Fix policy parser to accept multiple IP address per statement [JIRA: RCS-222]

[kuenishi]

Following style of IP address description in IPAddress Condition have
not been working as parser implicitly assumed single IP address per
'aws:SourceIp' condition.

"IpAddress": {
    "aws:SourceIp": ["127.0.0.1/32", "192.168.100.0/24"]
}

[shino]

Did some manual tests, good ones and not good.

With the purpose of scenario of allowing all GET access to certain bucket
from any users with specific IP ranges, set bucket policy by [1].

Good ones: After PUTting an object by the bucket owner, both anonymous
user and another CS user can GET the object 🎊

On the other hand, an error happens when PUT is called by CS user
who is not the bucket owner. The expected results is 403 Access Denied.

command:

% s3cmd -c .s3cfg.15018.bob put rebar.config s3://ip-filter/a 

error log

15:09:27.399 [error] Webmachine error at path "/buckets/ip-filter/location" : {error,{badmatch,{context,{1436,422167,395828},false,{rcs_user_v2,"bob","bob","bob@example.com","BZJLA0GJPPHEDJJPKQPD","3BlCQiOQqFPjn-6TgQEm83TaIELBWyaLtecwEA==","14a1569d8323b671401fd66bfaa0e65e015fbe29ea7fc4735ef68d602485e075",[],enabled},{riakc_obj,<<"moss.users">>,<<"BZJLA0GJPPHEDJJPKQPD">>,<<107,206,97,96,96,96,204,96,202,5,82,60,71,131,54,114,183,94,157,161,192,192,146,115,41,131,41,145,49,143,149,33,178,83,232,60,95,22,0>>,[{{dict,3,16,16,8,80,48,{[],[],[],[],[],[],[],[],[],[],[],[],...},...},...}],...},...}},...} in riak_cs_wm_utils:handle_policy_eval_result/5 line 734

debug log (extraced) of s3cmd

DEBUG: Sending request method_string='GET', uri='http://ip-filter.s3.amazonaws.com/?location', headers={'Authorization': 'AWS BZJLA0GJPPHEDJJPKQPD:bMJ/S2LpXFe4qj8KTRoNlsMDlY4=', 'x-amz-date': 'Thu, 09 Jul 2015 06:15:16 +0000'}, body=(0 bytes)
DEBUG: Response: {'status': 500, 'headers': {'date': 'Thu, 09 Jul 2015 06:15:16 GMT', 'content-length': '170', 'content-type': 'text/html', 'server': 'Riak CS'}, 'reason': 'Internal Server Error', 'data': '<html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1>The server encountered an error while processing this request</body></html>'}
DEBUG: ConnMan.put(): closing proxy connection (keep-alive not yet supported)
DEBUG: S3Error: 500 (Internal Server Error)
DEBUG: HttpHeader: date: Thu, 09 Jul 2015 06:15:16 GMT
DEBUG: HttpHeader: content-length: 170
DEBUG: HttpHeader: content-type: text/html
DEBUG: HttpHeader: server: Riak CS
DEBUG: Unicodising 'Malformed error XML returned from remote server.' using UTF-8
DEBUG: DeUnicodising u'Malformed error XML returned from remote server.' using UTF-8
ERROR: Error parsing xml: Malformed error XML returned from remote server..  ErrorXML: <html><head><title>500 Internal Server Error</title></head><body><h1>Internal Server Error</h1>The server encountered an error while processing this request</body></html>
WARNING: Retrying failed request: /?location
WARNING: 500 (Internal Server Error):

[1] https://gist.github.com/shino/fce9b4311afe6f54abad

[kuenishi]

Single-line-without-any-test fix added.

[shino]

The above 500 error when putting object by other users were introduced
by the commit [1]. It changes User in function arguments to User0
and assigns canonical ID to User binding. To call handle_policy_call_result(),
it should use User0 instead of User.

Then, the 500 error is not introduced by this PR, I recommend to remove
"fix" commit [3] and defer the actual fix. Sorry for pointing out the bug
out side of this PR's scope.

[1] 61180ba?w=1
[2] 61180ba?w=1#diff-caff706fcdff3c29cf3b9beaea88d1faR484
[3] 9045aca

[kuenishi]

Ah, sorry, I already included the fix, squashed, and force-pushed.

[kuenishi]

@borshop merge

[kuenishi]

For release note:

Multiple IP address description under single condition statement of a bucket policy was not being properly parsed as lists.