accessPolicy: Implement Put, Get, Delete access policy.

This patch implements Get,Put,Delete bucket policies Supporting - http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html Currently supports following actions. "*": true, "s3:*": true, "s3:GetObject": true, "s3:ListBucket": true, "s3:PutObject": true, "s3:CreateBucket": true, "s3:GetBucketLocation": true, "s3:DeleteBucket": true, "s3:DeleteObject": true, "s3:AbortMultipartUpload": true, "s3:ListBucketMultipartUploads": true, "s3:ListMultipartUploadParts": true, following conditions for "StringEquals" and "StringNotEquals" "s3:prefix", "s3:max-keys"
2025-11-20 18:06:10 -05:00 · 2016-02-03 16:46:56 -08:00
parent 846410c563
commit d5057b3c51
24 changed files with 1107 additions and 755 deletions
--- a/api-errors.go
+++ b/api-errors.go
@@ -42,7 +42,8 @@ type APIErrorResponse struct {

 // Error codes, non exhaustive list - http://docs.aws.amazon.com/AmazonS3/latest/API/ErrorResponses.html
 const (
-	AccessDenied = iota
+	None = iota
+	AccessDenied
 	BadDigest
 	BucketAlreadyExists
 	EntityTooSmall
@@ -60,11 +61,13 @@ const (
 	InvalidRequestBody
 	InvalidCopySource
 	InvalidCopyDest
+	InvalidPolicyDocument
 	MalformedXML
 	MissingContentLength
 	MissingContentMD5
 	MissingRequestBodyError
 	NoSuchBucket
+	NoSuchBucketPolicy
 	NoSuchKey
 	NoSuchUpload
 	NotImplemented
@@ -80,6 +83,7 @@ const (
 	RootPathFull
 	ObjectExistsAsPrefix
 	AllAccessDisabled
+	MalformedPolicy
 )

 // APIError code to Error structure map
@@ -119,6 +123,11 @@ var errorCodeResponse = map[int]APIError{
 		Description:    "Argument partNumberMarker must be an integer.",
 		HTTPStatusCode: http.StatusBadRequest,
 	},
+	InvalidPolicyDocument: {
+		Code:           "InvalidPolicyDocument",
+		Description:    "The content of the form does not meet the conditions specified in the policy document.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
 	AccessDenied: {
 		Code:           "AccessDenied",
 		Description:    "Access Denied.",
@@ -199,6 +208,11 @@ var errorCodeResponse = map[int]APIError{
 		Description:    "The specified bucket does not exist.",
 		HTTPStatusCode: http.StatusNotFound,
 	},
+	NoSuchBucketPolicy: {
+		Code:           "NoSuchBucketPolicy",
+		Description:    "The specified bucket does not have a bucket policy.",
+		HTTPStatusCode: http.StatusNotFound,
+	},
 	NoSuchKey: {
 		Code:           "NoSuchKey",
 		Description:    "The specified key does not exist.",
@@ -274,6 +288,11 @@ var errorCodeResponse = map[int]APIError{
 		Description:    "All access to this bucket has been disabled.",
 		HTTPStatusCode: http.StatusForbidden,
 	},
+	MalformedPolicy: {
+		Code:           "MalformedPolicy",
+		Description:    "Policy has invalid resource",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
 }

 // errorCodeError provides errorCode to Error. It returns empty if the code provided is unknown