mirror of
https://github.com/minio/minio.git
synced 2024-12-24 22:25:54 -05:00
parent
2f9975c76c
commit
7431acb2c4
@ -116,9 +116,9 @@ func getOldBucketsConfigPath() (string, error) {
|
|||||||
return path.Join(configPath, "buckets"), nil
|
return path.Join(configPath, "buckets"), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// readBucketPolicy - reads bucket policy for an input bucket, returns BucketPolicyNotFound
|
// readBucketPolicyJSON - reads bucket policy for an input bucket, returns BucketPolicyNotFound
|
||||||
// if bucket policy is not found. This function also parses the bucket policy into an object.
|
// if bucket policy is not found.
|
||||||
func readBucketPolicy(bucket string, objAPI ObjectLayer) (*bucketPolicy, error) {
|
func readBucketPolicyJSON(bucket string, objAPI ObjectLayer) (bucketPolicyReader io.Reader, err error) {
|
||||||
// Verify bucket is valid.
|
// Verify bucket is valid.
|
||||||
if !IsValidBucketName(bucket) {
|
if !IsValidBucketName(bucket) {
|
||||||
return nil, BucketNameInvalid{Bucket: bucket}
|
return nil, BucketNameInvalid{Bucket: bucket}
|
||||||
@ -139,9 +139,22 @@ func readBucketPolicy(bucket string, objAPI ObjectLayer) (*bucketPolicy, error)
|
|||||||
}
|
}
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return &buffer, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// readBucketPolicy - reads bucket policy for an input bucket, returns BucketPolicyNotFound
|
||||||
|
// if bucket policy is not found. This function also parses the bucket policy into an object.
|
||||||
|
func readBucketPolicy(bucket string, objAPI ObjectLayer) (*bucketPolicy, error) {
|
||||||
|
// Read bucket policy JSON.
|
||||||
|
bucketPolicyReader, err := readBucketPolicyJSON(bucket, objAPI)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
// Parse the saved policy.
|
// Parse the saved policy.
|
||||||
var policy = &bucketPolicy{}
|
var policy = &bucketPolicy{}
|
||||||
err = parseBucketPolicy(&buffer, policy)
|
err = parseBucketPolicy(bucketPolicyReader, policy)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|
||||||
|
@ -17,7 +17,10 @@
|
|||||||
package cmd
|
package cmd
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"bytes"
|
||||||
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
"path"
|
"path"
|
||||||
@ -30,6 +33,7 @@ import (
|
|||||||
"github.com/dustin/go-humanize"
|
"github.com/dustin/go-humanize"
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
"github.com/gorilla/rpc/v2/json2"
|
"github.com/gorilla/rpc/v2/json2"
|
||||||
|
"github.com/minio/minio-go/pkg/policy"
|
||||||
"github.com/minio/miniobrowser"
|
"github.com/minio/miniobrowser"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -482,3 +486,98 @@ func writeWebErrorResponse(w http.ResponseWriter, err error) {
|
|||||||
w.WriteHeader(apiErr.HTTPStatusCode)
|
w.WriteHeader(apiErr.HTTPStatusCode)
|
||||||
w.Write([]byte(apiErr.Description))
|
w.Write([]byte(apiErr.Description))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// GetBucketPolicyArgs - get bucket policy args.
|
||||||
|
type GetBucketPolicyArgs struct {
|
||||||
|
BucketName string `json:"bucketName"`
|
||||||
|
Prefix string `json:"prefix"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetBucketPolicyRep - get bucket policy reply.
|
||||||
|
type GetBucketPolicyRep struct {
|
||||||
|
UIVersion string `json:"uiVersion"`
|
||||||
|
Policy policy.BucketPolicy `json:"policy"`
|
||||||
|
}
|
||||||
|
|
||||||
|
func readBucketAccessPolicy(objAPI ObjectLayer, bucketName string) (policy.BucketAccessPolicy, error) {
|
||||||
|
bucketPolicyReader, err := readBucketPolicyJSON(bucketName, objAPI)
|
||||||
|
if err != nil {
|
||||||
|
if _, ok := err.(BucketPolicyNotFound); ok {
|
||||||
|
return policy.BucketAccessPolicy{}, nil
|
||||||
|
}
|
||||||
|
return policy.BucketAccessPolicy{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
bucketPolicyBuf, err := ioutil.ReadAll(bucketPolicyReader)
|
||||||
|
if err != nil {
|
||||||
|
return policy.BucketAccessPolicy{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
policyInfo := policy.BucketAccessPolicy{}
|
||||||
|
err = json.Unmarshal(bucketPolicyBuf, &policyInfo)
|
||||||
|
if err != nil {
|
||||||
|
return policy.BucketAccessPolicy{}, err
|
||||||
|
}
|
||||||
|
|
||||||
|
return policyInfo, nil
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetBucketPolicy - get bucket policy.
|
||||||
|
func (web *webAPIHandlers) GetBucketPolicy(r *http.Request, args *GetBucketPolicyArgs, reply *GetBucketPolicyRep) error {
|
||||||
|
if !isJWTReqAuthenticated(r) {
|
||||||
|
return &json2.Error{Message: "Unauthorized request"}
|
||||||
|
}
|
||||||
|
|
||||||
|
policyInfo, err := readBucketAccessPolicy(web.ObjectAPI, args.BucketName)
|
||||||
|
if err != nil {
|
||||||
|
return &json2.Error{Message: err.Error()}
|
||||||
|
}
|
||||||
|
|
||||||
|
bucketPolicy := policy.GetPolicy(policyInfo.Statements, args.BucketName, args.Prefix)
|
||||||
|
|
||||||
|
reply.UIVersion = miniobrowser.UIVersion
|
||||||
|
reply.Policy = bucketPolicy
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetBucketPolicyArgs - set bucket policy args.
