MCPcopy
hub / github.com/minio/minio-go / TestGetObjectPolicy

Function TestGetObjectPolicy

pkg/policy/bucket-policy_test.go:1646–1705  ·  view source on GitHub ↗

getObjectPolicy() is called and the result is validated.

(t *testing.T)

Source from the content-addressed store, hash-verified

1644
1645// getObjectPolicy() is called and the result is validated.
1646func TestGetObjectPolicy(t *testing.T) {
1647 testCases := []struct {
1648 statement Statement
1649 expectedResult1 bool
1650 expectedResult2 bool
1651 }{
1652 // Statement with invalid Effect.
1653 {Statement{
1654 Actions: readOnlyObjectActions,
1655 Effect: "Deny",
1656 Principal: User{AWS: set.CreateStringSet("*")},
1657 Resources: set.CreateStringSet("arn:aws:s3:::mybucket/hello*"),
1658 }, false, false},
1659 // Statement with invalid Principal.AWS.
1660 {Statement{
1661 Actions: readOnlyObjectActions,
1662 Effect: "Allow",
1663 Principal: User{AWS: set.CreateStringSet("arn:aws:iam::AccountNumberWithoutHyphens:root")},
1664 Resources: set.CreateStringSet("arn:aws:s3:::mybucket/hello*"),
1665 }, false, false},
1666 // Statement with condition.
1667 {Statement{
1668 Actions: readOnlyObjectActions,
1669 Effect: "Allow",
1670 Principal: User{AWS: set.CreateStringSet("*")},
1671 Conditions: make(ConditionMap),
1672 Resources: set.CreateStringSet("arn:aws:s3:::mybucket/hello*"),
1673 }, false, false},
1674 // Statement with readOnlyObjectActions.
1675 {Statement{
1676 Actions: readOnlyObjectActions,
1677 Effect: "Allow",
1678 Principal: User{AWS: set.CreateStringSet("*")},
1679 Resources: set.CreateStringSet("arn:aws:s3:::mybucket/hello*"),
1680 }, true, false},
1681 // Statement with writeOnlyObjectActions.
1682 {Statement{
1683 Actions: writeOnlyObjectActions,
1684 Effect: "Allow",
1685 Principal: User{AWS: set.CreateStringSet("*")},
1686 Resources: set.CreateStringSet("arn:aws:s3:::mybucket/hello*"),
1687 }, false, true},
1688 // Statement with readOnlyObjectActions and writeOnlyObjectActions.
1689 {Statement{
1690 Actions: readOnlyObjectActions.Union(writeOnlyObjectActions),
1691 Effect: "Allow",
1692 Principal: User{AWS: set.CreateStringSet("*")},
1693 Resources: set.CreateStringSet("arn:aws:s3:::mybucket/hello*"),
1694 }, true, true},
1695 }
1696
1697 for _, testCase := range testCases {
1698 readOnly, writeOnly := getObjectPolicy(testCase.statement)
1699 if testCase.expectedResult1 != readOnly || testCase.expectedResult2 != writeOnly {
1700 t.Fatalf("%+v: expected: [%t,%t], got: [%t,%t]", testCase,
1701 testCase.expectedResult1, testCase.expectedResult2,
1702 readOnly, writeOnly)
1703 }

Callers

nothing calls this directly

Calls 3

CreateStringSetFunction · 0.92
getObjectPolicyFunction · 0.85
UnionMethod · 0.45

Tested by

no test coverage detected