web: add method to get all policies for given bucket name. (#2756)

Refer #1858
2025-11-07 12:52:58 -05:00 · 2016-09-22 23:06:45 -07:00
parent e375d822da
commit aa579bbc20
4 changed files with 131 additions and 3 deletions
--- a/cmd/web-handlers.go
+++ b/cmd/web-handlers.go
@@ -582,6 +582,40 @@ func (web *webAPIHandlers) GetBucketPolicy(r *http.Request, args *GetBucketPolic
 	return nil
 }

+// GetAllBucketPolicyArgs - get all bucket policy args.
+type GetAllBucketPolicyArgs struct {
+	BucketName string `json:"bucketName"`
+}
+
+// GetAllBucketPolicyRep - get all bucket policy reply.
+type GetAllBucketPolicyRep struct {
+	UIVersion string                         `json:"uiVersion"`
+	Policies  map[string]policy.BucketPolicy `json:"policies"`
+}
+
+// GetAllBucketPolicy - get all bucket policy.
+func (web *webAPIHandlers) GetAllBucketPolicy(r *http.Request, args *GetAllBucketPolicyArgs, reply *GetAllBucketPolicyRep) error {
+	if !isJWTReqAuthenticated(r) {
+		return &json2.Error{Message: "Unauthorized request"}
+	}
+
+	objectAPI := web.ObjectAPI()
+	if objectAPI == nil {
+		return &json2.Error{Message: "Server not initialized"}
+	}
+	policyInfo, err := readBucketAccessPolicy(objectAPI, args.BucketName)
+	if err != nil {
+		return &json2.Error{Message: err.Error()}
+	}
+
+	policies := policy.GetPolicies(policyInfo.Statements, args.BucketName)
+
+	reply.UIVersion = miniobrowser.UIVersion
+	reply.Policies = policies
+
+	return nil
+}
+
 // SetBucketPolicyArgs - set bucket policy args.
 type SetBucketPolicyArgs struct {
 	BucketName string `json:"bucketName"`
--- a/cmd/web-handlers_test.go
+++ b/cmd/web-handlers_test.go
@@ -22,6 +22,7 @@ import (
 	"io/ioutil"
 	"net/http"
 	"net/http/httptest"
+	"reflect"
 	"strconv"
 	"strings"
 	"testing"
@@ -781,6 +782,72 @@ func testWebGetBucketPolicyHandler(obj ObjectLayer, instanceType string, t TestE
 	}
 }

+// Wrapper for calling GetAllBucketPolicy Handler
+func TestWebHandlerGetAllBucketPolicyHandler(t *testing.T) {
+	ExecObjectLayerTest(t, testWebGetAllBucketPolicyHandler)
+}
+
+// testWebGetAllBucketPolicyHandler - Test GetAllBucketPolicy web handler
+func testWebGetAllBucketPolicyHandler(obj ObjectLayer, instanceType string, t TestErrHandler) {
+	// Register the API end points with XL/FS object layer.
+	apiRouter := initTestWebRPCEndPoint(obj)
+	// initialize the server and obtain the credentials and root.
+	// credentials are necessary to sign the HTTP request.
+	rootPath, err := newTestConfig("us-east-1")
+	if err != nil {
+		t.Fatalf("Init Test config failed")
+	}
+	// remove the root folder after the test ends.
+	defer removeAll(rootPath)
+
+	credentials := serverConfig.GetCredential()
+
+	authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
+	if err != nil {
+		t.Fatal("Cannot authenticate")
+	}
+
+	rec := httptest.NewRecorder()
+
+	bucketName := getRandomBucketName()
+	if err := obj.MakeBucket(bucketName); err != nil {
+		t.Fatal("Unexpected error: ", err)
+	}
+
+	policyDoc := `{"Version":"2012-10-17","Statement":[{"Action":["s3:GetBucketLocation"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::` + bucketName + `"],"Sid":""},{"Action":["s3:ListBucket"],"Condition":{"StringEquals":{"s3:prefix":["hello"]}},"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::` + bucketName + `"],"Sid":""},{"Action":["s3:ListBucketMultipartUploads"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::` + bucketName + `"],"Sid":""},{"Action":["s3:AbortMultipartUpload","s3:DeleteObject","s3:GetObject","s3:ListMultipartUploadParts","s3:PutObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::` + bucketName + `/hello*"],"Sid":""}]}`
+	if err := writeBucketPolicy(bucketName, obj, bytes.NewReader([]byte(policyDoc)), int64(len(policyDoc))); err != nil {
+		t.Fatal("Unexpected error: ", err)
+	}
+
+	testCaseResult1 := make(map[string]policy.BucketPolicy)
+	testCaseResult1[bucketName+"/hello*"] = policy.BucketPolicyReadWrite
+	testCases := []struct {
+		bucketName     string
+		expectedResult map[string]policy.BucketPolicy
+	}{
+		{bucketName, testCaseResult1},
+	}
+
+	for i, testCase := range testCases {
+		args := &GetAllBucketPolicyArgs{BucketName: testCase.bucketName}
+		reply := &GetAllBucketPolicyRep{}
+		req, err := newTestWebRPCRequest("Web.GetAllBucketPolicy", authorization, args)
+		if err != nil {
+			t.Fatalf("Test %d: Failed to create HTTP request: <ERROR> %v", i+1, err)
+		}
+		apiRouter.ServeHTTP(rec, req)
+		if rec.Code != http.StatusOK {
+			t.Fatalf("Test %d: Expected the response status to be 200, but instead found `%d`", i+1, rec.Code)
+		}
+		if err = getTestWebRPCResponse(rec, &reply); err != nil {
+			t.Fatalf("Test %d: Should succeed but it didn't, %v", i+1, err)
+		}
+		if !reflect.DeepEqual(testCase.expectedResult, reply.Policies) {
+			t.Fatalf("Test %d: expected: %v, got: %v", i+1, testCase.expectedResult, reply.Policies)
+		}
+	}
+}
+
 // Wrapper for calling SetBucketPolicy Handler
 func TestWebHandlerSetBucketPolicyHandler(t *testing.T) {
 	ExecObjectLayerTest(t, testWebSetBucketPolicyHandler)