|
||||||
|
type SetBucketPolicyArgs struct {
|
||||||
|
BucketName string `json:"bucketName"`
|
||||||
|
Prefix string `json:"prefix"`
|
||||||
|
Policy string `json:"policy"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// SetBucketPolicy - set bucket policy.
|
||||||
|
func (web *webAPIHandlers) SetBucketPolicy(r *http.Request, args *SetBucketPolicyArgs, reply *WebGenericRep) error {
|
||||||
|
if !isJWTReqAuthenticated(r) {
|
||||||
|
return &json2.Error{Message: "Unauthorized request"}
|
||||||
|
}
|
||||||
|
|
||||||
|
bucketPolicy := policy.BucketPolicy(args.Policy)
|
||||||
|
if !bucketPolicy.IsValidBucketPolicy() {
|
||||||
|
return &json2.Error{Message: "Invalid policy " + args.Policy}
|
||||||
|
}
|
||||||
|
|
||||||
|
policyInfo, err := readBucketAccessPolicy(web.ObjectAPI, args.BucketName)
|
||||||
|
if err != nil {
|
||||||
|
return &json2.Error{Message: err.Error()}
|
||||||
|
}
|
||||||
|
|
||||||
|
policyInfo.Statements = policy.SetPolicy(policyInfo.Statements, bucketPolicy, args.BucketName, args.Prefix)
|
||||||
|
|
||||||
|
data, err := json.Marshal(policyInfo)
|
||||||
|
if err != nil {
|
||||||
|
return &json2.Error{Message: err.Error()}
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: update policy statements according to bucket name, prefix and policy arguments.
|
||||||
|
if err := writeBucketPolicy(args.BucketName, web.ObjectAPI, bytes.NewReader(data), int64(len(data))); err != nil {
|
||||||
|
return &json2.Error{Message: err.Error()}
|
||||||
|
}
|
||||||
|
|
||||||
|
reply.UIVersion = miniobrowser.UIVersion
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
@ -24,6 +24,8 @@ import (
|
|||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
"strconv"
|
"strconv"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/minio/minio-go/pkg/policy"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Authenticate and get JWT token - will be called before every webrpc handler invocation
|
// Authenticate and get JWT token - will be called before every webrpc handler invocation
|
||||||
@ -711,3 +713,60 @@ func testDownloadWebHandler(obj ObjectLayer, instanceType string, t TestErrHandl
|
|||||||
t.Fatalf("The downloaded file is corrupted")
|
t.Fatalf("The downloaded file is corrupted")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Wrapper for calling GetBucketPolicy Handler
|
||||||
|
func TestWebHandlerGetBucketPolicyHandler(t *testing.T) {
|
||||||
|
ExecObjectLayerTest(t, testWebGetBucketPolicyHandler)
|
||||||
|
}
|
||||||
|
|
||||||
|
// testWebGetBucketPolicyHandler - Test GetBucketPolicy web handler
|
||||||
|
func testWebGetBucketPolicyHandler(obj ObjectLayer, instanceType string, t TestErrHandler) {
|
||||||
|
// Register the API end points with XL/FS object layer.
|
||||||
|
apiRouter := initTestWebRPCEndPoint(obj)
|
||||||
|
// initialize the server and obtain the credentials and root.
|
||||||
|
// credentials are necessary to sign the HTTP request.
|
||||||
|
rootPath, err := newTestConfig("us-east-1")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("Init Test config failed")
|
||||||
|
}
|
||||||
|
// remove the root folder after the test ends.
|
||||||
|
defer removeAll(rootPath)
|
||||||
|
|
||||||
|
credentials := serverConfig.GetCredential()
|
||||||
|
|
||||||
|
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal("Cannot authenticate")
|
||||||
|
}
|
||||||
|
|
||||||
|
rec := httptest.NewRecorder()
|
||||||
|
|
||||||
|
bucketName := getRandomBucketName()
|
||||||
|
|
||||||
|
testCases := []struct {
|
||||||
|
bucketName string
|
||||||
|
prefix string
|
||||||
|
expectedResult policy.BucketPolicy
|
||||||
|
}{
|
||||||
|
{bucketName, "", policy.BucketPolicyNone},
|
||||||
|
}
|
||||||
|
|
||||||
|
for i, testCase := range testCases {
|
||||||
|
args := &GetBucketPolicyArgs{BucketName: testCase.bucketName, Prefix: testCase.prefix}
|
||||||
|
reply := &GetBucketPolicyRep{}
|
||||||
|
req, err := newTestWebRPCRequest("Web.GetBucketPolicy", authorization, args)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("Test %d: Failed to create HTTP request: <ERROR> %v", i+1, err)
|
||||||
|
}
|
||||||
|
apiRouter.ServeHTTP(rec, req)
|
||||||
|
if rec.Code != http.StatusOK {
|
||||||
|
t.Fatalf("Test %d: Expected the response status to be 200, but instead found `%d`", i+1, rec.Code)
|
||||||
|
}
|
||||||
|
if err = getTestWebRPCResponse(rec, &reply); err != nil {
|
||||||
|
t.Fatalf("Test %d: Should succeed but it didn't, %v", i+1, err)
|
||||||
|
}
|
||||||
|
if testCase.expectedResult != reply.Policy {
|
||||||
|
t.Fatalf("Test %d: expected: %v, got: %v", i+1, testCase.expectedResult, reply.Policy)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
115
vendor/github.com/minio/minio-go/pkg/policy/bucket-policy-condition.go
generated
vendored
Normal file
115
vendor/github.com/minio/minio-go/pkg/policy/bucket-policy-condition.go
generated
vendored
Normal file
@ -0,0 +1,115 @@
|
|||||||
|
/*
|
||||||
|
* Minio Go Library for Amazon S3 Compatible Cloud Storage (C) 2015 Minio, Inc.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package policy
|
||||||
|
|
||||||
|
import "github.com/minio/minio-go/pkg/set"
|
||||||
|
|
||||||
|
// ConditionKeyMap - map of policy condition key and value.
