gateway: Restore bucket policy functionality for Azure (#4209)

2017-05-02 12:27:25 -07:00 · 2017-05-02 12:27:25 -07:00 · 4aa65910e5
parent 8b272a3163
commit 4aa65910e5
1 changed files with 44 additions and 3 deletions
--- a/cmd/gateway-azure.go
+++ b/cmd/gateway-azure.go
@ -599,15 +599,56 @@ func azureListBlobsGetParameters(p storage.ListBlobsParameters) url.Values {
 // As the common denominator for minio and azure is readonly and none, we support
 // these two policies at the bucket level.
 func (a AzureObjects) SetBucketPolicies(bucket string, policyInfo policy.BucketAccessPolicy) error {
-	return traceError(NotSupported{})
+	var policies []BucketAccessPolicy
+
+	for prefix, policy := range policy.GetPolicies(policyInfo.Statements, bucket) {
+		policies = append(policies, BucketAccessPolicy{
+			Prefix: prefix,
+			Policy: policy,
+		})
+	}
+	prefix := bucket + "/*" // For all objects inside the bucket.
+	if len(policies) != 1 {
+		return traceError(NotImplemented{})
+	}
+	if policies[0].Prefix != prefix {
+		return traceError(NotImplemented{})
+	}
+	if policies[0].Policy != policy.BucketPolicyReadOnly {
+		return traceError(NotImplemented{})
+	}
+	perm := storage.ContainerPermissions{
+		AccessType:     storage.ContainerAccessTypeContainer,
+		AccessPolicies: nil,
+	}
+	err := a.client.SetContainerPermissions(bucket, perm, 0, "")
+	return azureToObjectError(traceError(err), bucket)
 }

 // GetBucketPolicies - Get the container ACL and convert it to canonical []bucketAccessPolicy
 func (a AzureObjects) GetBucketPolicies(bucket string) (policy.BucketAccessPolicy, error) {
-	return policy.BucketAccessPolicy{}, traceError(NotSupported{})
+	policyInfo := policy.BucketAccessPolicy{Version: "2012-10-17"}
+	perm, err := a.client.GetContainerPermissions(bucket, 0, "")
+	if err != nil {
+		return policy.BucketAccessPolicy{}, azureToObjectError(traceError(err), bucket)
+	}
+	switch perm.AccessType {
+	case storage.ContainerAccessTypePrivate:
+		// Do nothing
+	case storage.ContainerAccessTypeContainer:
+		policyInfo.Statements = policy.SetPolicy(policyInfo.Statements, policy.BucketPolicyReadOnly, bucket, "")
+	default:
+		return policy.BucketAccessPolicy{}, azureToObjectError(traceError(NotImplemented{}))
+	}
+	return policyInfo, nil
 }

 // DeleteBucketPolicies - Set the container ACL to "private"
 func (a AzureObjects) DeleteBucketPolicies(bucket string) error {
-	return traceError(NotSupported{})
+	perm := storage.ContainerPermissions{
+		AccessType:     storage.ContainerAccessTypePrivate,
+		AccessPolicies: nil,
+	}
+	err := a.client.SetContainerPermissions(bucket, perm, 0, "")
+	return azureToObjectError(traceError(err))
 }