Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

not skipping numeric and boolean values in arrays

pull/7472/head
chrislu 1 month ago
parent
4267642592
commit
2505a335c5
2 changed files with 200 additions and 9 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      weed/s3api/policy_conversion.go
  2. 197
      weed/s3api/policy_conversion_test.go

12
weed/s3api/policy_conversion.go
View File

@ -78,9 +78,7 @@ func convertPrincipal(principal interface{}) *policy_engine.StringOrStringSlice
// Convert []interface{} to []string // Convert []interface{} to []string
strs = make([]string, 0, len(p)) strs = make([]string, 0, len(p))
for _, v := range p { for _, v := range p {
if str, ok := v.(string); ok {
strs = append(strs, str)
}
strs = append(strs, convertToString(v))
} }
case map[string]interface{}: case map[string]interface{}:
// Handle AWS-style principal with service/user keys // Handle AWS-style principal with service/user keys
@ -93,9 +91,7 @@ func convertPrincipal(principal interface{}) *policy_engine.StringOrStringSlice
strs = append(strs, val...) strs = append(strs, val...)
case []interface{}: case []interface{}:
for _, item := range val { for _, item := range val {
if str, ok := item.(string); ok {
strs = append(strs, str)
}
strs = append(strs, convertToString(item))
} }
} }
} }
@ -139,9 +135,7 @@ func convertConditionValue(value interface{}) policy_engine.StringOrStringSlice
case []interface{}: case []interface{}:
strs := make([]string, 0, len(v)) strs := make([]string, 0, len(v))
for _, item := range v { for _, item := range v {
if str, ok := item.(string); ok {
strs = append(strs, str)
}
strs = append(strs, convertToString(item))
} }
return policy_engine.NewStringOrStringSlice(strs...) return policy_engine.NewStringOrStringSlice(strs...)
default: default:

