Bucket policies should use minio-go/pkg/policy instead. (#5090)

cmd/web-handlers_test.go

@@ -433,12 +433,12 @@ func testListObjectsWebHandler(obj ObjectLayer, instanceType string, t TestErrHa
 		t.Fatalf("Expected error `%s`", err)
 	}
 
-	policy := bucketPolicy{
+	policy := policy.BucketAccessPolicy{
 		Version:    "1.0",
-		Statements: []policyStatement{getReadOnlyObjectStatement(bucketName, "")},
+		Statements: []policy.Statement{getReadOnlyObjectStatement(bucketName, "")},
 	}
 
-	globalBucketPolicies.SetBucketPolicy(bucketName, policyChange{false, &policy})
+	globalBucketPolicies.SetBucketPolicy(bucketName, policyChange{false, policy})
 
 	// Unauthenticated ListObjects with READ bucket policy should succeed.
 	err, reply = test("")
@@ -807,12 +807,12 @@ func testUploadWebHandler(obj ObjectLayer, instanceType string, t TestErrHandler
 		t.Fatalf("Expected the response status to be 403, but instead found `%d`", code)
 	}
 
-	policy := bucketPolicy{
+	bp := policy.BucketAccessPolicy{
 		Version:    "1.0",
-		Statements: []policyStatement{getWriteOnlyObjectStatement(bucketName, "")},
+		Statements: []policy.Statement{getWriteOnlyObjectStatement(bucketName, "")},
 	}
 
-	globalBucketPolicies.SetBucketPolicy(bucketName, policyChange{false, &policy})
+	globalBucketPolicies.SetBucketPolicy(bucketName, policyChange{false, bp})
 
 	// Unauthenticated upload with WRITE policy should succeed.
 	code = test("", true)
@@ -914,12 +914,12 @@ func testDownloadWebHandler(obj ObjectLayer, instanceType string, t TestErrHandl
 		t.Fatalf("Expected the response status to be 403, but instead found `%d`", code)
 	}
 
-	policy := bucketPolicy{
+	bp := policy.BucketAccessPolicy{
 		Version:    "1.0",
-		Statements: []policyStatement{getReadOnlyObjectStatement(bucketName, "")},
+		Statements: []policy.Statement{getReadOnlyObjectStatement(bucketName, "")},
 	}
 
-	globalBucketPolicies.SetBucketPolicy(bucketName, policyChange{false, &policy})
+	globalBucketPolicies.SetBucketPolicy(bucketName, policyChange{false, bp})
 
 	// Unauthenticated download with READ policy should succeed.
 	code, bodyContent = test("")
@@ -1142,26 +1142,30 @@ func testWebGetBucketPolicyHandler(obj ObjectLayer, instanceType string, t TestE
 		t.Fatal("Unexpected error: ", err)
 	}
 
-	policyVal := bucketPolicy{
+	policyVal := policy.BucketAccessPolicy{
 		Version: "2012-10-17",
-		Statements: []policyStatement{
+		Statements: []policy.Statement{
 			{
-				Actions:   set.CreateStringSet("s3:GetBucketLocation", "s3:ListBucket"),
-				Effect:    "Allow",
-				Principal: map[string][]string{"AWS": {"*"}},
+				Actions: set.CreateStringSet("s3:GetBucketLocation", "s3:ListBucket"),
+				Effect:  "Allow",
+				Principal: policy.User{
+					AWS: set.CreateStringSet("*"),
+				},
 				Resources: set.CreateStringSet(bucketARNPrefix + bucketName),
 				Sid:       "",
 			},
 			{
-				Actions:   set.CreateStringSet("s3:GetObject"),
-				Effect:    "Allow",
-				Principal: map[string][]string{"AWS": {"*"}},
+				Actions: set.CreateStringSet("s3:GetObject"),
+				Effect:  "Allow",
+				Principal: policy.User{
+					AWS: set.CreateStringSet("*"),
+				},
 				Resources: set.CreateStringSet(bucketARNPrefix + bucketName + "/*"),
 				Sid:       "",
 			},
 		},
 	}
-	if err := writeBucketPolicy(bucketName, obj, &policyVal); err != nil {
+	if err := writeBucketPolicy(bucketName, obj, policyVal); err != nil {
 		t.Fatal("Unexpected error: ", err)
 	}
 