|
||||||
|
type ConditionKeyMap map[string]set.StringSet
|
||||||
|
|
||||||
|
// Add - adds key and value. The value is appended If key already exists.
|
||||||
|
func (ckm ConditionKeyMap) Add(key string, value set.StringSet) {
|
||||||
|
if v, ok := ckm[key]; ok {
|
||||||
|
ckm[key] = v.Union(value)
|
||||||
|
} else {
|
||||||
|
ckm[key] = set.CopyStringSet(value)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Remove - removes value of given key. If key has empty after removal, the key is also removed.
|
||||||
|
func (ckm ConditionKeyMap) Remove(key string, value set.StringSet) {
|
||||||
|
if v, ok := ckm[key]; ok {
|
||||||
|
if value != nil {
|
||||||
|
ckm[key] = v.Difference(value)
|
||||||
|
}
|
||||||
|
|
||||||
|
if ckm[key].IsEmpty() {
|
||||||
|
delete(ckm, key)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// RemoveKey - removes key and its value.
|
||||||
|
func (ckm ConditionKeyMap) RemoveKey(key string) {
|
||||||
|
if _, ok := ckm[key]; ok {
|
||||||
|
delete(ckm, key)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// CopyConditionKeyMap - returns new copy of given ConditionKeyMap.
|
||||||
|
func CopyConditionKeyMap(condKeyMap ConditionKeyMap) ConditionKeyMap {
|
||||||
|
out := make(ConditionKeyMap)
|
||||||
|
|
||||||
|
for k, v := range condKeyMap {
|
||||||
|
out[k] = set.CopyStringSet(v)
|
||||||
|
}
|
||||||
|
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
|
// mergeConditionKeyMap - returns a new ConditionKeyMap which contains merged key/value of given two ConditionKeyMap.
|
||||||
|
func mergeConditionKeyMap(condKeyMap1 ConditionKeyMap, condKeyMap2 ConditionKeyMap) ConditionKeyMap {
|
||||||
|
out := CopyConditionKeyMap(condKeyMap1)
|
||||||
|
|
||||||
|
for k, v := range condKeyMap2 {
|
||||||
|
if ev, ok := out[k]; ok {
|
||||||
|
out[k] = ev.Union(v)
|
||||||
|
} else {
|
||||||
|
out[k] = set.CopyStringSet(v)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
|
// ConditionMap - map of condition and conditional values.
|
||||||
|
type ConditionMap map[string]ConditionKeyMap
|
||||||
|
|
||||||
|
// Add - adds condition key and condition value. The value is appended if key already exists.
|
||||||
|
func (cond ConditionMap) Add(condKey string, condKeyMap ConditionKeyMap) {
|
||||||
|
if v, ok := cond[condKey]; ok {
|
||||||
|
cond[condKey] = mergeConditionKeyMap(v, condKeyMap)
|
||||||
|
} else {
|
||||||
|
cond[condKey] = CopyConditionKeyMap(condKeyMap)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Remove - removes condition key and its value.
|
||||||
|
func (cond ConditionMap) Remove(condKey string) {
|
||||||
|
if _, ok := cond[condKey]; ok {
|
||||||
|
delete(cond, condKey)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// mergeConditionMap - returns new ConditionMap which contains merged key/value of two ConditionMap.
|
||||||
|
func mergeConditionMap(condMap1 ConditionMap, condMap2 ConditionMap) ConditionMap {
|
||||||
|
out := make(ConditionMap)
|
||||||
|
|
||||||
|
for k, v := range condMap1 {
|
||||||
|
out[k] = CopyConditionKeyMap(v)
|
||||||
|
}
|
||||||
|
|
||||||
|
for k, v := range condMap2 {
|
||||||
|
if ev, ok := out[k]; ok {
|
||||||
|
out[k] = mergeConditionKeyMap(ev, v)
|
||||||
|
} else {
|
||||||
|
out[k] = CopyConditionKeyMap(v)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return out
|
||||||
|
}
|
608
vendor/github.com/minio/minio-go/pkg/policy/bucket-policy.go
generated
vendored
Normal file
608
vendor/github.com/minio/minio-go/pkg/policy/bucket-policy.go
generated
vendored
Normal file
@ -0,0 +1,608 @@
|
|||||||
|
/*
|
||||||
|
* Minio Go Library for Amazon S3 Compatible Cloud Storage (C) 2015 Minio, Inc.
|
||||||
|
*
|
||||||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
* you may not use this file except in compliance with the License.
|
||||||
|
* You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package policy
|
||||||
|
|
||||||
|
import (
|
||||||
|
"reflect"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"github.com/minio/minio-go/pkg/set"
|
||||||
|
)
|
||||||
|
|
||||||
|
// BucketPolicy - Bucket level policy.
|
||||||
|
type BucketPolicy string
|
||||||
|
|
||||||
|
// Different types of Policies currently supported for buckets.
