load bucket policies using object layer API (#6084)

This PR fixes an issue during gateway mode
where underlying policies were not translated
into meaningful policies.

cmd/fs-v1.go

@@ -1215,7 +1215,7 @@ func (fs *FSObjects) SetBucketPolicy(ctx context.Context, bucket string, policy
 
 // GetBucketPolicy will get policy on bucket
 func (fs *FSObjects) GetBucketPolicy(ctx context.Context, bucket string) (*policy.Policy, error) {
-	return GetPolicyConfig(fs, bucket)
+	return getPolicyConfig(fs, bucket)
 }
 
 // DeleteBucketPolicy deletes all policies on bucket

cmd/gateway-main.go

@@ -215,6 +215,13 @@ func StartGateway(ctx *cli.Context, gw Gateway) {
 		logger.FatalIf(err, "Unable to initialize gateway backend")
 	}
 
+	if gw.Name() != "nas" {
+		// Initialize policy sys for all gateways. NAS gateway already
+		// initializes policy sys internally, avoid double initialization.
+		// Additionally also don't block the initialization of gateway.
+		go globalPolicySys.Init(newObject)
+	}
+
 	// Once endpoints are finalized, initialize the new object api.
 	globalObjLayerMutex.Lock()
 	globalObjectAPI = newObject

cmd/gateway/nas/gateway-nas.go

@@ -17,12 +17,9 @@
 package nas
 
 import (
-	"context"
-
 	"github.com/minio/cli"
 	minio "github.com/minio/minio/cmd"
 	"github.com/minio/minio/pkg/auth"
-	"github.com/minio/minio/pkg/policy"
 )
 
 const (
@@ -128,8 +125,3 @@ type nasObjects struct {
 func (l *nasObjects) IsNotificationSupported() bool {
 	return false
 }
-
-// GetBucketPolicy will get policy on bucket
-func (l *nasObjects) GetBucketPolicy(ctx context.Context, bucket string) (*policy.Policy, error) {
-	return minio.GetPolicyConfig(l, bucket)
-}

cmd/policy.go

@@ -99,7 +99,7 @@ func (sys *PolicySys) refresh(objAPI ObjectLayer) error {
 	}
 	sys.removeDeletedBuckets(buckets)
 	for _, bucket := range buckets {
-		config, err := GetPolicyConfig(objAPI, bucket.Name)
+		config, err := objAPI.GetBucketPolicy(context.Background(), bucket.Name)
 		if err != nil {
 			if _, ok := err.(BucketPolicyNotFound); ok {
 				sys.Remove(bucket.Name)
@@ -187,8 +187,8 @@ func getConditionValues(request *http.Request, locationConstraint string) map[st
 	return args
 }
 
-// GetPolicyConfig - get policy config for given bucket name.
-func GetPolicyConfig(objAPI ObjectLayer, bucketName string) (*policy.Policy, error) {
+// getPolicyConfig - get policy config for given bucket name.
+func getPolicyConfig(objAPI ObjectLayer, bucketName string) (*policy.Policy, error) {
 	// Construct path to policy.json for the given bucket.
 	configFile := path.Join(bucketConfigPrefix, bucketName, bucketPolicyConfig)
 

cmd/xl-sets.go

@@ -476,7 +476,7 @@ func (s *xlSets) SetBucketPolicy(ctx context.Context, bucket string, policy *pol
 
 // GetBucketPolicy will return a policy on a bucket
 func (s *xlSets) GetBucketPolicy(ctx context.Context, bucket string) (*policy.Policy, error) {
-	return GetPolicyConfig(s, bucket)
+	return getPolicyConfig(s, bucket)
 }
 
 // DeleteBucketPolicy deletes all policies on bucket

cmd/xl-v1-bucket.go

@@ -284,7 +284,7 @@ func (xl xlObjects) SetBucketPolicy(ctx context.Context, bucket string, policy *
 
 // GetBucketPolicy will get policy on bucket
 func (xl xlObjects) GetBucketPolicy(ctx context.Context, bucket string) (*policy.Policy, error) {
-	return GetPolicyConfig(xl, bucket)
+	return getPolicyConfig(xl, bucket)
 }
 
 // DeleteBucketPolicy deletes all policies on bucket