197
weed/s3api/policy_conversion_test.go
View File

@ -0,0 +1,197 @@
package s3api
import (
"testing"
"github.com/seaweedfs/seaweedfs/weed/iam/policy"
)
func TestConvertPolicyDocumentWithMixedTypes(t *testing.T) {
// Test that numeric and boolean values in arrays are properly converted
src := &policy.PolicyDocument{
Version: "2012-10-17",
Statement: []policy.Statement{
{
Sid: "TestMixedTypes",
Effect: "Allow",
Action: []string{"s3:GetObject"},
Resource: []string{"arn:aws:s3:::bucket/*"},
Principal: []interface{}{"user1", 123, true}, // Mixed types
Condition: map[string]map[string]interface{}{
"NumericEquals": {
"s3:max-keys": []interface{}{100, 200, "300"}, // Mixed types
},
"StringEquals": {
"s3:prefix": []interface{}{"test", 123, false}, // Mixed types
},
},
},
},
}
// Convert
dest := ConvertPolicyDocumentToPolicyEngine(src)
// Verify document structure
if dest == nil {
t.Fatal("Expected non-nil result")
}
if dest.Version != "2012-10-17" {
t.Errorf("Expected version '2012-10-17', got '%s'", dest.Version)
}
if len(dest.Statement) != 1 {
t.Fatalf("Expected 1 statement, got %d", len(dest.Statement))
}
stmt := dest.Statement[0]
// Verify Principal conversion (should have 3 items converted to strings)
if stmt.Principal == nil {
t.Fatal("Expected non-nil Principal")
}
principals := stmt.Principal.Strings()
if len(principals) != 3 {
t.Errorf("Expected 3 principals, got %d", len(principals))
}
// Check that numeric and boolean were converted
expectedPrincipals := []string{"user1", "123", "true"}
for i, expected := range expectedPrincipals {
if principals[i] != expected {
t.Errorf("Principal[%d]: expected '%s', got '%s'", i, expected, principals[i])
}
}
// Verify Condition conversion
if len(stmt.Condition) != 2 {
t.Errorf("Expected 2 condition blocks, got %d", len(stmt.Condition))
}
// Check NumericEquals condition
numericCond, ok := stmt.Condition["NumericEquals"]
if !ok {
t.Fatal("Expected NumericEquals condition")
}
maxKeys, ok := numericCond["s3:max-keys"]
if !ok {
t.Fatal("Expected s3:max-keys in NumericEquals")
}
maxKeysStrs := maxKeys.Strings()
expectedMaxKeys := []string{"100", "200", "300"}
if len(maxKeysStrs) != len(expectedMaxKeys) {
t.Errorf("Expected %d max-keys values, got %d", len(expectedMaxKeys), len(maxKeysStrs))
}
for i, expected := range expectedMaxKeys {
if maxKeysStrs[i] != expected {
t.Errorf("max-keys[%d]: expected '%s', got '%s'", i, expected, maxKeysStrs[i])
}
}
// Check StringEquals condition
stringCond, ok := stmt.Condition["StringEquals"]
if !ok {
t.Fatal("Expected StringEquals condition")
}
prefix, ok := stringCond["s3:prefix"]
if !ok {
t.Fatal("Expected s3:prefix in StringEquals")
}
prefixStrs := prefix.Strings()
expectedPrefix := []string{"test", "123", "false"}
if len(prefixStrs) != len(expectedPrefix) {
t.Errorf("Expected %d prefix values, got %d", len(expectedPrefix), len(prefixStrs))
}
for i, expected := range expectedPrefix {
if prefixStrs[i] != expected {
t.Errorf("prefix[%d]: expected '%s', got '%s'", i, expected, prefixStrs[i])
}
}
}
func TestConvertPrincipalWithMapAndMixedTypes(t *testing.T) {
// Test AWS-style principal map with mixed types
principalMap := map[string]interface{}{
"AWS": []interface{}{
"arn:aws:iam::123456789012:user/Alice",
456, // User ID as number
true, // Some boolean value
},
}
result := convertPrincipal(principalMap)
if result == nil {
t.Fatal("Expected non-nil result")
}
strs := result.Strings()
if len(strs) != 3 {
t.Errorf("Expected 3 values, got %d", len(strs))
}
expectedValues := []string{
"arn:aws:iam::123456789012:user/Alice",
"456",
"true",
}
for i, expected := range expectedValues {
if strs[i] != expected {
t.Errorf("Value[%d]: expected '%s', got '%s'", i, expected, strs[i])
}
}
}
func TestConvertConditionValueWithMixedTypes(t *testing.T) {
// Test []interface{} with mixed types
mixedValues := []interface{}{
"string",
123,
true,
456.78,
}
result := convertConditionValue(mixedValues)
strs := result.Strings()
expectedValues := []string{"string", "123", "true", "456.78"}
if len(strs) != len(expectedValues) {
t.Errorf("Expected %d values, got %d", len(expectedValues), len(strs))
}
for i, expected := range expectedValues {
if strs[i] != expected {
t.Errorf("Value[%d]: expected '%s', got '%s'", i, expected, strs[i])
}
}
}
func TestConvertPolicyDocumentNil(t *testing.T) {
result := ConvertPolicyDocumentToPolicyEngine(nil)
if result != nil {
t.Error("Expected nil result for nil input")
}
}
func TestConvertPrincipalNil(t *testing.T) {
result := convertPrincipal(nil)
if result != nil {
t.Error("Expected nil result for nil input")
}
}
func TestConvertPrincipalEmptyArray(t *testing.T) {
// Empty array should return nil
result := convertPrincipal([]interface{}{})
if result != nil {
t.Error("Expected nil result for empty array")
}
}
func TestConvertPrincipalUnknownType(t *testing.T) {
// Unknown types should return nil
result := convertPrincipal(12345) // Just a number, not valid principal
if result != nil {
t.Error("Expected nil result for unknown type")
}
}
Write Preview
Loading…
Cancel
Save