Tests validate Bucket policy resource matcher.
(t *testing.T)
| 2104 | |
| 2105 | // Tests validate Bucket policy resource matcher. |
| 2106 | func TestBucketPolicyResourceMatch(t *testing.T) { |
| 2107 | // generates\ statement with given resource.. |
| 2108 | generateStatement := func(resource string) Statement { |
| 2109 | statement := Statement{} |
| 2110 | statement.Resources = set.CreateStringSet(resource) |
| 2111 | return statement |
| 2112 | } |
| 2113 | |
| 2114 | // generates resource prefix. |
| 2115 | generateResource := func(bucketName, objectName string) string { |
| 2116 | return awsResourcePrefix + bucketName + "/" + objectName |
| 2117 | } |
| 2118 | |
| 2119 | testCases := []struct { |
| 2120 | resourceToMatch string |
| 2121 | statement Statement |
| 2122 | expectedResourceMatch bool |
| 2123 | }{ |
| 2124 | // Test case 1-4. |
| 2125 | // Policy with resource ending with bucket/* allows access to all objects inside the given bucket. |
| 2126 | {generateResource("minio-bucket", ""), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix, "minio-bucket"+"/*")), true}, |
| 2127 | {generateResource("minio-bucket", ""), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix, "minio-bucket"+"/*")), true}, |
| 2128 | {generateResource("minio-bucket", ""), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix, "minio-bucket"+"/*")), true}, |
| 2129 | {generateResource("minio-bucket", ""), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix, "minio-bucket"+"/*")), true}, |
| 2130 | // Test case - 5. |
| 2131 | // Policy with resource ending with bucket/oo* should not allow access to bucket/output.txt. |
| 2132 | {generateResource("minio-bucket", "output.txt"), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix, "minio-bucket"+"/oo*")), false}, |
| 2133 | // Test case - 6. |
| 2134 | // Policy with resource ending with bucket/oo* should allow access to bucket/ootput.txt. |
| 2135 | {generateResource("minio-bucket", "ootput.txt"), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix, "minio-bucket"+"/oo*")), true}, |
| 2136 | // Test case - 7. |
| 2137 | // Policy with resource ending with bucket/oo* allows access to all subfolders starting with "oo" inside given bucket. |
| 2138 | {generateResource("minio-bucket", "oop-bucket/my-file"), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix, "minio-bucket"+"/oo*")), true}, |
| 2139 | // Test case - 8. |
| 2140 | {generateResource("minio-bucket", "Asia/India/1.pjg"), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix, "minio-bucket"+"/Asia/Japan/*")), false}, |
| 2141 | // Test case - 9. |
| 2142 | {generateResource("minio-bucket", "Asia/India/1.pjg"), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix, "minio-bucket"+"/Asia/Japan/*")), false}, |
| 2143 | // Test case - 10. |
| 2144 | // Proves that the name space is flat. |
| 2145 | {generateResource("minio-bucket", "Africa/Bihar/India/design_info.doc/Bihar"), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix, |
| 2146 | "minio-bucket"+"/*/India/*/Bihar")), true}, |
| 2147 | // Test case - 11. |
| 2148 | // Proves that the name space is flat. |
| 2149 | {generateResource("minio-bucket", "Asia/China/India/States/Bihar/output.txt"), generateStatement(fmt.Sprintf("%s%s", awsResourcePrefix, |
| 2150 | "minio-bucket"+"/*/India/*/Bihar/*")), true}, |
| 2151 | } |
| 2152 | for i, testCase := range testCases { |
| 2153 | resources := testCase.statement.Resources.FuncMatch(resourceMatch, testCase.resourceToMatch) |
| 2154 | actualResourceMatch := resources.Equals(testCase.statement.Resources) |
| 2155 | if testCase.expectedResourceMatch != actualResourceMatch { |
| 2156 | t.Errorf("Test %d: Expected Resource match to be `%v`, but instead found it to be `%v`", i+1, testCase.expectedResourceMatch, actualResourceMatch) |
| 2157 | } |
| 2158 | } |
| 2159 | } |
nothing calls this directly
no test coverage detected