MCPcopy
hub / github.com/minio/minio-go / TestBucketPolicyResourceMatch

Function TestBucketPolicyResourceMatch

pkg/policy/bucket-policy_test.go:2106–2159  ·  view source on GitHub ↗

Tests validate Bucket policy resource matcher.

(t *testing.T)

Source from the content-addressed store, hash-verified

2104
2105// Tests validate Bucket policy resource matcher.
2106func TestBucketPolicyResourceMatch(t *testing.T) {
2107 // generates\ statement with given resource..
2108 generateStatement := func(resource string) Statement {
2109 statement := Statement{}
2110 statement.Resources = set.CreateStringSet(resource)
2111 return statement
2112 }
2113
2114 // generates resource prefix.
2115 generateResource := func(bucketName, objectName string) string {
2116 return awsResourcePrefix + bucketName + "/" + objectName
2117 }
2118
2119 testCases := []struct {
2120 resourceToMatch string
2121 statement Statement
2122 expectedResourceMatch bool
2123 }{
2124 // Test case 1-4.
2125 // Policy with resource ending with bucket/* allows access to all objects inside the given bucket.
2126 {generateResource("minio-bucket", ""), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix, "minio-bucket"+"/*")), true},
2127 {generateResource("minio-bucket", ""), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix, "minio-bucket"+"/*")), true},
2128 {generateResource("minio-bucket", ""), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix, "minio-bucket"+"/*")), true},
2129 {generateResource("minio-bucket", ""), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix, "minio-bucket"+"/*")), true},
2130 // Test case - 5.
2131 // Policy with resource ending with bucket/oo* should not allow access to bucket/output.txt.
2132 {generateResource("minio-bucket", "output.txt"), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix, "minio-bucket"+"/oo*")), false},
2133 // Test case - 6.
2134 // Policy with resource ending with bucket/oo* should allow access to bucket/ootput.txt.
2135 {generateResource("minio-bucket", "ootput.txt"), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix, "minio-bucket"+"/oo*")), true},
2136 // Test case - 7.
2137 // Policy with resource ending with bucket/oo* allows access to all subfolders starting with "oo" inside given bucket.
2138 {generateResource("minio-bucket", "oop-bucket/my-file"), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix, "minio-bucket"+"/oo*")), true},
2139 // Test case - 8.
2140 {generateResource("minio-bucket", "Asia/India/1.pjg"), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix, "minio-bucket"+"/Asia/Japan/*")), false},
2141 // Test case - 9.
2142 {generateResource("minio-bucket", "Asia/India/1.pjg"), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix, "minio-bucket"+"/Asia/Japan/*")), false},
2143 // Test case - 10.
2144 // Proves that the name space is flat.
2145 {generateResource("minio-bucket", "Africa/Bihar/India/design_info.doc/Bihar"), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix,
2146 "minio-bucket"+"/*/India/*/Bihar")), true},
2147 // Test case - 11.
2148 // Proves that the name space is flat.
2149 {generateResource("minio-bucket", "Asia/China/India/States/Bihar/output.txt"), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix,
2150 "minio-bucket"+"/*/India/*/Bihar/*")), true},
2151 }
2152 for i, testCase := range testCases {
2153 resources := testCase.statement.Resources.FuncMatch(resourceMatch, testCase.resourceToMatch)
2154 actualResourceMatch := resources.Equals(testCase.statement.Resources)
2155 if testCase.expectedResourceMatch != actualResourceMatch {
2156 t.Errorf("Test %d: Expected Resource match to be `%v`, but instead found it to be `%v`", i+1, testCase.expectedResourceMatch, actualResourceMatch)
2157 }
2158 }
2159}

Callers

nothing calls this directly

Calls 3

CreateStringSetFunction · 0.92
FuncMatchMethod · 0.45
EqualsMethod · 0.45

Tested by

no test coverage detected