Merge pull request #171 from harshavardhana/pr_out_expose_policy_code_for_api_router_usage

This commit is contained in:
Harshavardhana 2015-02-17 19:06:14 -08:00
commit 4bdbfe47a2
3 changed files with 23 additions and 48 deletions

View File

@ -1,32 +0,0 @@
/*
* Mini Object Storage, (C) 2015 Minio, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package minioapi
import (
"net/http"
)
type pHandler struct {
handler http.Handler
}
func policyHandler(h http.Handler) http.Handler {
return pHandler{h}
}
func (p pHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
}

View File

@ -152,6 +152,13 @@ func Loadusers() map[string]User {
return c.Users return c.Users
} }
func Loadkey(accessKeyId string) User {
c := Config{}
c.SetupConfig()
c.ReadConfig()
return c.GetKey(accessKeyId)
}
func Loaduser(username string) User { func Loaduser(username string) User {
c := Config{} c := Config{}
c.SetupConfig() c.SetupConfig()

View File

@ -25,17 +25,17 @@ type BucketPolicy struct {
} }
const ( const (
awsResource = "arn:aws:s3:::" AwsResource = "arn:aws:s3:::"
minioResource = "minio:::" MinioResource = "minio:::"
) )
// TODO support canonical user // TODO support canonical user
const ( const (
awsPrincipal = "arn:aws:iam::Account-ID:user/" AwsPrincipal = "arn:aws:iam::Account-ID:user/"
minioPrincipal = "minio::Account-ID:user/" MinioPrincipal = "minio::Account-ID:user/"
) )
var supportedActionMap = map[string]bool{ var SupportedActionMap = map[string]bool{
"*": true, "*": true,
"s3:GetObject": true, "s3:GetObject": true,
"s3:ListBucket": true, "s3:ListBucket": true,
@ -47,7 +47,7 @@ var supportedActionMap = map[string]bool{
"s3:PutBucketPolicy": true, "s3:PutBucketPolicy": true,
} }
var supportedEffectMap = map[string]bool{ var SupportedEffectMap = map[string]bool{
"Allow": true, "Allow": true,
"Deny": true, "Deny": true,
} }
@ -55,7 +55,7 @@ var supportedEffectMap = map[string]bool{
func isValidAction(action []string) bool { func isValidAction(action []string) bool {
var ok bool = false var ok bool = false
for _, a := range action { for _, a := range action {
if supportedActionMap[a] { if SupportedActionMap[a] {
ok = true ok = true
} }
} }
@ -63,7 +63,7 @@ func isValidAction(action []string) bool {
} }
func isValidEffect(effect string) bool { func isValidEffect(effect string) bool {
if supportedEffectMap[effect] { if SupportedEffectMap[effect] {
return true return true
} }
return false return false
@ -73,14 +73,14 @@ func isValidResource(resources []string) bool {
var ok bool = false var ok bool = false
for _, resource := range resources { for _, resource := range resources {
switch true { switch true {
case strings.HasPrefix(resource, awsResource): case strings.HasPrefix(resource, AwsResource):
bucket := strings.SplitAfter(resource, awsResource)[1] bucket := strings.SplitAfter(resource, AwsResource)[1]
ok = true ok = true
if len(bucket) == 0 { if len(bucket) == 0 {
ok = false ok = false
} }
case strings.HasPrefix(resource, minioResource): case strings.HasPrefix(resource, MinioResource):
bucket := strings.SplitAfter(resource, minioResource)[1] bucket := strings.SplitAfter(resource, MinioResource)[1]
ok = true ok = true
if len(bucket) == 0 { if len(bucket) == 0 {
ok = false ok = false
@ -98,14 +98,14 @@ func isValidPrincipal(principal string) bool {
return true return true
} }
switch true { switch true {
case strings.HasPrefix(principal, awsPrincipal): case strings.HasPrefix(principal, AwsPrincipal):
username := strings.SplitAfter(principal, awsPrincipal)[1] username := strings.SplitAfter(principal, AwsPrincipal)[1]
ok = true ok = true
if len(username) == 0 { if len(username) == 0 {
ok = false ok = false
} }
case strings.HasPrefix(principal, minioPrincipal): case strings.HasPrefix(principal, MinioPrincipal):
username := strings.SplitAfter(principal, minioPrincipal)[1] username := strings.SplitAfter(principal, MinioPrincipal)[1]
ok = true ok = true
if len(username) == 0 { if len(username) == 0 {
ok = false ok = false