MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-28 21:18:10 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add more context aware error for policy parsing errors (#8726)

Browse Source 
In existing functionality we simply return a generic
error such as "MalformedPolicy" which indicates just
a generic string "invalid resource" which is not very
meaningful when there might be multiple types of errors
during policy parsing. This PR ensures that we send
these errors back to client to indicate the actual
error, brings in two concrete types such as

 - iampolicy.Error
 - policy.Error

Refer #8202
This commit is contained in:
Harshavardhana
2020-01-03 11:28:52 -08:00
committed by GitHub
parent 84e55e2e6f
commit 6695fd6a61
23 changed files with 141 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/iam/policy/statement.go
View File

@@ -18,7 +18,6 @@ package iampolicy
import (
"encoding/json"
"fmt"
"strings"
"github.com/minio/minio/pkg/policy"
@@ -74,11 +73,11 @@ func (statement Statement) isAdmin() bool {
// isValid - checks whether statement is valid or not.
func (statement Statement) isValid() error {
if !statement.Effect.IsValid() {
return fmt.Errorf("invalid Effect %v", statement.Effect)
return Errorf("invalid Effect %v", statement.Effect)
}
if len(statement.Actions) == 0 {
return fmt.Errorf("Action must not be empty")
return Errorf("Action must not be empty")
}
if statement.isAdmin() {
@@ -86,14 +85,14 @@ func (statement Statement) isValid() error {
keys := statement.Conditions.Keys()
keyDiff := keys.Difference(adminActionConditionKeyMap[action])
if !keyDiff.IsEmpty() {
return fmt.Errorf("unsupported condition keys '%v' used for action '%v'", keyDiff, action)
return Errorf("unsupported condition keys '%v' used for action '%v'", keyDiff, action)
}
}
return nil
}
if len(statement.Resources) == 0 {
return fmt.Errorf("Resource must not be empty")
return Errorf("Resource must not be empty")
}
if err := statement.Resources.Validate(); err != nil {
@@ -102,13 +101,13 @@ func (statement Statement) isValid() error {
for action := range statement.Actions {
if !statement.Resources.objectResourceExists() && !statement.Resources.bucketResourceExists() {
return fmt.Errorf("unsupported Resource found %v for action %v", statement.Resources, action)
return Errorf("unsupported Resource found %v for action %v", statement.Resources, action)
}
keys := statement.Conditions.Keys()
keyDiff := keys.Difference(actionConditionKeyMap[action])
if !keyDiff.IsEmpty() {
return fmt.Errorf("unsupported condition keys '%v' used for action '%v'", keyDiff, action)
return Errorf("unsupported condition keys '%v' used for action '%v'", keyDiff, action)
}
}