diff options
| author | Tom Crasset <25140344+tcrasset@users.noreply.github.com> | 2025-01-28 14:42:03 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-01-28 05:42:03 -0800 |
| commit | 7c3a0ed8747fafbf0f5bfb3ab3c9249d4a2115ea (patch) | |
| tree | 1697874b93783b2fdc93104a66448c4b5db3e55b | |
| parent | be5f6b356585b4a4f9326618fdc6f763c8d7da91 (diff) | |
| download | seaweedfs-7c3a0ed8747fafbf0f5bfb3ab3c9249d4a2115ea.tar.xz seaweedfs-7c3a0ed8747fafbf0f5bfb3ab3c9249d4a2115ea.zip | |
return error on invalid action in PutUserPolicy (#6482)
| -rw-r--r-- | weed/iamapi/iamapi_management_handlers.go | 5 | ||||
| -rw-r--r-- | weed/iamapi/iamapi_management_handlers_test.go | 21 |
2 files changed, 26 insertions, 0 deletions
diff --git a/weed/iamapi/iamapi_management_handlers.go b/weed/iamapi/iamapi_management_handlers.go index baa153cd6..094ca2332 100644 --- a/weed/iamapi/iamapi_management_handlers.go +++ b/weed/iamapi/iamapi_management_handlers.go @@ -343,6 +343,11 @@ func GetActions(policy *PolicyDocument) ([]string, error) { continue } statementAction := MapToStatementAction(act[1]) + + if statementAction == "" { + return nil, fmt.Errorf("not a valid action: '%s'", act[1]) + } + path := res[5] if path == "*" { actions = append(actions, statementAction) diff --git a/weed/iamapi/iamapi_management_handlers_test.go b/weed/iamapi/iamapi_management_handlers_test.go index 9b4a92c24..eac82caa7 100644 --- a/weed/iamapi/iamapi_management_handlers_test.go +++ b/weed/iamapi/iamapi_management_handlers_test.go @@ -69,3 +69,24 @@ func TestGetActionsWildcardPath(t *testing.T) { } assert.Equal(t, expectedActions, actions) } + +func TestGetActionsInvalidAction(t *testing.T) { + policyDocument := PolicyDocument{ + Version: "2012-10-17", + Statement: []*Statement{ + { + Effect: "Allow", + Action: []string{ + "s3:InvalidAction", + }, + Resource: []string{ + "arn:aws:s3:::shared/user-Alice/*", + }, + }, + }, + } + + _, err := GetActions(&policyDocument) + assert.NotNil(t, err) + assert.Equal(t, "not a valid action: 'InvalidAction'", err.Error()) +} |