feat: Added bucket policy actions implementation in FE

2026-01-03 10:35:15 +00:00 · 2024-03-06 13:56:29 -05:00
parent b47da6e62b
commit d4f17bf32f
5 changed files with 196 additions and 3 deletions
--- a/backend/backend.go
+++ b/backend/backend.go
@@ -40,7 +40,8 @@ type Backend interface {
 	DeleteBucket(context.Context, *s3.DeleteBucketInput) error
 	PutBucketVersioning(context.Context, *s3.PutBucketVersioningInput) error
 	GetBucketVersioning(_ context.Context, bucket string) (*s3.GetBucketVersioningOutput, error)
-
+	PutBucketPolicy(_ context.Context, bucket string, policy []byte) error
+	GetBucketPolicy(_ context.Context, bucket string) ([]byte, error)
 	// multipart operations
 	CreateMultipartUpload(context.Context, *s3.CreateMultipartUploadInput) (*s3.CreateMultipartUploadOutput, error)
 	CompleteMultipartUpload(context.Context, *s3.CompleteMultipartUploadInput) (*s3.CompleteMultipartUploadOutput, error)
@@ -118,6 +119,12 @@ func (BackendUnsupported) PutBucketVersioning(context.Context, *s3.PutBucketVers
 func (BackendUnsupported) GetBucketVersioning(_ context.Context, bucket string) (*s3.GetBucketVersioningOutput, error) {
 	return nil, s3err.GetAPIError(s3err.ErrNotImplemented)
 }
+func (BackendUnsupported) PutBucketPolicy(_ context.Context, bucket string, policy []byte) error {
+	return s3err.GetAPIError(s3err.ErrNotImplemented)
+}
+func (BackendUnsupported) GetBucketPolicy(_ context.Context, bucket string) ([]byte, error) {
+	return nil, s3err.GetAPIError(s3err.ErrNotImplemented)
+}

 func (BackendUnsupported) CreateMultipartUpload(context.Context, *s3.CreateMultipartUploadInput) (*s3.CreateMultipartUploadOutput, error) {
 	return nil, s3err.GetAPIError(s3err.ErrNotImplemented)
--- a/s3api/controllers/backend_moq_test.go
+++ b/s3api/controllers/backend_moq_test.go
@@ -59,6 +59,9 @@ var _ backend.Backend = &BackendMock{}
 //			GetBucketAclFunc: func(contextMoqParam context.Context, getBucketAclInput *s3.GetBucketAclInput) ([]byte, error) {
 //				panic("mock out the GetBucketAcl method")
 //			},
+//			GetBucketPolicyFunc: func(contextMoqParam context.Context, bucket string) ([]byte, error) {
+//				panic("mock out the GetBucketPolicy method")
+//			},
 //			GetBucketTaggingFunc: func(contextMoqParam context.Context, bucket string) (map[string]string, error) {
 //				panic("mock out the GetBucketTagging method")
 //			},
@@ -107,6 +110,9 @@ var _ backend.Backend = &BackendMock{}
 //			PutBucketAclFunc: func(contextMoqParam context.Context, bucket string, data []byte) error {
 //				panic("mock out the PutBucketAcl method")
 //			},
+//			PutBucketPolicyFunc: func(contextMoqParam context.Context, bucket string, policy []byte) error {
+//				panic("mock out the PutBucketPolicy method")
+//			},
 //			PutBucketTaggingFunc: func(contextMoqParam context.Context, bucket string, tags map[string]string) error {
 //				panic("mock out the PutBucketTagging method")
 //			},
@@ -183,6 +189,9 @@ type BackendMock struct {
 	// GetBucketAclFunc mocks the GetBucketAcl method.
 	GetBucketAclFunc func(contextMoqParam context.Context, getBucketAclInput *s3.GetBucketAclInput) ([]byte, error)

+	// GetBucketPolicyFunc mocks the GetBucketPolicy method.
+	GetBucketPolicyFunc func(contextMoqParam context.Context, bucket string) ([]byte, error)
+
 	// GetBucketTaggingFunc mocks the GetBucketTagging method.
 	GetBucketTaggingFunc func(contextMoqParam context.Context, bucket string) (map[string]string, error)

@@ -231,6 +240,9 @@ type BackendMock struct {
 	// PutBucketAclFunc mocks the PutBucketAcl method.
 	PutBucketAclFunc func(contextMoqParam context.Context, bucket string, data []byte) error

