load bucket policies using object layer API (#6084)

This PR fixes an issue during gateway mode where underlying policies were not translated into meaningful policies.
2018-06-26 23:59:48 -07:00 · 2018-06-26 23:59:48 -07:00 · abf209b1dd
parent d9d13c898c
commit abf209b1dd
6 changed files with 13 additions and 14 deletions
--- a/cmd/fs-v1.go
+++ b/cmd/fs-v1.go
@ -1215,7 +1215,7 @@ func (fs *FSObjects) SetBucketPolicy(ctx context.Context, bucket string, policy
 // GetBucketPolicy will get policy on bucket
 func (fs *FSObjects) GetBucketPolicy(ctx context.Context, bucket string) (*policy.Policy, error) {
-	return GetPolicyConfig(fs, bucket)
+	return getPolicyConfig(fs, bucket)
 }
 // DeleteBucketPolicy deletes all policies on bucket
--- a/cmd/gateway-main.go
+++ b/cmd/gateway-main.go
@ -215,6 +215,13 @@ func StartGateway(ctx *cli.Context, gw Gateway) {
 		logger.FatalIf(err, "Unable to initialize gateway backend")
 	}
 	if gw.Name() != "nas" {
 		// Initialize policy sys for all gateways. NAS gateway already
 		// initializes policy sys internally, avoid double initialization.
 		// Additionally also don't block the initialization of gateway.
 		go globalPolicySys.Init(newObject)
 	}
 	// Once endpoints are finalized, initialize the new object api.
 	globalObjLayerMutex.Lock()
 	globalObjectAPI = newObject
--- a/cmd/gateway/nas/gateway-nas.go
+++ b/cmd/gateway/nas/gateway-nas.go
@ -17,12 +17,9 @@
 package nas
 import (
 	"context"
 	"github.com/minio/cli"
 	minio "github.com/minio/minio/cmd"
 	"github.com/minio/minio/pkg/auth"
 	"github.com/minio/minio/pkg/policy"
 )
 const (
@ -128,8 +125,3 @@ type nasObjects struct {
 func (l *nasObjects) IsNotificationSupported() bool {
 	return false
 }
 // GetBucketPolicy will get policy on bucket
 func (l *nasObjects) GetBucketPolicy(ctx context.Context, bucket string) (*policy.Policy, error) {
 	return minio.GetPolicyConfig(l, bucket)
 }
--- a/cmd/policy.go
+++ b/cmd/policy.go
@ -99,7 +99,7 @@ func (sys *PolicySys) refresh(objAPI ObjectLayer) error {
 	}
 	sys.removeDeletedBuckets(buckets)
 	for _, bucket := range buckets {
-		config, err := GetPolicyConfig(objAPI, bucket.Name)
+		config, err := objAPI.GetBucketPolicy(context.Background(), bucket.Name)
 		if err != nil {
 			if _, ok := err.(BucketPolicyNotFound); ok {
 				sys.Remove(bucket.Name)
@ -187,8 +187,8 @@ func getConditionValues(request *http.Request, locationConstraint string) map[st
 	return args
 }
-// GetPolicyConfig - get policy config for given bucket name.
+// getPolicyConfig - get policy config for given bucket name.
-func GetPolicyConfig(objAPI ObjectLayer, bucketName string) (*policy.Policy, error) {
+func getPolicyConfig(objAPI ObjectLayer, bucketName string) (*policy.Policy, error) {
 	// Construct path to policy.json for the given bucket.
 	configFile := path.Join(bucketConfigPrefix, bucketName, bucketPolicyConfig)
--- a/cmd/xl-sets.go
+++ b/cmd/xl-sets.go
@ -476,7 +476,7 @@ func (s *xlSets) SetBucketPolicy(ctx context.Context, bucket string, policy *pol
 // GetBucketPolicy will return a policy on a bucket
 func (s *xlSets) GetBucketPolicy(ctx context.Context, bucket string) (*policy.Policy, error) {
-	return GetPolicyConfig(s, bucket)
+	return getPolicyConfig(s, bucket)
 }
 // DeleteBucketPolicy deletes all policies on bucket
--- a/cmd/xl-v1-bucket.go
+++ b/cmd/xl-v1-bucket.go
@ -284,7 +284,7 @@ func (xl xlObjects) SetBucketPolicy(ctx context.Context, bucket string, policy *
 // GetBucketPolicy will get policy on bucket
 func (xl xlObjects) GetBucketPolicy(ctx context.Context, bucket string) (*policy.Policy, error) {
-	return GetPolicyConfig(xl, bucket)
+	return getPolicyConfig(xl, bucket)
 }
 // DeleteBucketPolicy deletes all policies on bucket