newStatements() is called and the result is validated.
(t *testing.T)
| 355 | |
| 356 | // newStatements() is called and the result is validated. |
| 357 | func TestNewStatements(t *testing.T) { |
| 358 | testCases := []struct { |
| 359 | policy BucketPolicy |
| 360 | bucketName string |
| 361 | prefix string |
| 362 | expectedResult string |
| 363 | }{ |
| 364 | // BucketPolicyNone: with empty bucket name and prefix. |
| 365 | {BucketPolicyNone, "", "", `[]`}, |
| 366 | // BucketPolicyNone: with bucket name and empty prefix. |
| 367 | {BucketPolicyNone, "mybucket", "", `[]`}, |
| 368 | // BucketPolicyNone: with empty bucket name empty prefix. |
| 369 | {BucketPolicyNone, "", "hello", `[]`}, |
| 370 | // BucketPolicyNone: with bucket name prefix. |
| 371 | {BucketPolicyNone, "mybucket", "hello", `[]`}, |
| 372 | // BucketPolicyReadOnly: with empty bucket name and prefix. |
| 373 | {BucketPolicyReadOnly, "", "", `[]`}, |
| 374 | // BucketPolicyReadOnly: with bucket name and empty prefix. |
| 375 | {BucketPolicyReadOnly, "mybucket", "", `[{"Action":["s3:GetBucketLocation"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:ListBucket"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:GetObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket/*"],"Sid":""}]`}, |
| 376 | // BucketPolicyReadOnly: with empty bucket name empty prefix. |
| 377 | {BucketPolicyReadOnly, "", "hello", `[]`}, |
| 378 | // BucketPolicyReadOnly: with bucket name prefix. |
| 379 | {BucketPolicyReadOnly, "mybucket", "hello", `[{"Action":["s3:GetBucketLocation"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:ListBucket"],"Condition":{"StringLike":{"s3:prefix":["hello*"]}},"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:GetObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket/hello*"],"Sid":""}]`}, |
| 380 | // BucketPolicyReadWrite: with empty bucket name and prefix. |
| 381 | {BucketPolicyReadWrite, "", "", `[]`}, |
| 382 | // BucketPolicyReadWrite: with bucket name and empty prefix. |
| 383 | {BucketPolicyReadWrite, "mybucket", "", `[{"Action":["s3:GetBucketLocation"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:ListBucket"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:ListBucketMultipartUploads"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:AbortMultipartUpload","s3:DeleteObject","s3:GetObject","s3:ListMultipartUploadParts","s3:PutObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket/*"],"Sid":""}]`}, |
| 384 | // BucketPolicyReadWrite: with empty bucket name empty prefix. |
| 385 | {BucketPolicyReadWrite, "", "hello", `[]`}, |
| 386 | // BucketPolicyReadWrite: with bucket name prefix. |
| 387 | {BucketPolicyReadWrite, "mybucket", "hello", `[{"Action":["s3:GetBucketLocation"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:ListBucket"],"Condition":{"StringLike":{"s3:prefix":["hello*"]}},"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:ListBucketMultipartUploads"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:AbortMultipartUpload","s3:DeleteObject","s3:GetObject","s3:ListMultipartUploadParts","s3:PutObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket/hello*"],"Sid":""}]`}, |
| 388 | // BucketPolicyWriteOnly: with empty bucket name and prefix. |
| 389 | {BucketPolicyWriteOnly, "", "", `[]`}, |
| 390 | // BucketPolicyWriteOnly: with bucket name and empty prefix. |
| 391 | {BucketPolicyWriteOnly, "mybucket", "", `[{"Action":["s3:GetBucketLocation"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:ListBucketMultipartUploads"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:AbortMultipartUpload","s3:DeleteObject","s3:ListMultipartUploadParts","s3:PutObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket/*"],"Sid":""}]`}, |
| 392 | // BucketPolicyWriteOnly: with empty bucket name empty prefix. |
| 393 | {BucketPolicyWriteOnly, "", "hello", `[]`}, |
| 394 | // BucketPolicyWriteOnly: with bucket name prefix. |
| 395 | {BucketPolicyWriteOnly, "mybucket", "hello", `[{"Action":["s3:GetBucketLocation"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:ListBucketMultipartUploads"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:AbortMultipartUpload","s3:DeleteObject","s3:ListMultipartUploadParts","s3:PutObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket/hello*"],"Sid":""}]`}, |
| 396 | } |
| 397 | |
| 398 | for _, testCase := range testCases { |
| 399 | statements := newStatements(testCase.policy, testCase.bucketName, testCase.prefix) |
| 400 | if data, err := json.Marshal(statements); err == nil { |
| 401 | if string(data) != testCase.expectedResult { |
| 402 | t.Fatalf("%+v: expected: %s, got: %s", testCase, testCase.expectedResult, string(data)) |
| 403 | } |
| 404 | } |
| 405 | } |
| 406 | } |
| 407 | |
| 408 | // getInUsePolicy() is called and the result is validated. |
| 409 | func TestGetInUsePolicy(t *testing.T) { |
nothing calls this directly
no test coverage detected