+	// PutBucketPolicyFunc mocks the PutBucketPolicy method.
+	PutBucketPolicyFunc func(contextMoqParam context.Context, bucket string, policy []byte) error
+
 	// PutBucketTaggingFunc mocks the PutBucketTagging method.
 	PutBucketTaggingFunc func(contextMoqParam context.Context, bucket string, tags map[string]string) error

@@ -356,6 +368,13 @@ type BackendMock struct {
 			// GetBucketAclInput is the getBucketAclInput argument value.
 			GetBucketAclInput *s3.GetBucketAclInput
 		}
+		// GetBucketPolicy holds details about calls to the GetBucketPolicy method.
+		GetBucketPolicy []struct {
+			// ContextMoqParam is the contextMoqParam argument value.
+			ContextMoqParam context.Context
+			// Bucket is the bucket argument value.
+			Bucket string
+		}
 		// GetBucketTagging holds details about calls to the GetBucketTagging method.
 		GetBucketTagging []struct {
 			// ContextMoqParam is the contextMoqParam argument value.
@@ -474,6 +493,15 @@ type BackendMock struct {
 			// Data is the data argument value.
 			Data []byte
 		}
+		// PutBucketPolicy holds details about calls to the PutBucketPolicy method.
+		PutBucketPolicy []struct {
+			// ContextMoqParam is the contextMoqParam argument value.
+			ContextMoqParam context.Context
+			// Bucket is the bucket argument value.
+			Bucket string
+			// Policy is the policy argument value.
+			Policy []byte
+		}
 		// PutBucketTagging holds details about calls to the PutBucketTagging method.
 		PutBucketTagging []struct {
 			// ContextMoqParam is the contextMoqParam argument value.
@@ -562,6 +590,7 @@ type BackendMock struct {
 	lockDeleteObjectTagging     sync.RWMutex
 	lockDeleteObjects           sync.RWMutex
 	lockGetBucketAcl            sync.RWMutex
+	lockGetBucketPolicy         sync.RWMutex
 	lockGetBucketTagging        sync.RWMutex
 	lockGetBucketVersioning     sync.RWMutex
 	lockGetObject               sync.RWMutex
@@ -578,6 +607,7 @@ type BackendMock struct {
 	lockListObjectsV2           sync.RWMutex
 	lockListParts               sync.RWMutex
 	lockPutBucketAcl            sync.RWMutex
+	lockPutBucketPolicy         sync.RWMutex
 	lockPutBucketTagging        sync.RWMutex
 	lockPutBucketVersioning     sync.RWMutex
 	lockPutObject               sync.RWMutex
@@ -1035,6 +1065,42 @@ func (mock *BackendMock) GetBucketAclCalls() []struct {
 	return calls
 }

+// GetBucketPolicy calls GetBucketPolicyFunc.
+func (mock *BackendMock) GetBucketPolicy(contextMoqParam context.Context, bucket string) ([]byte, error) {
+	if mock.GetBucketPolicyFunc == nil {
+		panic("BackendMock.GetBucketPolicyFunc: method is nil but Backend.GetBucketPolicy was just called")
+	}
+	callInfo := struct {
+		ContextMoqParam context.Context
+		Bucket          string
+	}{
+		ContextMoqParam: contextMoqParam,
+		Bucket:          bucket,
+	}
+	mock.lockGetBucketPolicy.Lock()
+	mock.calls.GetBucketPolicy = append(mock.calls.GetBucketPolicy, callInfo)
+	mock.lockGetBucketPolicy.Unlock()
+	return mock.GetBucketPolicyFunc(contextMoqParam, bucket)
+}
+
+// GetBucketPolicyCalls gets all the calls that were made to GetBucketPolicy.
+// Check the length with:
+//
+//	len(mockedBackend.GetBucketPolicyCalls())
+func (mock *BackendMock) GetBucketPolicyCalls() []struct {
+	ContextMoqParam context.Context
+	Bucket          string
+} {
+	var calls []struct {
+		ContextMoqParam context.Context
+		Bucket          string
+	}
+	mock.lockGetBucketPolicy.RLock()
+	calls = mock.calls.GetBucketPolicy
+	mock.lockGetBucketPolicy.RUnlock()
+	return calls
+}
+
 // GetBucketTagging calls GetBucketTaggingFunc.
 func (mock *BackendMock) GetBucketTagging(contextMoqParam context.Context, bucket string) (map[string]string, error) {
 	if mock.GetBucketTaggingFunc == nil {
@@ -1623,6 +1689,46 @@ func (mock *BackendMock) PutBucketAclCalls() []struct {
 	return calls
 }

