MCPcopy
hub / github.com/minio/minio-go / TestNewStatements

Function TestNewStatements

pkg/policy/bucket-policy_test.go:357–406  ·  view source on GitHub ↗

newStatements() is called and the result is validated.

(t *testing.T)

Source from the content-addressed store, hash-verified

355
356// newStatements() is called and the result is validated.
357func TestNewStatements(t *testing.T) {
358 testCases := []struct {
359 policy BucketPolicy
360 bucketName string
361 prefix string
362 expectedResult string
363 }{
364 // BucketPolicyNone: with empty bucket name and prefix.
365 {BucketPolicyNone, "", "", `[]`},
366 // BucketPolicyNone: with bucket name and empty prefix.
367 {BucketPolicyNone, "mybucket", "", `[]`},
368 // BucketPolicyNone: with empty bucket name empty prefix.
369 {BucketPolicyNone, "", "hello", `[]`},
370 // BucketPolicyNone: with bucket name prefix.
371 {BucketPolicyNone, "mybucket", "hello", `[]`},
372 // BucketPolicyReadOnly: with empty bucket name and prefix.
373 {BucketPolicyReadOnly, "", "", `[]`},
374 // BucketPolicyReadOnly: with bucket name and empty prefix.
375 {BucketPolicyReadOnly, "mybucket", "", `[{"Action":["s3:GetBucketLocation"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:ListBucket"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:GetObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket/*"],"Sid":""}]`},
376 // BucketPolicyReadOnly: with empty bucket name empty prefix.
377 {BucketPolicyReadOnly, "", "hello", `[]`},
378 // BucketPolicyReadOnly: with bucket name prefix.
379 {BucketPolicyReadOnly, "mybucket", "hello", `[{"Action":["s3:GetBucketLocation"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:ListBucket"],"Condition":{"StringLike":{"s3:prefix":["hello*"]}},"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:GetObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket/hello*"],"Sid":""}]`},
380 // BucketPolicyReadWrite: with empty bucket name and prefix.
381 {BucketPolicyReadWrite, "", "", `[]`},
382 // BucketPolicyReadWrite: with bucket name and empty prefix.
383 {BucketPolicyReadWrite, "mybucket", "", `[{"Action":["s3:GetBucketLocation"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:ListBucket"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:ListBucketMultipartUploads"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:AbortMultipartUpload","s3:DeleteObject","s3:GetObject","s3:ListMultipartUploadParts","s3:PutObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket/*"],"Sid":""}]`},
384 // BucketPolicyReadWrite: with empty bucket name empty prefix.
385 {BucketPolicyReadWrite, "", "hello", `[]`},
386 // BucketPolicyReadWrite: with bucket name prefix.
387 {BucketPolicyReadWrite, "mybucket", "hello", `[{"Action":["s3:GetBucketLocation"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:ListBucket"],"Condition":{"StringLike":{"s3:prefix":["hello*"]}},"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:ListBucketMultipartUploads"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:AbortMultipartUpload","s3:DeleteObject","s3:GetObject","s3:ListMultipartUploadParts","s3:PutObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket/hello*"],"Sid":""}]`},
388 // BucketPolicyWriteOnly: with empty bucket name and prefix.
389 {BucketPolicyWriteOnly, "", "", `[]`},
390 // BucketPolicyWriteOnly: with bucket name and empty prefix.
391 {BucketPolicyWriteOnly, "mybucket", "", `[{"Action":["s3:GetBucketLocation"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:ListBucketMultipartUploads"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:AbortMultipartUpload","s3:DeleteObject","s3:ListMultipartUploadParts","s3:PutObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket/*"],"Sid":""}]`},
392 // BucketPolicyWriteOnly: with empty bucket name empty prefix.
393 {BucketPolicyWriteOnly, "", "hello", `[]`},
394 // BucketPolicyWriteOnly: with bucket name prefix.
395 {BucketPolicyWriteOnly, "mybucket", "hello", `[{"Action":["s3:GetBucketLocation"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:ListBucketMultipartUploads"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:AbortMultipartUpload","s3:DeleteObject","s3:ListMultipartUploadParts","s3:PutObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket/hello*"],"Sid":""}]`},
396 }
397
398 for _, testCase := range testCases {
399 statements := newStatements(testCase.policy, testCase.bucketName, testCase.prefix)
400 if data, err := json.Marshal(statements); err == nil {
401 if string(data) != testCase.expectedResult {
402 t.Fatalf("%+v: expected: %s, got: %s", testCase, testCase.expectedResult, string(data))
403 }
404 }
405 }
406}
407
408// getInUsePolicy() is called and the result is validated.
409func TestGetInUsePolicy(t *testing.T) {

Callers

nothing calls this directly

Calls 2

newStatementsFunction · 0.85
MarshalMethod · 0.65

Tested by

no test coverage detected