|
||||||
|
const (
|
||||||
|
BucketPolicyNone BucketPolicy = "none"
|
||||||
|
BucketPolicyReadOnly = "readonly"
|
||||||
|
BucketPolicyReadWrite = "readwrite"
|
||||||
|
BucketPolicyWriteOnly = "writeonly"
|
||||||
|
)
|
||||||
|
|
||||||
|
// isValidBucketPolicy - Is provided policy value supported.
|
||||||
|
func (p BucketPolicy) IsValidBucketPolicy() bool {
|
||||||
|
switch p {
|
||||||
|
case BucketPolicyNone, BucketPolicyReadOnly, BucketPolicyReadWrite, BucketPolicyWriteOnly:
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
// Resource prefix for all aws resources.
|
||||||
|
const awsResourcePrefix = "arn:aws:s3:::"
|
||||||
|
|
||||||
|
// Common bucket actions for both read and write policies.
|
||||||
|
var commonBucketActions = set.CreateStringSet("s3:GetBucketLocation")
|
||||||
|
|
||||||
|
// Read only bucket actions.
|
||||||
|
var readOnlyBucketActions = set.CreateStringSet("s3:ListBucket")
|
||||||
|
|
||||||
|
// Write only bucket actions.
|
||||||
|
var writeOnlyBucketActions = set.CreateStringSet("s3:ListBucketMultipartUploads")
|
||||||
|
|
||||||
|
// Read only object actions.
|
||||||
|
var readOnlyObjectActions = set.CreateStringSet("s3:GetObject")
|
||||||
|
|
||||||
|
// Write only object actions.
|
||||||
|
var writeOnlyObjectActions = set.CreateStringSet("s3:AbortMultipartUpload", "s3:DeleteObject", "s3:ListMultipartUploadParts", "s3:PutObject")
|
||||||
|
|
||||||
|
// Read and write object actions.
|
||||||
|
var readWriteObjectActions = readOnlyObjectActions.Union(writeOnlyObjectActions)
|
||||||
|
|
||||||
|
// All valid bucket and object actions.
|
||||||
|
var validActions = commonBucketActions.
|
||||||
|
Union(readOnlyBucketActions).
|
||||||
|
Union(writeOnlyBucketActions).
|
||||||
|
Union(readOnlyObjectActions).
|
||||||
|
Union(writeOnlyObjectActions)
|
||||||
|
|
||||||
|
var startsWithFunc = func(resource string, resourcePrefix string) bool {
|
||||||
|
return strings.HasPrefix(resource, resourcePrefix)
|
||||||
|
}
|
||||||
|
|
||||||
|
// User - canonical users list.
|
||||||
|
type User struct {
|
||||||
|
AWS set.StringSet `json:"AWS,omitempty"`
|
||||||
|
CanonicalUser set.StringSet `json:"CanonicalUser,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// Statement - minio policy statement
|
||||||
|
type Statement struct {
|
||||||
|
Actions set.StringSet `json:"Action"`
|
||||||
|
Conditions ConditionMap `json:"Condition,omitempty"`
|
||||||
|
Effect string
|
||||||
|
Principal User `json:"Principal"`
|
||||||
|
Resources set.StringSet `json:"Resource"`
|
||||||
|
Sid string
|
||||||
|
}
|
||||||
|
|
||||||
|
// BucketAccessPolicy - minio policy collection
|
||||||
|
type BucketAccessPolicy struct {
|
||||||
|
Version string // date in YYYY-MM-DD format
|
||||||
|
Statements []Statement `json:"Statement"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// isValidStatement - returns whether given statement is valid to process for given bucket name.
|
||||||
|
func isValidStatement(statement Statement, bucketName string) bool {
|
||||||
|
if statement.Actions.Intersection(validActions).IsEmpty() {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
if statement.Effect != "Allow" {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
if statement.Principal.AWS == nil || !statement.Principal.AWS.Contains("*") {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
bucketResource := awsResourcePrefix + bucketName
|
||||||
|
if statement.Resources.Contains(bucketResource) {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
if statement.Resources.FuncMatch(startsWithFunc, bucketResource+"/").IsEmpty() {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
|
// Returns new statements with bucket actions for given policy.
|
||||||
|
func newBucketStatement(policy BucketPolicy, bucketName string, prefix string) (statements []Statement) {
|
||||||
|
statements = []Statement{}
|
||||||
|
if policy == BucketPolicyNone || bucketName == "" {
|
||||||
|
return statements
|
||||||
|
}
|
||||||
|
|
||||||
|
bucketResource := set.CreateStringSet(awsResourcePrefix + bucketName)
|
||||||
|
|
||||||
|
statement := Statement{
|
||||||
|
Actions: commonBucketActions,
|
||||||
|
Effect: "Allow",
|
||||||
|
Principal: User{AWS: set.CreateStringSet("*")},
|
||||||
|
Resources: bucketResource,
|
||||||
|
Sid: "",
|
||||||
|
}
|
||||||
|
statements = append(statements, statement)
|
||||||
|
|
||||||
|
if policy == BucketPolicyReadOnly || policy == BucketPolicyReadWrite {
|
||||||
|
statement = Statement{
|
||||||
|
Actions: readOnlyBucketActions,
|
||||||
|
Effect: "Allow",
|
||||||
|
Principal: User{AWS: set.CreateStringSet("*")},
|
||||||
|
Resources: bucketResource,
|
||||||
|
Sid: "",
|
||||||
|
}
|
||||||
|
if prefix != "" {
|
||||||
|
condKeyMap := make(ConditionKeyMap)
|
||||||
|
condKeyMap.Add("s3:prefix", set.CreateStringSet(prefix))
|
||||||
|
condMap := make(ConditionMap)
|
||||||
|
condMap.Add("StringEquals", condKeyMap)
|
||||||
|
statement.Conditions = condMap
|
||||||
|
}
|
||||||
|
statements = append(statements, statement)
|
||||||
|
}
|
||||||
|
|
||||||
|
if policy == BucketPolicyWriteOnly || policy == BucketPolicyReadWrite {
|
||||||
|
statement = Statement{
|
||||||
|
Actions: writeOnlyBucketActions,
|
||||||
|
Effect: "Allow",
|
||||||
|
Principal: User{AWS: set.CreateStringSet("*")},
|
||||||
|
Resources: bucketResource,
|
||||||
|
Sid: "",
|
||||||
|
}
|
||||||
|
statements = append(statements, statement)
|
||||||
|
}
|
||||||
|
|
||||||
|
return statements
|
||||||
|
}
|
||||||
|
|
||||||
|
// Returns new statements contains object actions for given policy.
