예제 #1
0
// SetBucketPolicy set the access permissions on an existing bucket.
//
// For example
//
//  none - owner gets full access [default].
//  readonly - anonymous get access for everyone at a given object prefix.
//  readwrite - anonymous list/put/delete access to a given object prefix.
//  writeonly - anonymous put/delete access to a given object prefix.
func (c Client) SetBucketPolicy(bucketName string, objectPrefix string, bucketPolicy policy.BucketPolicy) error {
	// Input validation.
	if err := isValidBucketName(bucketName); err != nil {
		return err
	}
	if err := isValidObjectPrefix(objectPrefix); err != nil {
		return err
	}
	if !bucketPolicy.IsValidBucketPolicy() {
		return ErrInvalidArgument(fmt.Sprintf("Invalid bucket policy provided. %s", bucketPolicy))
	}
	policyInfo, err := c.getBucketPolicy(bucketName, objectPrefix)
	if err != nil {
		return err
	}

	if bucketPolicy == policy.BucketPolicyNone && policyInfo.Statements == nil {
		// As the request is for removing policy and the bucket
		// has empty policy statements, just return success.
		return nil
	}

	policyInfo.Statements = policy.SetPolicy(policyInfo.Statements, bucketPolicy, bucketName, objectPrefix)

	// Save the updated policies.
	return c.putBucketPolicy(bucketName, policyInfo)
}
예제 #2
0
// SetBucketPolicy - set bucket policy.
func (web *webAPIHandlers) SetBucketPolicy(r *http.Request, args *SetBucketPolicyArgs, reply *WebGenericRep) error {
	if !isJWTReqAuthenticated(r) {
		return &json2.Error{Message: "Unauthorized request"}
	}

	bucketPolicy := policy.BucketPolicy(args.Policy)
	if !bucketPolicy.IsValidBucketPolicy() {
		return &json2.Error{Message: "Invalid policy " + args.Policy}
	}

	objectAPI := web.ObjectAPI()
	if objectAPI == nil {
		return &json2.Error{Message: "Server not initialized"}
	}
	policyInfo, err := readBucketAccessPolicy(objectAPI, args.BucketName)
	if err != nil {
		return &json2.Error{Message: err.Error()}
	}

	policyInfo.Statements = policy.SetPolicy(policyInfo.Statements, bucketPolicy, args.BucketName, args.Prefix)

	data, err := json.Marshal(policyInfo)
	if err != nil {
		return &json2.Error{Message: err.Error()}
	}

	// TODO: update policy statements according to bucket name, prefix and policy arguments.
	if err := writeBucketPolicy(args.BucketName, objectAPI, bytes.NewReader(data), int64(len(data))); err != nil {
		return &json2.Error{Message: err.Error()}
	}

	reply.UIVersion = miniobrowser.UIVersion

	return nil
}
예제 #3
0
// SetBucketPolicy - set bucket policy.
func (web *webAPIHandlers) SetBucketPolicy(r *http.Request, args *SetBucketPolicyArgs, reply *WebGenericRep) error {
	objectAPI := web.ObjectAPI()
	if objectAPI == nil {
		return toJSONError(errServerNotInitialized)
	}

	if !isJWTReqAuthenticated(r) {
		return toJSONError(errAuthentication)
	}

	bucketP := policy.BucketPolicy(args.Policy)
	if !bucketP.IsValidBucketPolicy() {
		return &json2.Error{
			Message: "Invalid policy type " + args.Policy,
		}
	}

	policyInfo, err := readBucketAccessPolicy(objectAPI, args.BucketName)
	if err != nil {
		return toJSONError(err, args.BucketName)
	}
	policyInfo.Statements = policy.SetPolicy(policyInfo.Statements, bucketP, args.BucketName, args.Prefix)
	if len(policyInfo.Statements) == 0 {
		err = persistAndNotifyBucketPolicyChange(args.BucketName, policyChange{true, nil}, objectAPI)
		if err != nil {
			return toJSONError(err, args.BucketName)
		}
		reply.UIVersion = miniobrowser.UIVersion
		return nil
	}
	data, err := json.Marshal(policyInfo)
	if err != nil {
		return toJSONError(err)
	}

	// Parse validate and save bucket policy.
	if s3Error := parseAndPersistBucketPolicy(args.BucketName, data, objectAPI); s3Error != ErrNone {
		apiErr := getAPIError(s3Error)
		var err error
		if apiErr.Code == "XMinioPolicyNesting" {
			err = PolicyNesting{}
		} else {
			err = errors.New(apiErr.Description)
		}
		return toJSONError(err, args.BucketName)
	}
	reply.UIVersion = miniobrowser.UIVersion
	return nil
}
예제 #4
0
// SetBucketPolicy - set bucket policy.
func (web *webAPIHandlers) SetBucketPolicy(r *http.Request, args *SetBucketPolicyArgs, reply *WebGenericRep) error {
	objectAPI := web.ObjectAPI()
	if objectAPI == nil {
		return toJSONError(errServerNotInitialized)
	}

	if !isJWTReqAuthenticated(r) {
		return toJSONError(errAuthentication)
	}

	bucketP := policy.BucketPolicy(args.Policy)
	if !bucketP.IsValidBucketPolicy() {
		return &json2.Error{
			Message: "Invalid policy type " + args.Policy,
		}
	}

	policyInfo, err := readBucketAccessPolicy(objectAPI, args.BucketName)
	if err != nil {
		return toJSONError(err, args.BucketName)
	}
	policyInfo.Statements = policy.SetPolicy(policyInfo.Statements, bucketP, args.BucketName, args.Prefix)
	if len(policyInfo.Statements) == 0 {
		err = persistAndNotifyBucketPolicyChange(args.BucketName, policyChange{true, nil}, objectAPI)
		if err != nil {
			return toJSONError(err, args.BucketName)
		}
		reply.UIVersion = miniobrowser.UIVersion
		return nil
	}
	data, err := json.Marshal(policyInfo)
	if err != nil {
		return toJSONError(err)
	}

	// Parse bucket policy.
	var policy = &bucketPolicy{}
	err = parseBucketPolicy(bytes.NewReader(data), policy)
	if err != nil {
		errorIf(err, "Unable to parse bucket policy.")
		return toJSONError(err, args.BucketName)
	}

	// Parse check bucket policy.
	if s3Error := checkBucketPolicyResources(args.BucketName, policy); s3Error != ErrNone {
		apiErr := getAPIError(s3Error)
		var err error
		if apiErr.Code == "XMinioPolicyNesting" {
			err = PolicyNesting{}
		} else {
			err = errors.New(apiErr.Description)
		}
		return toJSONError(err, args.BucketName)
	}

	// TODO: update policy statements according to bucket name,
	// prefix and policy arguments.
	if err := persistAndNotifyBucketPolicyChange(args.BucketName, policyChange{false, policy}, objectAPI); err != nil {
		return toJSONError(err, args.BucketName)
	}
	reply.UIVersion = miniobrowser.UIVersion
	return nil
}