mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
web: add method to get all policies for given bucket name. (#2756)
Refer #1858
This commit is contained in:
parent
e375d822da
commit
aa579bbc20
@ -582,6 +582,40 @@ func (web *webAPIHandlers) GetBucketPolicy(r *http.Request, args *GetBucketPolic
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// GetAllBucketPolicyArgs - get all bucket policy args.
|
||||||
|
type GetAllBucketPolicyArgs struct {
|
||||||
|
BucketName string `json:"bucketName"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetAllBucketPolicyRep - get all bucket policy reply.
|
||||||
|
type GetAllBucketPolicyRep struct {
|
||||||
|
UIVersion string `json:"uiVersion"`
|
||||||
|
Policies map[string]policy.BucketPolicy `json:"policies"`
|
||||||
|
}
|
||||||
|
|
||||||
|
// GetAllBucketPolicy - get all bucket policy.
|
||||||
|
func (web *webAPIHandlers) GetAllBucketPolicy(r *http.Request, args *GetAllBucketPolicyArgs, reply *GetAllBucketPolicyRep) error {
|
||||||
|
if !isJWTReqAuthenticated(r) {
|
||||||
|
return &json2.Error{Message: "Unauthorized request"}
|
||||||
|
}
|
||||||
|
|
||||||
|
objectAPI := web.ObjectAPI()
|
||||||
|
if objectAPI == nil {
|
||||||
|
return &json2.Error{Message: "Server not initialized"}
|
||||||
|
}
|
||||||
|
policyInfo, err := readBucketAccessPolicy(objectAPI, args.BucketName)
|
||||||
|
if err != nil {
|
||||||
|
return &json2.Error{Message: err.Error()}
|
||||||
|
}
|
||||||
|
|
||||||
|
policies := policy.GetPolicies(policyInfo.Statements, args.BucketName)
|
||||||
|
|
||||||
|
reply.UIVersion = miniobrowser.UIVersion
|
||||||
|
reply.Policies = policies
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// SetBucketPolicyArgs - set bucket policy args.
|
// SetBucketPolicyArgs - set bucket policy args.
|
||||||
type SetBucketPolicyArgs struct {
|
type SetBucketPolicyArgs struct {
|
||||||
BucketName string `json:"bucketName"`
|
BucketName string `json:"bucketName"`
|
||||||
|
@ -22,6 +22,7 @@ import (
|
|||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/http/httptest"
|
"net/http/httptest"
|
||||||
|
"reflect"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
@ -781,6 +782,72 @@ func testWebGetBucketPolicyHandler(obj ObjectLayer, instanceType string, t TestE
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Wrapper for calling GetAllBucketPolicy Handler
|
||||||
|
func TestWebHandlerGetAllBucketPolicyHandler(t *testing.T) {
|
||||||
|
ExecObjectLayerTest(t, testWebGetAllBucketPolicyHandler)
|
||||||
|
}
|
||||||
|
|
||||||
|
// testWebGetAllBucketPolicyHandler - Test GetAllBucketPolicy web handler
|
||||||
|
func testWebGetAllBucketPolicyHandler(obj ObjectLayer, instanceType string, t TestErrHandler) {
|
||||||
|
// Register the API end points with XL/FS object layer.
|
||||||
|
apiRouter := initTestWebRPCEndPoint(obj)
|
||||||
|
// initialize the server and obtain the credentials and root.
|
||||||
|
// credentials are necessary to sign the HTTP request.
|
||||||
|
rootPath, err := newTestConfig("us-east-1")
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("Init Test config failed")
|
||||||
|
}
|
||||||
|
// remove the root folder after the test ends.
|
||||||
|
defer removeAll(rootPath)
|
||||||
|
|
||||||
|
credentials := serverConfig.GetCredential()
|
||||||
|
|
||||||
|
authorization, err := getWebRPCToken(apiRouter, credentials.AccessKeyID, credentials.SecretAccessKey)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal("Cannot authenticate")
|
||||||
|
}
|
||||||
|
|
||||||
|
rec := httptest.NewRecorder()
|
||||||
|
|
||||||
|
bucketName := getRandomBucketName()
|
||||||
|
if err := obj.MakeBucket(bucketName); err != nil {
|
||||||
|
t.Fatal("Unexpected error: ", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
policyDoc := `{"Version":"2012-10-17","Statement":[{"Action":["s3:GetBucketLocation"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::` + bucketName + `"],"Sid":""},{"Action":["s3:ListBucket"],"Condition":{"StringEquals":{"s3:prefix":["hello"]}},"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::` + bucketName + `"],"Sid":""},{"Action":["s3:ListBucketMultipartUploads"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::` + bucketName + `"],"Sid":""},{"Action":["s3:AbortMultipartUpload","s3:DeleteObject","s3:GetObject","s3:ListMultipartUploadParts","s3:PutObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::` + bucketName + `/hello*"],"Sid":""}]}`
|
||||||
|
if err := writeBucketPolicy(bucketName, obj, bytes.NewReader([]byte(policyDoc)), int64(len(policyDoc))); err != nil {
