Returns new statements with bucket actions for given policy.
(policy BucketPolicy, bucketName, prefix string)
| 155 | |
| 156 | // Returns new statements with bucket actions for given policy. |
| 157 | func newBucketStatement(policy BucketPolicy, bucketName, prefix string) (statements []Statement) { |
| 158 | statements = []Statement{} |
| 159 | if policy == BucketPolicyNone || bucketName == "" { |
| 160 | return statements |
| 161 | } |
| 162 | |
| 163 | bucketResource := set.CreateStringSet(awsResourcePrefix + bucketName) |
| 164 | |
| 165 | statement := Statement{ |
| 166 | Actions: commonBucketActions, |
| 167 | Effect: "Allow", |
| 168 | Principal: User{AWS: set.CreateStringSet("*")}, |
| 169 | Resources: bucketResource, |
| 170 | Sid: "", |
| 171 | } |
| 172 | statements = append(statements, statement) |
| 173 | |
| 174 | if policy == BucketPolicyReadOnly || policy == BucketPolicyReadWrite { |
| 175 | statement = Statement{ |
| 176 | Actions: readOnlyBucketActions, |
| 177 | Effect: "Allow", |
| 178 | Principal: User{AWS: set.CreateStringSet("*")}, |
| 179 | Resources: bucketResource, |
| 180 | Sid: "", |
| 181 | } |
| 182 | if prefix != "" { |
| 183 | condKeyMap := make(ConditionKeyMap) |
| 184 | condKeyMap.Add("s3:prefix", set.CreateStringSet(prefix+"*")) |
| 185 | condMap := make(ConditionMap) |
| 186 | condMap.Add("StringLike", condKeyMap) |
| 187 | statement.Conditions = condMap |
| 188 | } |
| 189 | statements = append(statements, statement) |
| 190 | } |
| 191 | |
| 192 | if policy == BucketPolicyWriteOnly || policy == BucketPolicyReadWrite { |
| 193 | statement = Statement{ |
| 194 | Actions: writeOnlyBucketActions, |
| 195 | Effect: "Allow", |
| 196 | Principal: User{AWS: set.CreateStringSet("*")}, |
| 197 | Resources: bucketResource, |
| 198 | Sid: "", |
| 199 | } |
| 200 | statements = append(statements, statement) |
| 201 | } |
| 202 | |
| 203 | return statements |
| 204 | } |
| 205 | |
| 206 | // Returns new statements contains object actions for given policy. |
| 207 | func newObjectStatement(policy BucketPolicy, bucketName, prefix string) (statements []Statement) { |
no test coverage detected