|
||||||
|
func newObjectStatement(policy BucketPolicy, bucketName string, prefix string) (statements []Statement) {
|
||||||
|
statements = []Statement{}
|
||||||
|
if policy == BucketPolicyNone || bucketName == "" {
|
||||||
|
return statements
|
||||||
|
}
|
||||||
|
|
||||||
|
statement := Statement{
|
||||||
|
Effect: "Allow",
|
||||||
|
Principal: User{AWS: set.CreateStringSet("*")},
|
||||||
|
Resources: set.CreateStringSet(awsResourcePrefix + bucketName + "/" + prefix + "*"),
|
||||||
|
Sid: "",
|
||||||
|
}
|
||||||
|
|
||||||
|
if policy == BucketPolicyReadOnly {
|
||||||
|
statement.Actions = readOnlyObjectActions
|
||||||
|
} else if policy == BucketPolicyWriteOnly {
|
||||||
|
statement.Actions = writeOnlyObjectActions
|
||||||
|
} else if policy == BucketPolicyReadWrite {
|
||||||
|
statement.Actions = readWriteObjectActions
|
||||||
|
}
|
||||||
|
|
||||||
|
statements = append(statements, statement)
|
||||||
|
return statements
|
||||||
|
}
|
||||||
|
|
||||||
|
// Returns new statements for given policy, bucket and prefix.
|
||||||
|
func newStatements(policy BucketPolicy, bucketName string, prefix string) (statements []Statement) {
|
||||||
|
statements = []Statement{}
|
||||||
|
ns := newBucketStatement(policy, bucketName, prefix)
|
||||||
|
statements = append(statements, ns...)
|
||||||
|
|
||||||
|
ns = newObjectStatement(policy, bucketName, prefix)
|
||||||
|
statements = append(statements, ns...)
|
||||||
|
|
||||||
|
return statements
|
||||||
|
}
|
||||||
|
|
||||||
|
// Returns whether given bucket statements are used by other than given prefix statements.
|
||||||
|
func getInUsePolicy(statements []Statement, bucketName string, prefix string) (readOnlyInUse, writeOnlyInUse bool) {
|
||||||
|
resourcePrefix := awsResourcePrefix + bucketName + "/"
|
||||||
|
objectResource := awsResourcePrefix + bucketName + "/" + prefix + "*"
|
||||||
|
|
||||||
|
for _, s := range statements {
|
||||||
|
if !s.Resources.Contains(objectResource) && !s.Resources.FuncMatch(startsWithFunc, resourcePrefix).IsEmpty() {
|
||||||
|
if s.Actions.Intersection(readOnlyObjectActions).Equals(readOnlyObjectActions) {
|
||||||
|
readOnlyInUse = true
|
||||||
|
}
|
||||||
|
|
||||||
|
if s.Actions.Intersection(writeOnlyObjectActions).Equals(writeOnlyObjectActions) {
|
||||||
|
writeOnlyInUse = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if readOnlyInUse && writeOnlyInUse {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return readOnlyInUse, writeOnlyInUse
|
||||||
|
}
|
||||||
|
|
||||||
|
// Removes object actions in given statement.
|
||||||
|
func removeObjectActions(statement Statement, objectResource string) Statement {
|
||||||
|
if statement.Conditions == nil {
|
||||||
|
if len(statement.Resources) > 1 {
|
||||||
|
statement.Resources.Remove(objectResource)
|
||||||
|
} else {
|
||||||
|
statement.Actions = statement.Actions.Difference(readOnlyObjectActions)
|
||||||
|
statement.Actions = statement.Actions.Difference(writeOnlyObjectActions)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return statement
|
||||||
|
}
|
||||||
|
|
||||||
|
// Removes bucket actions for given policy in given statement.