@@ -1216,32 +1220,32 @@ func testWebListAllBucketPoliciesHandler(obj ObjectLayer, instanceType string, t
 		t.Fatal("Unexpected error: ", err)
 	}
 
-	policyVal := bucketPolicy{
+	stringEqualsConditions := policy.ConditionMap{}
+	stringEqualsConditions["StringEquals"] = make(policy.ConditionKeyMap)
+	stringEqualsConditions["StringEquals"].Add("s3:prefix", set.CreateStringSet("hello"))
+
+	policyVal := policy.BucketAccessPolicy{
 		Version: "2012-10-17",
-		Statements: []policyStatement{
+		Statements: []policy.Statement{
 			{
 				Actions:   set.CreateStringSet("s3:GetBucketLocation"),
 				Effect:    "Allow",
-				Principal: map[string][]string{"AWS": {"*"}},
+				Principal: policy.User{AWS: set.CreateStringSet("*")},
 				Resources: set.CreateStringSet(bucketARNPrefix + bucketName),
 				Sid:       "",
 			},
 			{
-				Actions: set.CreateStringSet("s3:ListBucket"),
-				Conditions: map[string]map[string]set.StringSet{
-					"StringEquals": {
-						"s3:prefix": set.CreateStringSet("hello"),
-					},
-				},
-				Effect:    "Allow",
-				Principal: map[string][]string{"AWS": {"*"}},
-				Resources: set.CreateStringSet(bucketARNPrefix + bucketName),
-				Sid:       "",
+				Actions:    set.CreateStringSet("s3:ListBucket"),
+				Conditions: stringEqualsConditions,
+				Effect:     "Allow",
+				Principal:  policy.User{AWS: set.CreateStringSet("*")},
+				Resources:  set.CreateStringSet(bucketARNPrefix + bucketName),
+				Sid:        "",
 			},
 			{
 				Actions:   set.CreateStringSet("s3:ListBucketMultipartUploads"),
 				Effect:    "Allow",
-				Principal: map[string][]string{"AWS": {"*"}},
+				Principal: policy.User{AWS: set.CreateStringSet("*")},
 				Resources: set.CreateStringSet(bucketARNPrefix + bucketName),
 				Sid:       "",
 			},
@@ -1249,13 +1253,13 @@ func testWebListAllBucketPoliciesHandler(obj ObjectLayer, instanceType string, t
 				Actions: set.CreateStringSet("s3:AbortMultipartUpload", "s3:DeleteObject",
 					"s3:GetObject", "s3:ListMultipartUploadParts", "s3:PutObject"),
 				Effect:    "Allow",
-				Principal: map[string][]string{"AWS": {"*"}},
+				Principal: policy.User{AWS: set.CreateStringSet("*")},
 				Resources: set.CreateStringSet(bucketARNPrefix + bucketName + "/hello*"),
 				Sid:       "",
 			},
 		},
 	}
-	if err := writeBucketPolicy(bucketName, obj, &policyVal); err != nil {
+	if err := writeBucketPolicy(bucketName, obj, policyVal); err != nil {
 		t.Fatal("Unexpected error: ", err)
 	}
 
@@ -1348,7 +1352,7 @@ func testWebSetBucketPolicyHandler(obj ObjectLayer, instanceType string, t TestE
 		// Parse RPC response
 		err = getTestWebRPCResponse(rec, &reply)
 		if testCase.pass && err != nil {
-			t.Fatalf("Test %d: Should succeed but it didn't, %v", i+1, err)
+			t.Fatalf("Test %d: Should succeed but it didn't, %#v", i+1, err)
 		}
 		if !testCase.pass && err == nil {
 			t.Fatalf("Test %d: Should fail it didn't", i+1)