1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
package iamapi
import (
"testing"
"github.com/seaweedfs/seaweedfs/weed/s3api/policy_engine"
"github.com/stretchr/testify/assert"
)
func TestGetActionsUserPath(t *testing.T) {
policyDocument := policy_engine.PolicyDocument{
Version: "2012-10-17",
Statement: []policy_engine.PolicyStatement{
{
Effect: policy_engine.PolicyEffectAllow,
Action: policy_engine.NewStringOrStringSlice("s3:Put*", "s3:PutBucketAcl", "s3:Get*", "s3:GetBucketAcl", "s3:List*", "s3:Tagging*", "s3:DeleteBucket*"),
Resource: policy_engine.NewStringOrStringSlice("arn:aws:s3:::shared/user-Alice/*"),
},
},
}
actions, _ := GetActions(&policyDocument)
expectedActions := []string{
"Write:shared/user-Alice/*",
"WriteAcp:shared/user-Alice/*",
"Read:shared/user-Alice/*",
"ReadAcp:shared/user-Alice/*",
"List:shared/user-Alice/*",
"Tagging:shared/user-Alice/*",
"DeleteBucket:shared/user-Alice/*",
}
assert.Equal(t, expectedActions, actions)
}
func TestGetActionsWildcardPath(t *testing.T) {
policyDocument := policy_engine.PolicyDocument{
Version: "2012-10-17",
Statement: []policy_engine.PolicyStatement{
{
Effect: policy_engine.PolicyEffectAllow,
Action: policy_engine.NewStringOrStringSlice("s3:Get*", "s3:PutBucketAcl"),
Resource: policy_engine.NewStringOrStringSlice("arn:aws:s3:::*"),
},
},
}
actions, _ := GetActions(&policyDocument)
expectedActions := []string{
"Read",
"WriteAcp",
}
assert.Equal(t, expectedActions, actions)
}
func TestGetActionsInvalidAction(t *testing.T) {
policyDocument := policy_engine.PolicyDocument{
Version: "2012-10-17",
Statement: []policy_engine.PolicyStatement{
{
Effect: policy_engine.PolicyEffectAllow,
Action: policy_engine.NewStringOrStringSlice("s3:InvalidAction"),
Resource: policy_engine.NewStringOrStringSlice("arn:aws:s3:::shared/user-Alice/*"),
},
},
}
_, err := GetActions(&policyDocument)
assert.NotNil(t, err)
assert.Equal(t, "not a valid action: 'InvalidAction'", err.Error())
}
|