|
||||||
|
func removeBucketActions(statement Statement, prefix string, bucketResource string, readOnlyInUse, writeOnlyInUse bool) Statement {
|
||||||
|
removeReadOnly := func() {
|
||||||
|
if !statement.Actions.Intersection(readOnlyBucketActions).Equals(readOnlyBucketActions) {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if statement.Conditions == nil {
|
||||||
|
statement.Actions = statement.Actions.Difference(readOnlyBucketActions)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if prefix != "" {
|
||||||
|
stringEqualsValue := statement.Conditions["StringEquals"]
|
||||||
|
values := set.NewStringSet()
|
||||||
|
if stringEqualsValue != nil {
|
||||||
|
values = stringEqualsValue["s3:prefix"]
|
||||||
|
if values == nil {
|
||||||
|
values = set.NewStringSet()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
values.Remove(prefix)
|
||||||
|
|
||||||
|
if stringEqualsValue != nil {
|
||||||
|
if values.IsEmpty() {
|
||||||
|
delete(stringEqualsValue, "s3:prefix")
|
||||||
|
}
|
||||||
|
if len(stringEqualsValue) == 0 {
|
||||||
|
delete(statement.Conditions, "StringEquals")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(statement.Conditions) == 0 {
|
||||||
|
statement.Conditions = nil
|
||||||
|
statement.Actions = statement.Actions.Difference(readOnlyBucketActions)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
removeWriteOnly := func() {
|
||||||
|
if statement.Conditions == nil {
|
||||||
|
statement.Actions = statement.Actions.Difference(writeOnlyBucketActions)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(statement.Resources) > 1 {
|
||||||
|
statement.Resources.Remove(bucketResource)
|
||||||
|
} else {
|
||||||
|
if !readOnlyInUse {
|
||||||
|
removeReadOnly()
|
||||||
|
}
|
||||||
|
|
||||||
|
if !writeOnlyInUse {
|
||||||
|
removeWriteOnly()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return statement
|
||||||
|
}
|
||||||
|
|
||||||
|
// Returns statements containing removed actions/statements for given
|
||||||
|
// policy, bucket name and prefix.
|
||||||
|
func removeStatements(statements []Statement, bucketName string, prefix string) []Statement {
|
||||||
|
bucketResource := awsResourcePrefix + bucketName
|
||||||
|
objectResource := awsResourcePrefix + bucketName + "/" + prefix + "*"
|
||||||
|
readOnlyInUse, writeOnlyInUse := getInUsePolicy(statements, bucketName, prefix)
|
||||||
|
|
||||||
|
out := []Statement{}
|
||||||
|
readOnlyBucketStatements := []Statement{}
|
||||||
|
s3PrefixValues := set.NewStringSet()
|
||||||
|
|
||||||
|
for _, statement := range statements {
|
||||||
|
if !isValidStatement(statement, bucketName) {
|
||||||
|
out = append(out, statement)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
if statement.Resources.Contains(bucketResource) {
|
||||||
|
if statement.Conditions != nil {
|
||||||
|
statement = removeBucketActions(statement, prefix, bucketResource, false, false)
|
||||||
|
} else {
|
||||||
|
statement = removeBucketActions(statement, prefix, bucketResource, readOnlyInUse, writeOnlyInUse)
|
||||||
|
}
|
||||||
|
} else if statement.Resources.Contains(objectResource) {
|
||||||
|
statement = removeObjectActions(statement, objectResource)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !statement.Actions.IsEmpty() {
|
||||||
|
if statement.Resources.Contains(bucketResource) &&
|
||||||
|
statement.Actions.Intersection(readOnlyBucketActions).Equals(readOnlyBucketActions) &&
|
||||||
|
statement.Effect == "Allow" &&
|
||||||
|
statement.Principal.AWS.Contains("*") {
|
||||||
|
|
||||||
|
if statement.Conditions != nil {
|
||||||
|
stringEqualsValue := statement.Conditions["StringEquals"]
|
||||||
|
values := set.NewStringSet()
|
||||||
|
if stringEqualsValue != nil {
|
||||||
|
values = stringEqualsValue["s3:prefix"]
|
||||||
|
if values == nil {
|
||||||
|
values = set.NewStringSet()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
s3PrefixValues = s3PrefixValues.Union(values.ApplyFunc(func(v string) string {
|
||||||
|
return bucketResource + "/" + v + "*"
|
||||||
|
}))
|
||||||
|
} else if !s3PrefixValues.IsEmpty() {
|
||||||
|
readOnlyBucketStatements = append(readOnlyBucketStatements, statement)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
}
|
||||||
|
out = append(out, statement)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
skipBucketStatement := true
|
||||||
|
resourcePrefix := awsResourcePrefix + bucketName + "/"
|
||||||
|
for _, statement := range out {
|
||||||
|
if !statement.Resources.FuncMatch(startsWithFunc, resourcePrefix).IsEmpty() &&
|
||||||
|
s3PrefixValues.Intersection(statement.Resources).IsEmpty() {
|
||||||
|
skipBucketStatement = false
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, statement := range readOnlyBucketStatements {
|
||||||
|
if skipBucketStatement &&
|
||||||
|
statement.Resources.Contains(bucketResource) &&
|
||||||
|
statement.Effect == "Allow" &&
|
||||||
|
statement.Principal.AWS.Contains("*") &&
|
||||||
|
statement.Conditions == nil {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
out = append(out, statement)
|
||||||
|
}
|
||||||
|
|
||||||
|
if len(out) == 1 {
|
||||||
|
statement := out[0]
|
||||||
|
if statement.Resources.Contains(bucketResource) &&
|
||||||
|
statement.Actions.Intersection(commonBucketActions).Equals(commonBucketActions) &&
|
||||||
|
statement.Effect == "Allow" &&
|
||||||
|
statement.Principal.AWS.Contains("*") &&
|
||||||
|
statement.Conditions == nil {
|
||||||
|
out = []Statement{}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return out
|
||||||
|
}
|
||||||
|
|
||||||
|
// Appends given statement into statement list to have unique statements.
|
||||||
|
// - If statement already exists in statement list, it ignores.
|
||||||
|
// - If statement exists with different conditions, they are merged.
|
||||||
|
// - Else the statement is appended to statement list.
