Enhance policy handling to support SSE and WORM (#5790)

- remove old bucket policy handling - add new policy handling - add new policy handling unit tests This patch brings support to bucket policy to have more control not limiting to anonymous. Bucket owner controls to allow/deny any rest API. For example server side encryption can be controlled by allowing PUT/GET objects with encryptions including bucket owner.
2025-11-09 21:49:46 -05:00 · 2018-04-25 04:23:30 +05:30
parent 21a3c0f482
commit 0d52126023
77 changed files with 9811 additions and 2633 deletions
--- a/cmd/gateway-unsupported.go
+++ b/cmd/gateway-unsupported.go
@@ -20,10 +20,10 @@ import (
 	"context"
 	"time"

-	"github.com/minio/minio-go/pkg/policy"
 	"github.com/minio/minio/cmd/logger"
 	"github.com/minio/minio/pkg/hash"
 	"github.com/minio/minio/pkg/madmin"
+	"github.com/minio/minio/pkg/policy"
 )

 // GatewayUnsupported list of unsupported call stubs for gateway.
@@ -72,15 +72,15 @@ func (a GatewayUnsupported) CompleteMultipartUpload(ctx context.Context, bucket
 }

 // SetBucketPolicy sets policy on bucket
-func (a GatewayUnsupported) SetBucketPolicy(ctx context.Context, bucket string, policyInfo policy.BucketAccessPolicy) error {
+func (a GatewayUnsupported) SetBucketPolicy(ctx context.Context, bucket string, bucketPolicy *policy.Policy) error {
 	logger.LogIf(ctx, NotImplemented{})
 	return NotImplemented{}
 }

 // GetBucketPolicy will get policy on bucket
-func (a GatewayUnsupported) GetBucketPolicy(ctx context.Context, bucket string) (bal policy.BucketAccessPolicy, err error) {
+func (a GatewayUnsupported) GetBucketPolicy(ctx context.Context, bucket string) (bucketPolicy *policy.Policy, err error) {
 	logger.LogIf(ctx, NotImplemented{})
-	return bal, NotImplemented{}
+	return nil, NotImplemented{}
 }

 // DeleteBucketPolicy deletes all policies on bucket