You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

35 lines
1.0 KiB

package sts
import (
"encoding/json"
"fmt"
"strings"
"github.com/seaweedfs/seaweedfs/weed/iam/policy"
)
// NormalizeSessionPolicy validates and normalizes inline session policy JSON.
// It returns an empty string if the input is empty or whitespace.
func NormalizeSessionPolicy(policyJSON string) (string, error) {
trimmed := strings.TrimSpace(policyJSON)
if trimmed == "" {
return "", nil
}
const maxSessionPolicySize = 2048
if len(trimmed) > maxSessionPolicySize {
return "", fmt.Errorf("session policy exceeds maximum size of %d characters", maxSessionPolicySize)
}
var policyDoc policy.PolicyDocument
if err := json.Unmarshal([]byte(trimmed), &policyDoc); err != nil {
return "", fmt.Errorf("invalid session policy JSON: %w", err)
}
if err := policy.ValidatePolicyDocument(&policyDoc); err != nil {
return "", fmt.Errorf("invalid session policy document: %w", err)
}
normalized, err := json.Marshal(&policyDoc)
if err != nil {
return "", fmt.Errorf("failed to normalize session policy: %w", err)
}
return string(normalized), nil
}