|
||||||
|
func appendStatement(statements []Statement, statement Statement) []Statement {
|
||||||
|
for i, s := range statements {
|
||||||
|
if s.Actions.Equals(statement.Actions) &&
|
||||||
|
s.Effect == statement.Effect &&
|
||||||
|
s.Principal.AWS.Equals(statement.Principal.AWS) &&
|
||||||
|
reflect.DeepEqual(s.Conditions, statement.Conditions) {
|
||||||
|
statements[i].Resources = s.Resources.Union(statement.Resources)
|
||||||
|
return statements
|
||||||
|
} else if s.Resources.Equals(statement.Resources) &&
|
||||||
|
s.Effect == statement.Effect &&
|
||||||
|
s.Principal.AWS.Equals(statement.Principal.AWS) &&
|
||||||
|
reflect.DeepEqual(s.Conditions, statement.Conditions) {
|
||||||
|
statements[i].Actions = s.Actions.Union(statement.Actions)
|
||||||
|
return statements
|
||||||
|
}
|
||||||
|
|
||||||
|
if s.Resources.Intersection(statement.Resources).Equals(statement.Resources) &&
|
||||||
|
s.Actions.Intersection(statement.Actions).Equals(statement.Actions) &&
|
||||||
|
s.Effect == statement.Effect &&
|
||||||
|
s.Principal.AWS.Intersection(statement.Principal.AWS).Equals(statement.Principal.AWS) {
|
||||||
|
if reflect.DeepEqual(s.Conditions, statement.Conditions) {
|
||||||
|
return statements
|
||||||
|
}
|
||||||
|
if s.Conditions != nil && statement.Conditions != nil {
|
||||||
|
if s.Resources.Equals(statement.Resources) {
|
||||||
|
statements[i].Conditions = mergeConditionMap(s.Conditions, statement.Conditions)
|
||||||
|
return statements
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if !(statement.Actions.IsEmpty() && statement.Resources.IsEmpty()) {
|
||||||
|
return append(statements, statement)
|
||||||
|
}
|
||||||
|
|
||||||
|
return statements
|
||||||
|
}
|
||||||
|
|
||||||
|
// Appends two statement lists.
|
||||||
|
func appendStatements(statements []Statement, appendStatements []Statement) []Statement {
|
||||||
|
for _, s := range appendStatements {
|
||||||
|
statements = appendStatement(statements, s)
|
||||||
|
}
|
||||||
|
|
||||||
|
return statements
|
||||||
|
}
|
||||||
|
|
||||||
|
// Returns policy of given bucket statement.
|
||||||
|
func getBucketPolicy(statement Statement, prefix string) (commonFound, readOnly, writeOnly bool) {
|
||||||
|
if !(statement.Effect == "Allow" && statement.Principal.AWS.Contains("*")) {
|
||||||
|
return commonFound, readOnly, writeOnly
|
||||||
|
}
|
||||||
|
|
||||||
|
if statement.Actions.Intersection(commonBucketActions).Equals(commonBucketActions) &&
|
||||||
|
statement.Conditions == nil {
|
||||||
|
commonFound = true
|
||||||
|
}
|
||||||
|
|
||||||
|
if statement.Actions.Intersection(writeOnlyBucketActions).Equals(writeOnlyBucketActions) &&
|
||||||
|
statement.Conditions == nil {
|
||||||
|
writeOnly = true
|
||||||
|
}
|
||||||
|
|
||||||
|
if statement.Actions.Intersection(readOnlyBucketActions).Equals(readOnlyBucketActions) {
|
||||||
|
if prefix != "" && statement.Conditions != nil {
|
||||||
|
if stringEqualsValue, ok := statement.Conditions["StringEquals"]; ok {
|
||||||
|
if s3PrefixValues, ok := stringEqualsValue["s3:prefix"]; ok {
|
||||||
|
if s3PrefixValues.Contains(prefix) {
|
||||||
|
readOnly = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else if stringNotEqualsValue, ok := statement.Conditions["StringNotEquals"]; ok {
|
||||||
|
if s3PrefixValues, ok := stringNotEqualsValue["s3:prefix"]; ok {
|
||||||
|
if !s3PrefixValues.Contains(prefix) {
|
||||||
|
readOnly = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else if prefix == "" && statement.Conditions == nil {
|
||||||
|
readOnly = true
|
||||||
|
} else if prefix != "" && statement.Conditions == nil {
|
||||||
|
readOnly = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return commonFound, readOnly, writeOnly
|
||||||
|
}
|
||||||
|
|
||||||
|
// Returns policy of given object statement.
|
||||||
|
func getObjectPolicy(statement Statement) (readOnly bool, writeOnly bool) {
|
||||||
|
if statement.Effect == "Allow" &&
|
||||||
|
statement.Principal.AWS.Contains("*") &&
|
||||||
|
statement.Conditions == nil {
|
||||||
|
if statement.Actions.Intersection(readOnlyObjectActions).Equals(readOnlyObjectActions) {
|
||||||
|
readOnly = true
|
||||||
|
}
|
||||||
|
if statement.Actions.Intersection(writeOnlyObjectActions).Equals(writeOnlyObjectActions) {
|
||||||
|
writeOnly = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return readOnly, writeOnly
|
||||||
|
}
|
||||||
|
|
||||||
|
// Returns policy of given bucket name, prefix in given statements.
