isValidStatement() is called and the result is validated.
(t *testing.T)
| 272 | |
| 273 | // isValidStatement() is called and the result is validated. |
| 274 | func TestIsValidStatement(t *testing.T) { |
| 275 | testCases := []struct { |
| 276 | statement Statement |
| 277 | bucketName string |
| 278 | expectedResult bool |
| 279 | }{ |
| 280 | // Empty statement and bucket name. |
| 281 | {Statement{}, "", false}, |
| 282 | // Empty statement. |
| 283 | {Statement{}, "mybucket", false}, |
| 284 | // Empty bucket name. |
| 285 | {Statement{ |
| 286 | Actions: readOnlyBucketActions, |
| 287 | Effect: "Allow", |
| 288 | Principal: User{AWS: set.CreateStringSet("*")}, |
| 289 | Resources: set.CreateStringSet("arn:aws:s3:::mybucket"), |
| 290 | }, "", false}, |
| 291 | // Statement with unknown actions. |
| 292 | {Statement{ |
| 293 | Actions: set.CreateStringSet("s3:ListBucketVersions"), |
| 294 | Effect: "Allow", |
| 295 | Principal: User{AWS: set.CreateStringSet("*")}, |
| 296 | Resources: set.CreateStringSet("arn:aws:s3:::mybucket"), |
| 297 | }, "mybucket", false}, |
| 298 | // Statement with unknown effect. |
| 299 | {Statement{ |
| 300 | Actions: readOnlyBucketActions, |
| 301 | Effect: "Deny", |
| 302 | Principal: User{AWS: set.CreateStringSet("*")}, |
| 303 | Resources: set.CreateStringSet("arn:aws:s3:::mybucket"), |
| 304 | }, "mybucket", false}, |
| 305 | // Statement with nil Principal.AWS. |
| 306 | {Statement{ |
| 307 | Actions: readOnlyBucketActions, |
| 308 | Effect: "Allow", |
| 309 | Resources: set.CreateStringSet("arn:aws:s3:::mybucket"), |
| 310 | }, "mybucket", false}, |
| 311 | // Statement with unknown Principal.AWS. |
| 312 | {Statement{ |
| 313 | Actions: readOnlyBucketActions, |
| 314 | Effect: "Allow", |
| 315 | Principal: User{AWS: set.CreateStringSet("arn:aws:iam::AccountNumberWithoutHyphens:root")}, |
| 316 | Resources: set.CreateStringSet("arn:aws:s3:::mybucket"), |
| 317 | }, "mybucket", false}, |
| 318 | // Statement with different bucket name. |
| 319 | {Statement{ |
| 320 | Actions: readOnlyBucketActions, |
| 321 | Effect: "Allow", |
| 322 | Principal: User{AWS: set.CreateStringSet("*")}, |
| 323 | Resources: set.CreateStringSet("arn:aws:s3:::testbucket"), |
| 324 | }, "mybucket", false}, |
| 325 | // Statement with bucket name with suffixed string. |
| 326 | {Statement{ |
| 327 | Actions: readOnlyBucketActions, |
| 328 | Effect: "Allow", |
| 329 | Principal: User{AWS: set.CreateStringSet("*")}, |
| 330 | Resources: set.CreateStringSet("arn:aws:s3:::mybuckettest/myobject"), |
| 331 | }, "mybucket", false}, |
nothing calls this directly
no test coverage detected