Removes bucket actions for given policy in given statement.
(statement Statement, prefix, bucketResource string, readOnlyInUse, writeOnlyInUse bool)
| 281 | |
| 282 | // Removes bucket actions for given policy in given statement. |
| 283 | func removeBucketActions(statement Statement, prefix, bucketResource string, readOnlyInUse, writeOnlyInUse bool) Statement { |
| 284 | removeReadOnly := func() { |
| 285 | if !statement.Actions.Intersection(readOnlyBucketActions).Equals(readOnlyBucketActions) { |
| 286 | return |
| 287 | } |
| 288 | |
| 289 | if statement.Conditions == nil { |
| 290 | statement.Actions = statement.Actions.Difference(readOnlyBucketActions) |
| 291 | return |
| 292 | } |
| 293 | |
| 294 | if prefix != "" { |
| 295 | stringEqualsValue := statement.Conditions["StringEquals"] |
| 296 | values := set.NewStringSet() |
| 297 | if stringEqualsValue != nil { |
| 298 | values = stringEqualsValue["s3:prefix"] |
| 299 | if values == nil { |
| 300 | values = set.NewStringSet() |
| 301 | } |
| 302 | } |
| 303 | |
| 304 | values.Remove(prefix) |
| 305 | |
| 306 | if stringEqualsValue != nil { |
| 307 | if values.IsEmpty() { |
| 308 | delete(stringEqualsValue, "s3:prefix") |
| 309 | } |
| 310 | if len(stringEqualsValue) == 0 { |
| 311 | delete(statement.Conditions, "StringEquals") |
| 312 | } |
| 313 | } |
| 314 | |
| 315 | if len(statement.Conditions) == 0 { |
| 316 | statement.Conditions = nil |
| 317 | statement.Actions = statement.Actions.Difference(readOnlyBucketActions) |
| 318 | } |
| 319 | } |
| 320 | } |
| 321 | |
| 322 | removeWriteOnly := func() { |
| 323 | if statement.Conditions == nil { |
| 324 | statement.Actions = statement.Actions.Difference(writeOnlyBucketActions) |
| 325 | } |
| 326 | } |
| 327 | |
| 328 | if len(statement.Resources) > 1 { |
| 329 | statement.Resources.Remove(bucketResource) |
| 330 | } else { |
| 331 | if !readOnlyInUse { |
| 332 | removeReadOnly() |
| 333 | } |
| 334 | |
| 335 | if !writeOnlyInUse { |
| 336 | removeWriteOnly() |
| 337 | } |
| 338 | } |
| 339 | |
| 340 | return statement |
no test coverage detected