|
||||||
|
func GetPolicy(statements []Statement, bucketName string, prefix string) BucketPolicy {
|
||||||
|
bucketResource := awsResourcePrefix + bucketName
|
||||||
|
objectResource := awsResourcePrefix + bucketName + "/" + prefix + "*"
|
||||||
|
|
||||||
|
bucketCommonFound := false
|
||||||
|
bucketReadOnly := false
|
||||||
|
bucketWriteOnly := false
|
||||||
|
matchedResource := ""
|
||||||
|
objReadOnly := false
|
||||||
|
objWriteOnly := false
|
||||||
|
|
||||||
|
for _, s := range statements {
|
||||||
|
matchedObjResources := set.NewStringSet()
|
||||||
|
if s.Resources.Contains(objectResource) {
|
||||||
|
matchedObjResources.Add(objectResource)
|
||||||
|
} else {
|
||||||
|
matchedObjResources = s.Resources.FuncMatch(resourceMatch, objectResource)
|
||||||
|
}
|
||||||
|
|
||||||
|
if !matchedObjResources.IsEmpty() {
|
||||||
|
readOnly, writeOnly := getObjectPolicy(s)
|
||||||
|
for resource := range matchedObjResources {
|
||||||
|
if len(matchedResource) < len(resource) {
|
||||||
|
objReadOnly = readOnly
|
||||||
|
objWriteOnly = writeOnly
|
||||||
|
matchedResource = resource
|
||||||
|
} else if len(matchedResource) == len(resource) {
|
||||||
|
objReadOnly = objReadOnly || readOnly
|
||||||
|
objWriteOnly = objWriteOnly || writeOnly
|
||||||
|
matchedResource = resource
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else if s.Resources.Contains(bucketResource) {
|
||||||
|
commonFound, readOnly, writeOnly := getBucketPolicy(s, prefix)
|
||||||
|
bucketCommonFound = bucketCommonFound || commonFound
|
||||||
|
bucketReadOnly = bucketReadOnly || readOnly
|
||||||
|
bucketWriteOnly = bucketWriteOnly || writeOnly
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
policy := BucketPolicyNone
|
||||||
|
if bucketCommonFound {
|
||||||
|
if bucketReadOnly && bucketWriteOnly && objReadOnly && objWriteOnly {
|
||||||
|
policy = BucketPolicyReadWrite
|
||||||
|
} else if bucketReadOnly && objReadOnly {
|
||||||
|
policy = BucketPolicyReadOnly
|
||||||
|
} else if bucketWriteOnly && objWriteOnly {
|
||||||
|
policy = BucketPolicyWriteOnly
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return policy
|
||||||
|
}
|
||||||
|
|
||||||
|
// Returns new statements containing policy of given bucket name and
|
||||||
|
// prefix are appended.
|
||||||
|
func SetPolicy(statements []Statement, policy BucketPolicy, bucketName string, prefix string) []Statement {
|
||||||
|
out := removeStatements(statements, bucketName, prefix)
|
||||||
|
// fmt.Println("out = ")
|
||||||
|
// printstatement(out)
|
||||||
|
ns := newStatements(policy, bucketName, prefix)
|
||||||
|
// fmt.Println("ns = ")
|
||||||
|
// printstatement(ns)
|
||||||
|
|
||||||
|
rv := appendStatements(out, ns)
|
||||||
|
// fmt.Println("rv = ")
|
||||||
|
// printstatement(rv)
|
||||||
|
|
||||||
|
return rv
|
||||||
|
}
|
||||||
|
|
||||||
|
// Match function matches wild cards in 'pattern' for resource.
|
||||||
|
func resourceMatch(pattern, resource string) bool {
|
||||||
|
if pattern == "" {
|
||||||
|
return resource == pattern
|
||||||
|
}
|
||||||
|
if pattern == "*" {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
parts := strings.Split(pattern, "*")
|
||||||
|
if len(parts) == 1 {
|
||||||
|
return resource == pattern
|
||||||
|
}
|
||||||
|
tGlob := strings.HasSuffix(pattern, "*")
|
||||||
|
end := len(parts) - 1
|
||||||
|
if !strings.HasPrefix(resource, parts[0]) {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
for i := 1; i < end; i++ {
|
||||||
|
if !strings.Contains(resource, parts[i]) {
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
idx := strings.Index(resource, parts[i]) + len(parts[i])
|
||||||
|
resource = resource[idx:]
|
||||||
|
}
|
||||||
|
return tGlob || strings.HasSuffix(resource, parts[end])
|
||||||
|
}
|
6
vendor/vendor.json
vendored
6
vendor/vendor.json
vendored
@ -107,6 +107,12 @@
|
|||||||
"revision": "db6b4f13442b26995f04b3b2b31b006cae7786e6",
|
"revision": "db6b4f13442b26995f04b3b2b31b006cae7786e6",
|
||||||
"revisionTime": "2016-02-29T08:42:30-08:00"
|
"revisionTime": "2016-02-29T08:42:30-08:00"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"checksumSHA1": "0OZaeJPgMlA2Txn+1yeAIwEpJvM=",
|
||||||
|
"path": "github.com/minio/minio-go/pkg/policy",
|
||||||
|
"revision": "a2e27c84cd20b86cd781b76639781d6366235d0c",
|
||||||
|
"revisionTime": "2016-08-23T00:31:21Z"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"checksumSHA1": "A8QOw1aWwc+RtjGozY0XeS5varo=",
|
"checksumSHA1": "A8QOw1aWwc+RtjGozY0XeS5varo=",
|
||||||
"path": "github.com/minio/minio-go/pkg/set",
|
"path": "github.com/minio/minio-go/pkg/set",
|
||||||
|
Loading…
Reference in New Issue
Block a user