Golint cleanup pkg/utils/policy
This commit is contained in:
Harshavardhana
parent
3e321b6631
commit
c36450a83a
|
|
@ -6,19 +6,19 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
// For 0000-00-00 Date type
|
// Date - [0000-00-00]
|
||||||
type Date struct {
|
type Date struct {
|
||||||
Year int16
|
Year int16
|
||||||
Month byte
|
Month byte
|
||||||
Day byte
|
Day byte
|
||||||
}
|
}
|
||||||
|
|
||||||
// Date to string output in yyyy-mm-dd format
|
// String output in yyyy-mm-dd format
|
||||||
func (d Date) String() string {
|
func (d Date) String() string {
|
||||||
return fmt.Sprintf("%04d-%02d-%02d", d.Year, d.Month, d.Day)
|
return fmt.Sprintf("%04d-%02d-%02d", d.Year, d.Month, d.Day)
|
||||||
}
|
}
|
||||||
|
|
||||||
// True if date is 0000-00-00
|
// IsZero true if date is 0000-00-00
|
||||||
func (d Date) IsZero() bool {
|
func (d Date) IsZero() bool {
|
||||||
return d.Day == 0 && d.Month == 0 && d.Year == 0
|
return d.Day == 0 && d.Month == 0 && d.Year == 0
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -6,35 +6,41 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
type UserCred struct {
|
// User - AWS canonical
|
||||||
|
type User struct {
|
||||||
AWS string
|
AWS string
|
||||||
}
|
}
|
||||||
|
|
||||||
type Stmt struct {
|
// Statement - AWS policy statement
|
||||||
|
type Statement struct {
|
||||||
Sid string
|
Sid string
|
||||||
Effect string
|
Effect string
|
||||||
Principal UserCred
|
Principal User
|
||||||
Action []string
|
Action []string
|
||||||
Resource []string
|
Resource []string
|
||||||
// TODO fix it in future if necessary - Condition {}
|
// TODO fix it in future if necessary - Condition {}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// BucketPolicy - AWS policy collection
|
||||||
type BucketPolicy struct {
|
type BucketPolicy struct {
|
||||||
Version string // date in 0000-00-00 format
|
Version string // date in 0000-00-00 format
|
||||||
Statement []Stmt
|
Statement []Statement
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Resource delimiter
|
||||||
const (
|
const (
|
||||||
AwsResource = "arn:aws:s3:::"
|
AwsResource = "arn:aws:s3:::"
|
||||||
MinioResource = "minio:::"
|
MinioResource = "minio:::"
|
||||||
)
|
)
|
||||||
|
|
||||||
// TODO support canonical user
|
// TODO support canonical user
|
||||||
|
// Principal delimiter
|
||||||
const (
|
const (
|
||||||
AwsPrincipal = "arn:aws:iam::"
|
AwsPrincipal = "arn:aws:iam::"
|
||||||
MinioPrincipal = "minio::"
|
MinioPrincipal = "minio::"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// Action map
|
||||||
var SupportedActionMap = map[string]bool{
|
var SupportedActionMap = map[string]bool{
|
||||||
"*": true,
|
"*": true,
|
||||||
"s3:GetObject": true,
|
"s3:GetObject": true,
|
||||||
|
|
@ -47,22 +53,19 @@ var SupportedActionMap = map[string]bool{
|
||||||
"s3:PutBucketPolicy": true,
|
"s3:PutBucketPolicy": true,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Effect map
|
||||||
var SupportedEffectMap = map[string]bool{
|
var SupportedEffectMap = map[string]bool{
|
||||||
"Allow": true,
|
"Allow": true,
|
||||||
"Deny": true,
|
"Deny": true,
|
||||||
}
|
}
|
||||||
|
|
||||||
func isValidAction(action []string) bool {
|
func isValidAction(action []string) bool {
|
||||||
var ok bool = false
|
|
||||||
for _, a := range action {
|
for _, a := range action {
|
||||||
if !SupportedActionMap[a] {
|
if !SupportedActionMap[a] {
|
||||||
goto error
|
return false
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
ok = true
|
return true
|
||||||
|
|
||||||
error:
|
|
||||||
return ok
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func isValidEffect(effect string) bool {
|
func isValidEffect(effect string) bool {
|
||||||
|
|
@ -73,7 +76,7 @@ func isValidEffect(effect string) bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
func isValidResource(resources []string) bool {
|
func isValidResource(resources []string) bool {
|
||||||
var ok bool = false
|
var ok bool
|
||||||
for _, resource := range resources {
|
for _, resource := range resources {
|
||||||
switch true {
|
switch true {
|
||||||
case strings.HasPrefix(resource, AwsResource):
|
case strings.HasPrefix(resource, AwsResource):
|
||||||
|
|
@ -96,7 +99,7 @@ func isValidResource(resources []string) bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
func isValidPrincipal(principal string) bool {
|
func isValidPrincipal(principal string) bool {
|
||||||
var ok bool = false
|
var ok bool
|
||||||
if principal == "*" {
|
if principal == "*" {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
@ -120,7 +123,7 @@ func isValidPrincipal(principal string) bool {
|
||||||
return ok
|
return ok
|
||||||
}
|
}
|
||||||
|
|
||||||
// validate request body is proper JSON
|
// Parsepolicy - validate request body is proper JSON and in accordance with policy standards
|
||||||
func Parsepolicy(data io.Reader) (BucketPolicy, bool) {
|
func Parsepolicy(data io.Reader) (BucketPolicy, bool) {
|
||||||
var policy BucketPolicy
|
var policy BucketPolicy
|
||||||
decoder := json.NewDecoder(data)
|
decoder := json.NewDecoder(data)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue