MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-09 21:49:46 -05:00
Code Issues Packages Projects Releases Wiki Activity

Disallow only policy statements which are exactly same (#8785)

Browse Source
This commit is contained in:
Harshavardhana
2020-01-09 19:29:57 -08:00
committed by GitHub
parent 656146b699
commit 0a70bc24ac
7 changed files with 86 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
pkg/iam/policy/actionset.go
View File

@@ -43,6 +43,24 @@ func (actionSet ActionSet) Match(action Action) bool {
return false
}
// Equals - checks whether given action set is equal to current action set or not.
func (actionSet ActionSet) Equals(sactionSet ActionSet) bool {
// If length of set is not equal to length of given set, the
// set is not equal to given set.
if len(actionSet) != len(sactionSet) {
return false
}
// As both sets are equal in length, check each elements are equal.
for k := range actionSet {
if _, ok := sactionSet[k]; !ok {
return false
}
}
return true
}
// Intersection - returns actions available in both ActionSet.
func (actionSet ActionSet) Intersection(sset ActionSet) ActionSet {
nset := NewActionSet()

8
pkg/iam/policy/policy.go
View File

@@ -110,13 +110,11 @@ func (iamp Policy) isValid() error {
continue
}
actions := iamp.Statements[i].Actions.Intersection(statement.Actions)
if len(actions) == 0 {
if !iamp.Statements[i].Actions.Equals(statement.Actions) {
continue
}
resources := iamp.Statements[i].Resources.Intersection(statement.Resources)
if len(resources) == 0 {
if !iamp.Statements[i].Resources.Equals(statement.Resources) {
continue
}
@@ -125,7 +123,7 @@ func (iamp Policy) isValid() error {
}
return Errorf("duplicate actions %v, resources %v found in statements %v, %v",
actions, resources, iamp.Statements[i], statement)
statement.Actions, statement.Resources, iamp.Statements[i], statement)
}
}

18
pkg/iam/policy/resourceset.go
View File

@@ -54,6 +54,24 @@ func (resourceSet ResourceSet) Add(resource Resource) {
resourceSet[resource] = struct{}{}
}
// Equals - checks whether given resource set is equal to current resource set or not.
func (resourceSet ResourceSet) Equals(sresourceSet ResourceSet) bool {
// If length of set is not equal to length of given set, the
// set is not equal to given set.
if len(resourceSet) != len(sresourceSet) {
return false
}
// As both sets are equal in length, check each elements are equal.
for k := range resourceSet {
if _, ok := sresourceSet[k]; !ok {
return false
}
}
return true
}
// Intersection - returns resources available in both ResourceSet.
func (resourceSet ResourceSet) Intersection(sset ResourceSet) ResourceSet {
nset := NewResourceSet()