From 4aa65910e5af3d215b8b1c362f2b5016aa3edaaf Mon Sep 17 00:00:00 2001
From: Krishna Srinivas <krishna@minio.io>
Date: Tue, 2 May 2017 12:27:25 -0700
Subject: [PATCH] gateway: Restore bucket policy functionality for Azure
 (#4209)

---
 cmd/gateway-azure.go | 47 +++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 44 insertions(+), 3 deletions(-)

diff --git a/cmd/gateway-azure.go b/cmd/gateway-azure.go
index 86468ae4c..da9b74630 100644
--- a/cmd/gateway-azure.go
+++ b/cmd/gateway-azure.go
@@ -599,15 +599,56 @@ func azureListBlobsGetParameters(p storage.ListBlobsParameters) url.Values {
 // As the common denominator for minio and azure is readonly and none, we support
 // these two policies at the bucket level.
 func (a AzureObjects) SetBucketPolicies(bucket string, policyInfo policy.BucketAccessPolicy) error {
-	return traceError(NotSupported{})
+	var policies []BucketAccessPolicy
+
+	for prefix, policy := range policy.GetPolicies(policyInfo.Statements, bucket) {
+		policies = append(policies, BucketAccessPolicy{
+			Prefix: prefix,
+			Policy: policy,
+		})
+	}
+	prefix := bucket + "/*" // For all objects inside the bucket.
+	if len(policies) != 1 {
+		return traceError(NotImplemented{})
+	}
+	if policies[0].Prefix != prefix {
+		return traceError(NotImplemented{})
+	}
+	if policies[0].Policy != policy.BucketPolicyReadOnly {
+		return traceError(NotImplemented{})
+	}
+	perm := storage.ContainerPermissions{
+		AccessType:     storage.ContainerAccessTypeContainer,
+		AccessPolicies: nil,
+	}
+	err := a.client.SetContainerPermissions(bucket, perm, 0, "")
+	return azureToObjectError(traceError(err), bucket)
 }
 
 // GetBucketPolicies - Get the container ACL and convert it to canonical []bucketAccessPolicy
 func (a AzureObjects) GetBucketPolicies(bucket string) (policy.BucketAccessPolicy, error) {
-	return policy.BucketAccessPolicy{}, traceError(NotSupported{})
+	policyInfo := policy.BucketAccessPolicy{Version: "2012-10-17"}
+	perm, err := a.client.GetContainerPermissions(bucket, 0, "")
+	if err != nil {
+		return policy.BucketAccessPolicy{}, azureToObjectError(traceError(err), bucket)
+	}
+	switch perm.AccessType {
+	case storage.ContainerAccessTypePrivate:
+		// Do nothing
+	case storage.ContainerAccessTypeContainer:
+		policyInfo.Statements = policy.SetPolicy(policyInfo.Statements, policy.BucketPolicyReadOnly, bucket, "")
+	default:
+		return policy.BucketAccessPolicy{}, azureToObjectError(traceError(NotImplemented{}))
+	}
+	return policyInfo, nil
 }
 
 // DeleteBucketPolicies - Set the container ACL to "private"
 func (a AzureObjects) DeleteBucketPolicies(bucket string) error {
-	return traceError(NotSupported{})
+	perm := storage.ContainerPermissions{
+		AccessType:     storage.ContainerAccessTypePrivate,
+		AccessPolicies: nil,
+	}
+	err := a.client.SetContainerPermissions(bucket, perm, 0, "")
+	return azureToObjectError(traceError(err))
 }