+// PutBucketPolicy calls PutBucketPolicyFunc.
+func (mock *BackendMock) PutBucketPolicy(contextMoqParam context.Context, bucket string, policy []byte) error {
+	if mock.PutBucketPolicyFunc == nil {
+		panic("BackendMock.PutBucketPolicyFunc: method is nil but Backend.PutBucketPolicy was just called")
+	}
+	callInfo := struct {
+		ContextMoqParam context.Context
+		Bucket          string
+		Policy          []byte
+	}{
+		ContextMoqParam: contextMoqParam,
+		Bucket:          bucket,
+		Policy:          policy,
+	}
+	mock.lockPutBucketPolicy.Lock()
+	mock.calls.PutBucketPolicy = append(mock.calls.PutBucketPolicy, callInfo)
+	mock.lockPutBucketPolicy.Unlock()
+	return mock.PutBucketPolicyFunc(contextMoqParam, bucket, policy)
+}
+
+// PutBucketPolicyCalls gets all the calls that were made to PutBucketPolicy.
+// Check the length with:
+//
+//	len(mockedBackend.PutBucketPolicyCalls())
+func (mock *BackendMock) PutBucketPolicyCalls() []struct {
+	ContextMoqParam context.Context
+	Bucket          string
+	Policy          []byte
+} {
+	var calls []struct {
+		ContextMoqParam context.Context
+		Bucket          string
+		Policy          []byte
+	}
+	mock.lockPutBucketPolicy.RLock()
+	calls = mock.calls.PutBucketPolicy
+	mock.lockPutBucketPolicy.RUnlock()
+	return calls
+}
+
 // PutBucketTagging calls PutBucketTaggingFunc.
 func (mock *BackendMock) PutBucketTagging(contextMoqParam context.Context, bucket string, tags map[string]string) error {
 	if mock.PutBucketTaggingFunc == nil {
--- a/s3api/controllers/base.go
+++ b/s3api/controllers/base.go
@@ -406,6 +406,26 @@ func (c S3ApiController) ListActions(ctx *fiber.Ctx) error {
 			})
 	}

+	if ctx.Request().URI().QueryArgs().Has("policy") {
+		err := auth.VerifyACL(parsedAcl, acct.Access, "READ", isRoot)
+		if err != nil {
+			return SendXMLResponse(ctx, nil, err,
+				&MetaOpts{
+					Logger:      c.logger,
+					Action:      "GetBucketPolicy",
+					BucketOwner: parsedAcl.Owner,
+				})
+		}
+
+		data, err := c.be.GetBucketPolicy(ctx.Context(), bucket)
+		return SendXMLResponse(ctx, data, err,
+			&MetaOpts{
+				Logger:      c.logger,
+				Action:      "GetBucketPolicy",
+				BucketOwner: parsedAcl.Owner,
+			})
+	}
+
 	if ctx.Request().URI().QueryArgs().Has("versions") {
 		err := auth.VerifyACL(parsedAcl, acct.Access, "READ", isRoot)
 		if err != nil {
@@ -676,6 +696,27 @@ func (c S3ApiController) PutBucketActions(ctx *fiber.Ctx) error {
 			})
 	}

+	if ctx.Request().URI().QueryArgs().Has("policy") {
+		parsedAcl := ctx.Locals("parsedAcl").(auth.ACL)
+		err := auth.VerifyACL(parsedAcl, acct.Access, "WRITE", isRoot)
+		if err != nil {
+			return SendResponse(ctx, err,
+				&MetaOpts{
+					Logger:      c.logger,
+					Action:      "PutBucketPolicy",
+					BucketOwner: parsedAcl.Owner,
+				})
+		}
+
+		err = c.be.PutBucketPolicy(ctx.Context(), bucket, ctx.Body())
+		return SendResponse(ctx, err,
+			&MetaOpts{
+				Logger:      c.logger,
+				Action:      "PutBucketPolicy",
+				BucketOwner: parsedAcl.Owner,
+			})
+	}
+
 	grants := grantFullControl + grantRead + grantReadACP + granWrite + grantWriteACP

