MyFavMirrors
/
minio
mirror of https://github.com/minio/minio.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,256 Commits 5 Branches 503 Tags 186 MiB
Commit Graph

7 Commits

Author SHA1 Message Date
Harshavardhana d1bb8a5b21 api: refactor the bucket policy reading and writing. (#2395) 
Policies are read once during server startup and subsequently
managed through in memory map. In-memory map is updated as
and when there are new changes coming in.
 2016-08-10 20:10:47 -07:00
karthic rao 48aa5f2199 api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) 
Changes to ResourceMatch logic.
Test for action match function.
 2016-06-30 23:49:59 -07:00
Aakash Muttineni 6f3bd76754 api: Add new bucket policy nesting error (#1883) 
* Added ErrPolicyNesting which is returned when nesting of policies has occured
* Replaces ErrMalformedPolicy in the case of nesting
* Changed test case in bucket-policy-parser_test.go (ErrMalformedPolicy -> ErrPolicyNesting)
 2016-06-09 01:53:56 -07:00
Harshavardhana ba5805e60a bucketPolicy: Do not use regexes, just do prefix matches. (#1497) 
AWS arn supports wildcards and this is flat namespace, simple
prefix matching is fine.

Fixes #1481
Fixes #1482
 2016-05-05 19:58:48 -07:00
karthic rao 188bb92d8a bucket-policy parset tests, and bug fixes (#1317) 2016-04-15 18:23:19 -07:00
Harshavardhana 996d2e2a10 bucketpolicy: checkBucketPolicy should keep resources in map. 
This is done to make sure to avoid appending duplicates for
resources for each actions.
 2016-03-22 17:04:39 -07:00
Harshavardhana 88714e7c8e bucketpolicy: Improve bucket policy validation, avoid nested rules. 
Bucket policy validation is more stricter now, to avoid nested
rules. The reason to do this is keep the rules simpler and more
meaningful avoiding conflicts.

This patch implements stricter checks.

Example policy to be generally avoided.
```
{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Action": [
				"s3:GetObject",
				"s3:DeleteObject"
			],
			"Effect": "Allow",
			"Principal": {
				"AWS": [
					"*"
				]
			},
			"Resource": [
				"arn:aws:s3:::jarjarbing/*"
			]
		},
		{
			"Action": [
				"s3:GetObject",
				"s3:DeleteObject"
			],
			"Effect": "Deny",
			"Principal": {
				"AWS": [
					"*"
				]
			},
			"Resource": [
				"arn:aws:s3:::jarjarbing/restic/key/*"
			]
		}
	]
}
```
 2016-03-15 17:50:23 -07:00