MCPcopy
hub / github.com/minio/minio-go / TestSetPolicy

Function TestSetPolicy

pkg/policy/bucket-policy_test.go:1953–2079  ·  view source on GitHub ↗

SetPolicy() is called and the result is validated.

(t *testing.T)

Source from the content-addressed store, hash-verified

1951
1952// SetPolicy() is called and the result is validated.
1953func TestSetPolicy(t *testing.T) {
1954 helloCondMap := make(ConditionMap)
1955 helloCondKeyMap := make(ConditionKeyMap)
1956 helloCondKeyMap.Add("s3:prefix", set.CreateStringSet("hello"))
1957 helloCondMap.Add("StringEquals", helloCondKeyMap)
1958
1959 testCases := []struct {
1960 statements []Statement
1961 policy BucketPolicy
1962 bucketName string
1963 prefix string
1964 expectedResult string
1965 }{
1966 // BucketPolicyNone - empty statements, bucket name and prefix.
1967 {[]Statement{}, BucketPolicyNone, "", "", `[]`},
1968 // BucketPolicyNone - non-empty statements, bucket name and prefix.
1969 {[]Statement{{
1970 Actions: readOnlyBucketActions,
1971 Effect: "Allow",
1972 Principal: User{AWS: set.CreateStringSet("*")},
1973 Resources: set.CreateStringSet("arn:aws:s3:::mybucket"),
1974 }}, BucketPolicyNone, "", "", `[{"Action":["s3:ListBucket"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""}]`},
1975 // BucketPolicyNone - empty statements, non-empty bucket name and prefix.
1976 {[]Statement{}, BucketPolicyNone, "mybucket", "", `[]`},
1977 // BucketPolicyNone - empty statements, bucket name and non-empty prefix.
1978 {[]Statement{}, BucketPolicyNone, "", "hello", `[]`},
1979 // BucketPolicyReadOnly - empty statements, bucket name and prefix.
1980 {[]Statement{}, BucketPolicyReadOnly, "", "", `[]`},
1981 // BucketPolicyReadOnly - non-empty statements, bucket name and prefix.
1982 {[]Statement{{
1983 Actions: readOnlyBucketActions,
1984 Effect: "Allow",
1985 Principal: User{AWS: set.CreateStringSet("*")},
1986 Resources: set.CreateStringSet("arn:aws:s3:::testbucket"),
1987 }}, BucketPolicyReadOnly, "", "", `[{"Action":["s3:ListBucket"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::testbucket"],"Sid":""}]`},
1988 // BucketPolicyReadOnly - empty statements, non-empty bucket name and prefix.
1989 {[]Statement{}, BucketPolicyReadOnly, "mybucket", "", `[{"Action":["s3:GetBucketLocation","s3:ListBucket"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:GetObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket/*"],"Sid":""}]`},
1990 // BucketPolicyReadOnly - empty statements, bucket name and non-empty prefix.
1991 {[]Statement{}, BucketPolicyReadOnly, "", "hello", `[]`},
1992 // BucketPolicyReadOnly - empty statements, non-empty bucket name and non-empty prefix.
1993 {[]Statement{}, BucketPolicyReadOnly, "mybucket", "hello", `[{"Action":["s3:GetBucketLocation"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:ListBucket"],"Condition":{"StringLike":{"s3:prefix":["hello*"]}},"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:GetObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket/hello*"],"Sid":""}]`},
1994 // BucketPolicyWriteOnly - empty statements, bucket name and prefix.
1995 {[]Statement{}, BucketPolicyReadOnly, "", "", `[]`},
1996 // BucketPolicyWriteOnly - non-empty statements, bucket name and prefix.
1997 {[]Statement{{
1998 Actions: readOnlyBucketActions,
1999 Effect: "Allow",
2000 Principal: User{AWS: set.CreateStringSet("*")},
2001 Resources: set.CreateStringSet("arn:aws:s3:::testbucket"),
2002 }}, BucketPolicyWriteOnly, "", "", `[{"Action":["s3:ListBucket"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::testbucket"],"Sid":""}]`},
2003 // BucketPolicyWriteOnly - empty statements, non-empty bucket name and prefix.
2004 {[]Statement{}, BucketPolicyWriteOnly, "mybucket", "", `[{"Action":["s3:GetBucketLocation","s3:ListBucketMultipartUploads"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:AbortMultipartUpload","s3:DeleteObject","s3:ListMultipartUploadParts","s3:PutObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket/*"],"Sid":""}]`},
2005 // BucketPolicyWriteOnly - empty statements, bucket name and non-empty prefix.
2006 {[]Statement{}, BucketPolicyWriteOnly, "", "hello", `[]`},
2007 // BucketPolicyWriteOnly - empty statements, non-empty bucket name and non-empty prefix.
2008 {[]Statement{}, BucketPolicyWriteOnly, "mybucket", "hello", `[{"Action":["s3:GetBucketLocation","s3:ListBucketMultipartUploads"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket"],"Sid":""},{"Action":["s3:AbortMultipartUpload","s3:DeleteObject","s3:ListMultipartUploadParts","s3:PutObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::mybucket/hello*"],"Sid":""}]`},
2009 // BucketPolicyReadWrite - empty statements, bucket name and prefix.
2010 {[]Statement{}, BucketPolicyReadWrite, "", "", `[]`},

Callers

nothing calls this directly

Calls 4

CreateStringSetFunction · 0.92
SetPolicyFunction · 0.85
MarshalMethod · 0.65
AddMethod · 0.45

Tested by

no test coverage detected