MCPcopy
hub / github.com/minio/minio-go / TestIsValidStatement

Function TestIsValidStatement

pkg/policy/bucket-policy_test.go:274–354  ·  pkg/policy/bucket-policy_test.go::TestIsValidStatement

isValidStatement() is called and the result is validated.

(t *testing.T)

Source from the content-addressed store, hash-verified

272
273// isValidStatement() is called and the result is validated.
274func TestIsValidStatement(t *testing.T) {
275 testCases := []struct {
276 statement Statement
277 bucketName string
278 expectedResult bool
279 }{
280 // Empty statement and bucket name.
281 {Statement{}, "", false},
282 // Empty statement.
283 {Statement{}, "mybucket", false},
284 // Empty bucket name.
285 {Statement{
286 Actions: readOnlyBucketActions,
287 Effect: "Allow",
288 Principal: User{AWS: set.CreateStringSet("*")},
289 Resources: set.CreateStringSet("arn:aws:s3:::mybucket"),
290 }, "", false},
291 // Statement with unknown actions.
292 {Statement{
293 Actions: set.CreateStringSet("s3:ListBucketVersions"),
294 Effect: "Allow",
295 Principal: User{AWS: set.CreateStringSet("*")},
296 Resources: set.CreateStringSet("arn:aws:s3:::mybucket"),
297 }, "mybucket", false},
298 // Statement with unknown effect.
299 {Statement{
300 Actions: readOnlyBucketActions,
301 Effect: "Deny",
302 Principal: User{AWS: set.CreateStringSet("*")},
303 Resources: set.CreateStringSet("arn:aws:s3:::mybucket"),
304 }, "mybucket", false},
305 // Statement with nil Principal.AWS.
306 {Statement{
307 Actions: readOnlyBucketActions,
308 Effect: "Allow",
309 Resources: set.CreateStringSet("arn:aws:s3:::mybucket"),
310 }, "mybucket", false},
311 // Statement with unknown Principal.AWS.
312 {Statement{
313 Actions: readOnlyBucketActions,
314 Effect: "Allow",
315 Principal: User{AWS: set.CreateStringSet("arn:aws:iam::AccountNumberWithoutHyphens:root")},
316 Resources: set.CreateStringSet("arn:aws:s3:::mybucket"),
317 }, "mybucket", false},
318 // Statement with different bucket name.
319 {Statement{
320 Actions: readOnlyBucketActions,
321 Effect: "Allow",
322 Principal: User{AWS: set.CreateStringSet("*")},
323 Resources: set.CreateStringSet("arn:aws:s3:::testbucket"),
324 }, "mybucket", false},
325 // Statement with bucket name with suffixed string.
326 {Statement{
327 Actions: readOnlyBucketActions,
328 Effect: "Allow",
329 Principal: User{AWS: set.CreateStringSet("*")},
330 Resources: set.CreateStringSet("arn:aws:s3:::mybuckettest/myobject"),
331 }, "mybucket", false},

Callers

nothing calls this directly

Calls 2

CreateStringSetFunction · 0.92
isValidStatementFunction · 0.85

Tested by

no test coverage detected