GetPolicyRules is called and the result is validated
(t *testing.T)
| 1706 | |
| 1707 | // GetPolicyRules is called and the result is validated |
| 1708 | func TestListBucketPolicies(t *testing.T) { |
| 1709 | // Condition for read objects |
| 1710 | downloadCondMap := make(ConditionMap) |
| 1711 | downloadCondKeyMap := make(ConditionKeyMap) |
| 1712 | downloadCondKeyMap.Add("s3:prefix", set.CreateStringSet("download")) |
| 1713 | downloadCondMap.Add("StringEquals", downloadCondKeyMap) |
| 1714 | |
| 1715 | // Condition for readwrite objects |
| 1716 | downloadUploadCondMap := make(ConditionMap) |
| 1717 | downloadUploadCondKeyMap := make(ConditionKeyMap) |
| 1718 | downloadUploadCondKeyMap.Add("s3:prefix", set.CreateStringSet("both")) |
| 1719 | downloadUploadCondMap.Add("StringEquals", downloadUploadCondKeyMap) |
| 1720 | |
| 1721 | commonSetActions := commonBucketActions.Union(readOnlyBucketActions) |
| 1722 | testCases := []struct { |
| 1723 | statements []Statement |
| 1724 | bucketName string |
| 1725 | prefix string |
| 1726 | expectedResult map[string]BucketPolicy |
| 1727 | }{ |
| 1728 | // Empty statements, bucket name and prefix. |
| 1729 | {[]Statement{}, "", "", map[string]BucketPolicy{}}, |
| 1730 | // Non-empty statements, empty bucket name and empty prefix. |
| 1731 | {[]Statement{{ |
| 1732 | Actions: readOnlyBucketActions, |
| 1733 | Effect: "Allow", |
| 1734 | Principal: User{AWS: set.CreateStringSet("*")}, |
| 1735 | Resources: set.CreateStringSet("arn:aws:s3:::mybucket"), |
| 1736 | }}, "", "", map[string]BucketPolicy{}}, |
| 1737 | // Empty statements, non-empty bucket name and empty prefix. |
| 1738 | {[]Statement{}, "mybucket", "", map[string]BucketPolicy{}}, |
| 1739 | // Readonly object statement |
| 1740 | {[]Statement{ |
| 1741 | { |
| 1742 | Actions: commonBucketActions, |
| 1743 | Effect: "Allow", |
| 1744 | Principal: User{AWS: set.CreateStringSet("*")}, |
| 1745 | Resources: set.CreateStringSet("arn:aws:s3:::mybucket"), |
| 1746 | }, |
| 1747 | { |
| 1748 | Actions: readOnlyBucketActions, |
| 1749 | Effect: "Allow", |
| 1750 | Principal: User{AWS: set.CreateStringSet("*")}, |
| 1751 | Conditions: downloadCondMap, |
| 1752 | Resources: set.CreateStringSet("arn:aws:s3:::mybucket"), |
| 1753 | }, |
| 1754 | { |
| 1755 | Actions: readOnlyObjectActions, |
| 1756 | Effect: "Allow", |
| 1757 | Principal: User{AWS: set.CreateStringSet("*")}, |
| 1758 | Resources: set.CreateStringSet("arn:aws:s3:::mybucket/download*"), |
| 1759 | }, |
| 1760 | }, "mybucket", "", map[string]BucketPolicy{"mybucket/download*": BucketPolicyReadOnly}}, |
| 1761 | {[]Statement{ |
| 1762 | { |
| 1763 | Actions: commonSetActions.Union(readOnlyObjectActions), |
| 1764 | Effect: "Allow", |
| 1765 | Principal: User{AWS: set.CreateStringSet("*")}, |
nothing calls this directly
no test coverage detected