policy: Add Merge API (#11793)

This commit adds a new API in pkg/bucket/policy package called Merge to merge multiple policies of a user or a group into one policy document.
2025-11-25 20:16:10 -05:00 · 2021-03-16 16:50:36 +01:00
parent 6160188bf3
commit fa94682e83
12 changed files with 279 additions and 31 deletions
--- a/pkg/iam/policy/policy.go
+++ b/pkg/iam/policy/policy.go
@@ -151,23 +151,30 @@ func (iamp Policy) isValid() error {
 	return nil
 }

+// Merge merges two policies documents and drop
+// duplicate statements if any.
+func (iamp Policy) Merge(input Policy) Policy {
+	var mergedPolicy Policy
+	if iamp.Version != "" {
+		mergedPolicy.Version = iamp.Version
+	} else {
+		mergedPolicy.Version = input.Version
+	}
+	for _, st := range iamp.Statements {
+		mergedPolicy.Statements = append(mergedPolicy.Statements, st.Clone())
+	}
+	for _, st := range input.Statements {
+		mergedPolicy.Statements = append(mergedPolicy.Statements, st.Clone())
+	}
+	mergedPolicy.dropDuplicateStatements()
+	return mergedPolicy
+}
+
 func (iamp *Policy) dropDuplicateStatements() {
 redo:
 	for i := range iamp.Statements {
 		for j, statement := range iamp.Statements[i+1:] {
-			if iamp.Statements[i].Effect != statement.Effect {
-				continue
-			}
-
-			if !iamp.Statements[i].Actions.Equals(statement.Actions) {
-				continue
-			}
-
-			if !iamp.Statements[i].Resources.Equals(statement.Resources) {
-				continue
-			}
-
-			if iamp.Statements[i].Conditions.String() != statement.Conditions.String() {
+			if !iamp.Statements[i].Equals(statement) {
 				continue
 			}
 			iamp.Statements = append(iamp.Statements[:j], iamp.Statements[j+1:]...)