 	if ctx.Request().URI().QueryArgs().Has("acl") {
@@ -1788,7 +1829,13 @@ func SendXMLResponse(ctx *fiber.Ctx, resp any, err error, l *MetaOpts) error {

 	var b []byte

-	if resp != nil {
+	// Handle already encoded responses(text, json...)
+	encodedResp, ok := resp.([]byte)
+	if ok {
+		b = encodedResp
+	}
+
+	if resp != nil && !ok {
 		if b, err = xml.Marshal(resp); err != nil {
 			return err
 		}
@@ -1818,6 +1865,14 @@ func SendXMLResponse(ctx *fiber.Ctx, resp any, err error, l *MetaOpts) error {
 		})
 	}

+	if ok {
+		if len(b) > 0 {
+			ctx.Response().Header.Set("Content-Length", fmt.Sprint(len(b)))
+		}
+
+		return ctx.Send(b)
+	}
+
 	msglen := len(xmlhdr) + len(b)
 	if msglen > maxXMLBodyLen {
 		log.Printf("XML encoded body len %v exceeds max len %v",
--- a/s3api/controllers/base_test.go
+++ b/s3api/controllers/base_test.go
@@ -352,6 +352,9 @@ func TestS3ApiController_ListActions(t *testing.T) {
 			ListObjectVersionsFunc: func(contextMoqParam context.Context, listObjectVersionsInput *s3.ListObjectVersionsInput) (*s3.ListObjectVersionsOutput, error) {
 				return &s3.ListObjectVersionsOutput{}, nil
 			},
+			GetBucketPolicyFunc: func(contextMoqParam context.Context, bucket string) ([]byte, error) {
+				return []byte{}, nil
+			},
 		},
 	}

@@ -468,6 +471,15 @@ func TestS3ApiController_ListActions(t *testing.T) {
 			wantErr:    false,
 			statusCode: 200,
 		},
+		{
+			name: "List-actions-get-bucket-policy-success",
+			app:  app,
+			args: args{
+				req: httptest.NewRequest(http.MethodGet, "/my-bucket?policy", nil),
+			},
+			wantErr:    false,
+			statusCode: 200,
+		},
 		{
 			name: "List-actions-list-object-versions-success",
 			app:  app,
@@ -575,6 +587,9 @@ func TestS3ApiController_PutBucketActions(t *testing.T) {
 			PutBucketVersioningFunc: func(contextMoqParam context.Context, putBucketVersioningInput *s3.PutBucketVersioningInput) error {
 				return nil
 			},
+			PutBucketPolicyFunc: func(contextMoqParam context.Context, bucket string, policy []byte) error {
+				return nil
+			},
 		},
 	}
 	// Mock ctx.Locals
@@ -651,6 +666,15 @@ func TestS3ApiController_PutBucketActions(t *testing.T) {
 			wantErr:    false,
 			statusCode: 200,
 		},
+		{
+			name: "Put-bucket-policy-success",
+			app:  app,
+			args: args{
+				req: httptest.NewRequest(http.MethodPut, "/my-bucket?policy", nil),
+			},
+			wantErr:    false,
+			statusCode: 200,
+		},
 		{
 			name: "Put-bucket-acl-invalid-acl",
 			app:  app,
--- a/s3api/middlewares/acl-parser.go
+++ b/s3api/middlewares/acl-parser.go
@@ -47,7 +47,8 @@ func AclParser(be backend.Backend, logger s3log.AuditLogger) fiber.Handler {
 			ctx.Method() == http.MethodPut &&
 			!ctx.Request().URI().QueryArgs().Has("acl") &&
 			!ctx.Request().URI().QueryArgs().Has("tagging") &&
-			!ctx.Request().URI().QueryArgs().Has("versioning") {
+			!ctx.Request().URI().QueryArgs().Has("versioning") &&
+			!ctx.Request().URI().QueryArgs().Has("policy") {
 			if err := auth.MayCreateBucket(acct, isRoot); err != nil {
 				return controllers.SendXMLResponse(ctx, nil, err, &controllers.MetaOpts{Logger: logger, Action: "CreateBucket"})
 			}