|
||||||
|
t.Fatal("Unexpected error: ", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
testCaseResult1 := make(map[string]policy.BucketPolicy)
|
||||||
|
testCaseResult1[bucketName+"/hello*"] = policy.BucketPolicyReadWrite
|
||||||
|
testCases := []struct {
|
||||||
|
bucketName string
|
||||||
|
expectedResult map[string]policy.BucketPolicy
|
||||||
|
}{
|
||||||
|
{bucketName, testCaseResult1},
|
||||||
|
}
|
||||||
|
|
||||||
|
for i, testCase := range testCases {
|
||||||
|
args := &GetAllBucketPolicyArgs{BucketName: testCase.bucketName}
|
||||||
|
reply := &GetAllBucketPolicyRep{}
|
||||||
|
req, err := newTestWebRPCRequest("Web.GetAllBucketPolicy", authorization, args)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("Test %d: Failed to create HTTP request: <ERROR> %v", i+1, err)
|
||||||
|
}
|
||||||
|
apiRouter.ServeHTTP(rec, req)
|
||||||
|
if rec.Code != http.StatusOK {
|
||||||
|
t.Fatalf("Test %d: Expected the response status to be 200, but instead found `%d`", i+1, rec.Code)
|
||||||
|
}
|
||||||
|
if err = getTestWebRPCResponse(rec, &reply); err != nil {
|
||||||
|
t.Fatalf("Test %d: Should succeed but it didn't, %v", i+1, err)
|
||||||
|
}
|
||||||
|
if !reflect.DeepEqual(testCase.expectedResult, reply.Policies) {
|
||||||
|
t.Fatalf("Test %d: expected: %v, got: %v", i+1, testCase.expectedResult, reply.Policies)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Wrapper for calling SetBucketPolicy Handler
|
// Wrapper for calling SetBucketPolicy Handler
|
||||||
func TestWebHandlerSetBucketPolicyHandler(t *testing.T) {
|
func TestWebHandlerSetBucketPolicyHandler(t *testing.T) {
|
||||||
ExecObjectLayerTest(t, testWebSetBucketPolicyHandler)
|
ExecObjectLayerTest(t, testWebSetBucketPolicyHandler)
|
||||||
|
27
vendor/github.com/minio/minio-go/pkg/policy/bucket-policy.go
generated
vendored
27
vendor/github.com/minio/minio-go/pkg/policy/bucket-policy.go
generated
vendored
@ -563,6 +563,33 @@ func GetPolicy(statements []Statement, bucketName string, prefix string) BucketP
|
|||||||
return policy
|
return policy
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// GetPolicies returns a map of policies rules of given bucket name, prefix in given statements.
|
||||||
|
func GetPolicies(statements []Statement, bucketName string) map[string]BucketPolicy {
|
||||||
|
policyRules := map[string]BucketPolicy{}
|
||||||
|
objResources := set.NewStringSet()
|
||||||
|
// Search all resources related to objects policy
|
||||||
|
for _, s := range statements {
|
||||||
|
for r := range s.Resources {
|
||||||
|
if strings.HasPrefix(r, awsResourcePrefix+bucketName+"/") {
|
||||||
|
objResources.Add(r)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// Pretend that policy resource as an actual object and fetch its policy
|
||||||
|
for r := range objResources {
|
||||||
|
// Put trailing * if exists in asterisk
|
||||||
|
asterisk := ""
|
||||||
|
if strings.HasSuffix(r, "*") {
|
||||||
|
r = r[:len(r)-1]
|
||||||
|
asterisk = "*"
|
||||||
|
}
|
||||||
|
objectPath := r[len(awsResourcePrefix+bucketName)+1 : len(r)]
|
||||||
|
p := GetPolicy(statements, bucketName, objectPath)
|
||||||
|
policyRules[bucketName+"/"+objectPath+asterisk] = p
|
||||||
|
}
|
||||||
|
return policyRules
|
||||||
|
}
|
||||||
|
|
||||||
// Returns new statements containing policy of given bucket name and
|
// Returns new statements containing policy of given bucket name and
|
||||||
// prefix are appended.
|
// prefix are appended.
|
||||||
func SetPolicy(statements []Statement, policy BucketPolicy, bucketName string, prefix string) []Statement {
|
func SetPolicy(statements []Statement, policy BucketPolicy, bucketName string, prefix string) []Statement {
|
||||||
|
6
vendor/vendor.json
vendored
6
vendor/vendor.json
vendored
@ -114,10 +114,10 @@
|
|||||||
"revisionTime": "2016-02-29T08:42:30-08:00"
|
"revisionTime": "2016-02-29T08:42:30-08:00"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"checksumSHA1": "0OZaeJPgMlA2Txn+1yeAIwEpJvM=",
|
"checksumSHA1": "qTxOBp3GVxCC70ykb7Hxg6UgWwA=",
|
||||||
"path": "github.com/minio/minio-go/pkg/policy",
|
"path": "github.com/minio/minio-go/pkg/policy",
|
||||||
"revision": "a2e27c84cd20b86cd781b76639781d6366235d0c",
|
"revision": "40505f5d08c721dfe5a6450fbdef3bcd6567aa97",
|
||||||
"revisionTime": "2016-08-23T00:31:21Z"
|
"revisionTime": "2016-09-04T08:12:15Z"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"checksumSHA1": "A8QOw1aWwc+RtjGozY0XeS5varo=",
|
"checksumSHA1": "A8QOw1aWwc+RtjGozY0XeS5varo=",
|
||||||
|
Loading…
Reference in New Issue
Block a user