isValidStatement - returns whether given statement is valid to process for given bucket name.
(statement Statement, bucketName string)
| 129 | |
| 130 | // isValidStatement - returns whether given statement is valid to process for given bucket name. |
| 131 | func isValidStatement(statement Statement, bucketName string) bool { |
| 132 | if statement.Actions.Intersection(validActions).IsEmpty() { |
| 133 | return false |
| 134 | } |
| 135 | |
| 136 | if statement.Effect != "Allow" { |
| 137 | return false |
| 138 | } |
| 139 | |
| 140 | if statement.Principal.AWS == nil || !statement.Principal.AWS.Contains("*") { |
| 141 | return false |
| 142 | } |
| 143 | |
| 144 | bucketResource := awsResourcePrefix + bucketName |
| 145 | if statement.Resources.Contains(bucketResource) { |
| 146 | return true |
| 147 | } |
| 148 | |
| 149 | if statement.Resources.FuncMatch(startsWithFunc, bucketResource+"/").IsEmpty() { |
| 150 | return false |
| 151 | } |
| 152 | |
| 153 | return true |
| 154 | } |
| 155 | |
| 156 | // Returns new statements with bucket actions for given policy. |
| 157 | func newBucketStatement(policy BucketPolicy, bucketName, prefix string) (statements []Statement) { |