getObjectPolicy() is called and the result is validated.
(t *testing.T)
| 1644 | |
| 1645 | // getObjectPolicy() is called and the result is validated. |
| 1646 | func TestGetObjectPolicy(t *testing.T) { |
| 1647 | testCases := []struct { |
| 1648 | statement Statement |
| 1649 | expectedResult1 bool |
| 1650 | expectedResult2 bool |
| 1651 | }{ |
| 1652 | // Statement with invalid Effect. |
| 1653 | {Statement{ |
| 1654 | Actions: readOnlyObjectActions, |
| 1655 | Effect: "Deny", |
| 1656 | Principal: User{AWS: set.CreateStringSet("*")}, |
| 1657 | Resources: set.CreateStringSet("arn:aws:s3:::mybucket/hello*"), |
| 1658 | }, false, false}, |
| 1659 | // Statement with invalid Principal.AWS. |
| 1660 | {Statement{ |
| 1661 | Actions: readOnlyObjectActions, |
| 1662 | Effect: "Allow", |
| 1663 | Principal: User{AWS: set.CreateStringSet("arn:aws:iam::AccountNumberWithoutHyphens:root")}, |
| 1664 | Resources: set.CreateStringSet("arn:aws:s3:::mybucket/hello*"), |
| 1665 | }, false, false}, |
| 1666 | // Statement with condition. |
| 1667 | {Statement{ |
| 1668 | Actions: readOnlyObjectActions, |
| 1669 | Effect: "Allow", |
| 1670 | Principal: User{AWS: set.CreateStringSet("*")}, |
| 1671 | Conditions: make(ConditionMap), |
| 1672 | Resources: set.CreateStringSet("arn:aws:s3:::mybucket/hello*"), |
| 1673 | }, false, false}, |
| 1674 | // Statement with readOnlyObjectActions. |
| 1675 | {Statement{ |
| 1676 | Actions: readOnlyObjectActions, |
| 1677 | Effect: "Allow", |
| 1678 | Principal: User{AWS: set.CreateStringSet("*")}, |
| 1679 | Resources: set.CreateStringSet("arn:aws:s3:::mybucket/hello*"), |
| 1680 | }, true, false}, |
| 1681 | // Statement with writeOnlyObjectActions. |
| 1682 | {Statement{ |
| 1683 | Actions: writeOnlyObjectActions, |
| 1684 | Effect: "Allow", |
| 1685 | Principal: User{AWS: set.CreateStringSet("*")}, |
| 1686 | Resources: set.CreateStringSet("arn:aws:s3:::mybucket/hello*"), |
| 1687 | }, false, true}, |
| 1688 | // Statement with readOnlyObjectActions and writeOnlyObjectActions. |
| 1689 | {Statement{ |
| 1690 | Actions: readOnlyObjectActions.Union(writeOnlyObjectActions), |
| 1691 | Effect: "Allow", |
| 1692 | Principal: User{AWS: set.CreateStringSet("*")}, |
| 1693 | Resources: set.CreateStringSet("arn:aws:s3:::mybucket/hello*"), |
| 1694 | }, true, true}, |
| 1695 | } |
| 1696 | |
| 1697 | for _, testCase := range testCases { |
| 1698 | readOnly, writeOnly := getObjectPolicy(testCase.statement) |
| 1699 | if testCase.expectedResult1 != readOnly || testCase.expectedResult2 != writeOnly { |
| 1700 | t.Fatalf("%+v: expected: [%t,%t], got: [%t,%t]", testCase, |
| 1701 | testCase.expectedResult1, testCase.expectedResult2, |
| 1702 | readOnly, writeOnly) |
| 1703 | } |
nothing calls this directly
no test coverage detected