asia/India/" ) } ,
// B ucketPolicy - 4.
// b ucketPolicy - 4.
// Contains invalidPrefixActions.
// Since resourcePrefix is not to the bucket-name, it return ErrMalformedPolicy.
{ Version : "1.0" , Statements : getReadOnlyStatement ( "minio-bucket-fail" , "Asia/India/" ) } ,
// B ucketPolicy - 5.
// b ucketPolicy - 5.
// constructing policy statement without invalidPrefixActions (check bucket-policy-parser.go).
// but bucket part of the resource is not equal to the bucket name.
// this results in return of ErrMalformedPolicy.
{ Version : "1.0" , Statements : setValidPrefixActions ( getWriteOnlyStatement ( "minio-bucket-fail" , "Asia/India/" ) ) } ,
// B ucketPolicy - 6.
// b ucketPolicy - 6.
// contructing policy statement with recursive resources.
// should result in ErrMalformedPolicy
{ Version : "1.0" , Statements : setRecurseResource ( setValidPrefixActions ( getWriteOnlyStatement ( "minio-bucket" , "" ) ) ) } ,
@ -523,7 +523,7 @@ func TestCheckBucketPolicyResources(t *testing.T) {
}
testCases := [ ] struct {
inputPolicy B ucketPolicy
inputPolicy b ucketPolicy
// expected results.
apiErrCode APIErrorCode
// Flag indicating whether the test should pass.
@ -554,7 +554,7 @@ func TestCheckBucketPolicyResources(t *testing.T) {
{ bucketAccessPolicies [ 6 ] , ErrNone , true } ,
}
for i , testCase := range testCases {
apiErrCode := checkBucketPolicyResources ( "minio-bucket" , testCase . inputPolicy )
apiErrCode := checkBucketPolicyResources ( "minio-bucket" , & testCase . inputPolicy )
if apiErrCode != ErrNone && testCase . shouldPass {
t . Errorf ( "Test %d: Expected to pass, but failed with Errocode %v" , i + 1 , apiErrCode )
}
@ -596,53 +596,53 @@ func TestParseBucketPolicy(t *testing.T) {
statements [ 0 ] . Resources = [ ] string { "my-resource" }
return statements
}
// List of B ucketPolicy used for test cases.
bucketAccesPolicies := [ ] B ucketPolicy{
// B ucketPolicy - 0.
// B ucketPolicy statement empty.
// List of b ucketPolicy used for test cases.
bucketAccesPolicies := [ ] b ucketPolicy{
// b ucketPolicy - 0.
// b ucketPolicy statement empty.
{ Version : "1.0" } ,
// B ucketPolicy - 1.
// B ucketPolicy version empty.
// b ucketPolicy - 1.
// b ucketPolicy version empty.
{ Version : "" , Statements : [ ] policyStatement { } } ,
// B ucketPolicy - 2.
// Readonly B ucketPolicy.
// b ucketPolicy - 2.
// Readonly b ucketPolicy.
{ Version : "1.0" , Statements : getReadOnlyStatement ( "minio-bucket" , "" ) } ,
// B ucketPolicy - 3.
// b ucketPolicy - 3.
// Read-Write bucket policy.
{ Version : "1.0" , Statements : getReadWriteStatement ( "minio-bucket" , "Asia/" ) } ,
// B ucketPolicy - 4.
// b ucketPolicy - 4.
// Write only bucket policy.
{ Version : "1.0" , Statements : getWriteOnlyStatement ( "minio-bucket" , "Asia/India/" ) } ,
// B ucketPolicy - 5.
// B ucketPolicy statement contains unsupported action.
// b ucketPolicy - 5.
// b ucketPolicy statement contains unsupported action.
{ Version : "1.0" , Statements : setUnsupportedActions ( getReadOnlyStatement ( "minio-bucket" , "" ) ) } ,
// B ucketPolicy - 6.
// B ucketPolicy statement contains unsupported Effect.
// b ucketPolicy - 6.
// b ucketPolicy statement contains unsupported Effect.
{ Version : "1.0" , Statements : setUnsupportedEffect ( getReadWriteStatement ( "minio-bucket" , "Asia/" ) ) } ,
// B ucketPolicy - 7.
// B ucketPolicy statement contains unsupported Principal.
// b ucketPolicy - 7.
// b ucketPolicy statement contains unsupported Principal.
{ Version : "1.0" , Statements : setUnsupportedPrincipals ( getWriteOnlyStatement ( "minio-bucket" , "Asia/India/" ) ) } ,
// B ucketPolicy - 8.
// B ucketPolicy statement contains unsupported Resource.
