SetPolicy() is called and the result is validated.
(t *testing.T)
| 1951 | |
| 1952 | // SetPolicy() is called and the result is validated. |
| 1953 | func TestSetPolicy(t *testing.T) { |
| 1954 | helloCondMap := make(ConditionMap) |
| 1955 | helloCondKeyMap := make(ConditionKeyMap) |
| 1956 | helloCondKeyMap.Add("s3:prefix", set.CreateStringSet("hello")) |
| 1957 | helloCondMap.Add("StringEquals", helloCondKeyMap) |
| 1958 | |
| 1959 | testCases := []struct { |
| 1960 | statements []Statement |
| 1961 | policy BucketPolicy |
| 1962 | bucketName string |
| 1963 | prefix string |
| 1964 | expectedResult string |
| 1965 | }{ |
| 1966 | // BucketPolicyNone - empty statements, bucket name and prefix. |
| 1967 | {[]Statement{}, BucketPolicyNone, "", "", `[]`}, |
| 1968 | // BucketPolicyNone - non-empty statements, bucket name and prefix. |
| 1969 | {[]Statement{{ |
| 1970 | Actions: readOnlyBucketActions, |
| 1971 | Effect: "Allow", |
| 1972 | Principal: User{AWS: set.CreateStringSet("*")}, |
| 1973 | Resources: set.CreateStringSet("arn:aws:s3:::mybucket"), |
| 1974 | }}, BucketPolicyNone, "", "", `[{"Action":["s3:ListBucket"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""}]`}, |
| 1975 | // BucketPolicyNone - empty statements, non-empty bucket name and prefix. |
| 1976 | {[]Statement{}, BucketPolicyNone, "mybucket", "", `[]`}, |
| 1977 | // BucketPolicyNone - empty statements, bucket name and non-empty prefix. |
| 1978 | {[]Statement{}, BucketPolicyNone, "", "hello", `[]`}, |
| 1979 | // BucketPolicyReadOnly - empty statements, bucket name and prefix. |
| 1980 | {[]Statement{}, BucketPolicyReadOnly, "", "", `[]`}, |
| 1981 | // BucketPolicyReadOnly - non-empty statements, bucket name and prefix. |
| 1982 | {[]Statement{{ |
| 1983 | Actions: readOnlyBucketActions, |
| 1984 | Effect: "Allow", |
| 1985 | Principal: User{AWS: set.CreateStringSet("*")}, |
| 1986 | Resources: set.CreateStringSet("arn:aws:s3:::testbucket"), |
| 1987 | }}, BucketPolicyReadOnly, "", "", `[{"Action":["s3:ListBucket"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::testbucket"],"Sid":""}]`}, |
| 1988 | // BucketPolicyReadOnly - empty statements, non-empty bucket name and prefix. |
| 1989 | {[]Statement{}, BucketPolicyReadOnly, "mybucket", "", `[{"Action":["s3:GetBucketLocation","s3:ListBucket"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:GetObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket/*"],"Sid":""}]`}, |
| 1990 | // BucketPolicyReadOnly - empty statements, bucket name and non-empty prefix. |
| 1991 | {[]Statement{}, BucketPolicyReadOnly, "", "hello", `[]`}, |
| 1992 | // BucketPolicyReadOnly - empty statements, non-empty bucket name and non-empty prefix. |
| 1993 | {[]Statement{}, BucketPolicyReadOnly, "mybucket", "hello", `[{"Action":["s3:GetBucketLocation"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:ListBucket"],"Condition":{"StringLike":{"s3:prefix":["hello*"]}},"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:GetObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket/hello*"],"Sid":""}]`}, |
| 1994 | // BucketPolicyWriteOnly - empty statements, bucket name and prefix. |
| 1995 | {[]Statement{}, BucketPolicyReadOnly, "", "", `[]`}, |
| 1996 | // BucketPolicyWriteOnly - non-empty statements, bucket name and prefix. |
| 1997 | {[]Statement{{ |
| 1998 | Actions: readOnlyBucketActions, |
| 1999 | Effect: "Allow", |
| 2000 | Principal: User{AWS: set.CreateStringSet("*")}, |
| 2001 | Resources: set.CreateStringSet("arn:aws:s3:::testbucket"), |
| 2002 | }}, BucketPolicyWriteOnly, "", "", `[{"Action":["s3:ListBucket"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::testbucket"],"Sid":""}]`}, |
| 2003 | // BucketPolicyWriteOnly - empty statements, non-empty bucket name and prefix. |
| 2004 | {[]Statement{}, BucketPolicyWriteOnly, "mybucket", "", `[{"Action":["s3:GetBucketLocation","s3:ListBucketMultipartUploads"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:AbortMultipartUpload","s3:DeleteObject","s3:ListMultipartUploadParts","s3:PutObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket/*"],"Sid":""}]`}, |
| 2005 | // BucketPolicyWriteOnly - empty statements, bucket name and non-empty prefix. |
| 2006 | {[]Statement{}, BucketPolicyWriteOnly, "", "hello", `[]`}, |
| 2007 | // BucketPolicyWriteOnly - empty statements, non-empty bucket name and non-empty prefix. |
| 2008 | {[]Statement{}, BucketPolicyWriteOnly, "mybucket", "hello", `[{"Action":["s3:GetBucketLocation","s3:ListBucketMultipartUploads"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:AbortMultipartUpload","s3:DeleteObject","s3:ListMultipartUploadParts","s3:PutObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket/hello*"],"Sid":""}]`}, |
| 2009 | // BucketPolicyReadWrite - empty statements, bucket name and prefix. |
| 2010 | {[]Statement{}, BucketPolicyReadWrite, "", "", `[]`}, |
nothing calls this directly
no test coverage detected