minio/bucket-policy.go

/*
 * Minio Cloud Storage, (C) 2015, 2016 Minio, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package main

import (
	"io/ioutil"
	"os"
	"path/filepath"

	"github.com/minio/minio/pkg/probe"
)

// getBucketsConfigPath - get buckets path.
func getBucketsConfigPath() (string, *probe.Error) {
	configPath, err := getConfigPath()
	if err != nil {
		return "", err.Trace()
	}
	return filepath.Join(configPath, "buckets"), nil
}

// createBucketsConfigPath - create buckets directory.
func createBucketsConfigPath() *probe.Error {
	bucketsConfigPath, err := getBucketsConfigPath()
	if err != nil {
		return err
	}
	if e := os.MkdirAll(bucketsConfigPath, 0700); e != nil {
		return probe.NewError(e)
	}
	return nil
}

// getBucketConfigPath - get bucket config path.
func getBucketConfigPath(bucket string) (string, *probe.Error) {
	bucketsConfigPath, err := getBucketsConfigPath()
	if err != nil {
		return "", err.Trace()
	}
	return filepath.Join(bucketsConfigPath, bucket), nil
}

// createBucketConfigPath - create bucket config directory.
func createBucketConfigPath(bucket string) *probe.Error {
	bucketConfigPath, err := getBucketConfigPath(bucket)
	if err != nil {
		return err
	}
	if e := os.MkdirAll(bucketConfigPath, 0700); e != nil {
		return probe.NewError(e)
	}
	return nil
}

// readBucketPolicy - read bucket policy.
func readBucketPolicy(bucket string) ([]byte, *probe.Error) {
	// Verify bucket is valid.
	if !IsValidBucketName(bucket) {
		return nil, probe.NewError(BucketNameInvalid{Bucket: bucket})
	}

	bucketConfigPath, err := getBucketConfigPath(bucket)
	if err != nil {
		return nil, err.Trace()
	}

	// Get policy file.
	bucketPolicyFile := filepath.Join(bucketConfigPath, "access-policy.json")
	if _, e := os.Stat(bucketPolicyFile); e != nil {
		if os.IsNotExist(e) {
			return nil, probe.NewError(BucketPolicyNotFound{Bucket: bucket})
		}
		return nil, probe.NewError(e)
	}

	accessPolicyBytes, e := ioutil.ReadFile(bucketPolicyFile)
	if e != nil {
		return nil, probe.NewError(e)
	}
	return accessPolicyBytes, nil
}

// removeBucketPolicy - remove bucket policy.
func removeBucketPolicy(bucket string) *probe.Error {
	// Verify bucket is valid.
	if !IsValidBucketName(bucket) {
		return probe.NewError(BucketNameInvalid{Bucket: bucket})
	}

	bucketConfigPath, err := getBucketConfigPath(bucket)
	if err != nil {
		return err.Trace(bucket)
	}

	// Get policy file.
	bucketPolicyFile := filepath.Join(bucketConfigPath, "access-policy.json")
	if _, e := os.Stat(bucketPolicyFile); e != nil {
		if os.IsNotExist(e) {
			return probe.NewError(BucketPolicyNotFound{Bucket: bucket})
		}
		return probe.NewError(e)
	}
	return nil
}

// writeBucketPolicy - save bucket policy.
func writeBucketPolicy(bucket string, accessPolicyBytes []byte) *probe.Error {
	// Verify if bucket path legal
	if !IsValidBucketName(bucket) {
		return probe.NewError(BucketNameInvalid{Bucket: bucket})
	}

	// Create bucket config path.
	if err := createBucketConfigPath(bucket); err != nil {
		return err.Trace()
	}

	bucketConfigPath, err := getBucketConfigPath(bucket)
	if err != nil {
		return err.Trace()
	}

	// Get policy file.
	bucketPolicyFile := filepath.Join(bucketConfigPath, "access-policy.json")
	if _, e := os.Stat(bucketPolicyFile); e != nil {
		if !os.IsNotExist(e) {
			return probe.NewError(e)
		}
	}

	// Write bucket policy.
	if e := ioutil.WriteFile(bucketPolicyFile, accessPolicyBytes, 0600); e != nil {
		return probe.NewError(e)
	}

	return nil
}