// b ucketPolicy - 8.
// b ucketPolicy statement contains unsupported Resource.
{ Version : "1.0" , Statements : setUnsupportedResources ( getWriteOnlyStatement ( "minio-bucket" , "Asia/India/" ) ) } ,
}
testCases := [ ] struct {
inputPolicy B ucketPolicy
inputPolicy b ucketPolicy
// expected results.
expectedPolicy B ucketPolicy
expectedPolicy b ucketPolicy
err error
// Flag indicating whether the test should pass.
shouldPass bool
} {
// Test case - 1.
// B ucketPolicy statement empty.
{ bucketAccesPolicies [ 0 ] , B ucketPolicy{ } , errors . New ( "Policy statement cannot be empty." ) , false } ,
// b ucketPolicy statement empty.
{ bucketAccesPolicies [ 0 ] , b ucketPolicy{ } , errors . New ( "Policy statement cannot be empty." ) , false } ,
// Test case - 2.
// B ucketPolicy version empty.
{ bucketAccesPolicies [ 1 ] , B ucketPolicy{ } , errors . New ( "Policy version cannot be empty." ) , false } ,
// b ucketPolicy version empty.
{ bucketAccesPolicies [ 1 ] , b ucketPolicy{ } , errors . New ( "Policy version cannot be empty." ) , false } ,
// Test case - 3.
// Readonly B ucketPolicy.
// Readonly b ucketPolicy.
{ bucketAccesPolicies [ 2 ] , bucketAccesPolicies [ 2 ] , nil , true } ,
// Test case - 4.
// Read-Write bucket policy.
@ -651,25 +651,28 @@ func TestParseBucketPolicy(t *testing.T) {
// Write only bucket policy.
{ bucketAccesPolicies [ 4 ] , bucketAccesPolicies [ 4 ] , nil , true } ,
// Test case - 6.
// B ucketPolicy statement contains unsupported action.
// b ucketPolicy statement contains unsupported action.
{ bucketAccesPolicies [ 5 ] , bucketAccesPolicies [ 5 ] , fmt . Errorf ( "Unsupported action found: ‘s3:DeleteEverything’, please validate your policy document." ) , false } ,
// Test case - 7.
// B ucketPolicy statement contains unsupported Effect.
// b ucketPolicy statement contains unsupported Effect.
{ bucketAccesPolicies [ 6 ] , bucketAccesPolicies [ 6 ] , fmt . Errorf ( "Unsupported Effect found: ‘DontAllow’, please validate your policy document." ) , false } ,
// Test case - 8.
// B ucketPolicy statement contains unsupported Principal.
// b ucketPolicy statement contains unsupported Principal.
{ bucketAccesPolicies [ 7 ] , bucketAccesPolicies [ 7 ] , fmt . Errorf ( "Unsupported principal style found: ‘User1111’, please validate your policy document." ) , false } ,
// Test case - 9.
// B ucketPolicy statement contains unsupported Resource.
// b ucketPolicy statement contains unsupported Resource.
{ bucketAccesPolicies [ 8 ] , bucketAccesPolicies [ 8 ] , fmt . Errorf ( "Unsupported resource style found: ‘my-resource’, please validate your policy document." ) , false } ,
}
for i , testCase := range testCases {
inputPolicyBytes , e := json . Marshal ( testCase . inputPolicy )
if e != nil {
t . Fatalf ( "Test %d: Couldn't Marshal bucket policy" , i + 1 )
var buffer bytes . Buffer
encoder := json . NewEncoder ( & buffer )
err := encoder . Encode ( testCase . inputPolicy )
if err != nil {
t . Fatalf ( "Test %d: Couldn't Marshal bucket policy %s" , i + 1 , err )
}
actualAccessPolicy , err := parseBucketPolicy ( inputPolicyBytes )
var actualAccessPolicy = & bucketPolicy { }
err = parseBucketPolicy ( & buffer , actualAccessPolicy )
if err != nil && testCase . shouldPass {
t . Errorf ( "Test %d: Expected to pass, but failed with: <ERROR> %s" , i + 1 , err . Error ( ) )
}
@ -684,7 +687,7 @@ func TestParseBucketPolicy(t *testing.T) {
}
// Test passes as expected, but the output values are verified for correctness here.
if err == nil && testCase . shouldPass {
if ! reflect . DeepEqual ( testCase . expectedPolicy , actualAccessPolicy ) {
if testCase . expectedPolicy . String ( ) != actualAccessPolicy . String ( ) {
t . Errorf ( "Test %d: The expected statements from resource statement generator doesn't match the actual statements" , i + 1 )
}
}