Support policy variable replacement (#7085)

This PR supports iam and bucket policies to have
policy variable replacements in resource and
condition key values.

For example
- ${aws:username}
- ${aws:userid}

pkg/policy/resource.go

@@ -21,6 +21,7 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/minio/minio/pkg/policy/condition"
 	"github.com/minio/minio/pkg/wildcard"
 )
 
@@ -47,8 +48,16 @@ func (r Resource) IsValid() bool {
 }
 
 // Match - matches object name with resource pattern.
-func (r Resource) Match(resource string) bool {
-	return wildcard.Match(r.Pattern, resource)
+func (r Resource) Match(resource string, conditionValues map[string][]string) bool {
+	pattern := r.Pattern
+	for _, key := range condition.CommonKeys {
+		// Empty values are not supported for policy variables.
+		if rvalues, ok := conditionValues[key.Name()]; ok && rvalues[0] != "" {
+			pattern = strings.Replace(pattern, key.VarName(), rvalues[0], -1)
+		}
+	}
+
+	return wildcard.Match(pattern, resource)
 }
 
 // MarshalJSON - encodes Resource to JSON data.