Update get/setBucketPolicy methods to use files instead of pkg/policy

Also removed ListBucketPolicies API as we move to json file based
policy handling.

Fixes #943

README.md

@@ -130,7 +130,6 @@ The full API Reference is available here.
 ### API Reference : Bucket policy Operations
 * [`SetBucketPolicy`](https://docs.minio.io/docs/golang-client-api-reference#SetBucketPolicy)
 * [`GetBucketPolicy`](https://docs.minio.io/docs/golang-client-api-reference#GetBucketPolicy)
-* [`ListBucketPolicies`](https://docs.minio.io/docs/golang-client-api-reference#ListBucketPolicies)
 
 ### API Reference : Bucket notification Operations
 * [`SetBucketNotification`](https://docs.minio.io/docs/golang-client-api-reference#SetBucketNotification)

README_zh_CN.md

@@ -141,7 +141,6 @@ mc ls play/mymusic/
 ### API文档 : 存储桶策略
 * [`SetBucketPolicy`](https://docs.minio.io/docs/golang-client-api-reference#SetBucketPolicy)
 * [`GetBucketPolicy`](https://docs.minio.io/docs/golang-client-api-reference#GetBucketPolicy)
-* [`ListBucketPolicies`](https://docs.minio.io/docs/golang-client-api-reference#ListBucketPolicies)
 
 ### API文档 : 存储桶通知
 * [`SetBucketNotification`](https://docs.minio.io/docs/golang-client-api-reference#SetBucketNotification)

api-get-policy.go

@@ -19,62 +19,32 @@ package minio
 
 import (
 	"context"
-	"encoding/json"
 	"io/ioutil"
 	"net/http"
 	"net/url"
 
-	"github.com/minio/minio-go/pkg/policy"
 	"github.com/minio/minio-go/pkg/s3utils"
 )
 
 // GetBucketPolicy - get bucket policy at a given path.
-func (c Client) GetBucketPolicy(bucketName, objectPrefix string) (bucketPolicy policy.BucketPolicy, err error) {
+func (c Client) GetBucketPolicy(bucketName string) (string, error) {
 	// Input validation.
 	if err := s3utils.CheckValidBucketName(bucketName); err != nil {
-		return policy.BucketPolicyNone, err
+		return "", err
 	}
-	if err := s3utils.CheckValidObjectNamePrefix(objectPrefix); err != nil {
-		return policy.BucketPolicyNone, err
-	}
-	policyInfo, err := c.getBucketPolicy(bucketName)
-	if err != nil {
-		errResponse := ToErrorResponse(err)
-		if errResponse.Code == "NoSuchBucketPolicy" {
-			return policy.BucketPolicyNone, nil
-		}
-		return policy.BucketPolicyNone, err
-	}
-	return policy.GetPolicy(policyInfo.Statements, bucketName, objectPrefix), nil
-}
-
-// ListBucketPolicies - list all policies for a given prefix and all its children.
-func (c Client) ListBucketPolicies(bucketName, objectPrefix string) (bucketPolicies map[string]policy.BucketPolicy, err error) {
-	// Input validation.
-	if err := s3utils.CheckValidBucketName(bucketName); err != nil {
-		return map[string]policy.BucketPolicy{}, err
-	}
-	if err := s3utils.CheckValidObjectNamePrefix(objectPrefix); err != nil {
-		return map[string]policy.BucketPolicy{}, err
-	}
-	policyInfo, err := c.getBucketPolicy(bucketName)
+	bucketPolicy, err := c.getBucketPolicy(bucketName)
 	if err != nil {
 		errResponse := ToErrorResponse(err)
 		if errResponse.Code == "NoSuchBucketPolicy" {
-			return map[string]policy.BucketPolicy{}, nil
+			return "", nil
 		}
-		return map[string]policy.BucketPolicy{}, err
+		return "", err
 	}
-	return policy.GetPolicies(policyInfo.Statements, bucketName, objectPrefix), nil
-}
-
-// Default empty bucket access policy.
-var emptyBucketAccessPolicy = policy.BucketAccessPolicy{
-	Version: "2012-10-17",
+	return bucketPolicy, nil
 }
 
 // Request server for current bucket policy.
-func (c Client) getBucketPolicy(bucketName string) (policy.BucketAccessPolicy, error) {
+func (c Client) getBucketPolicy(bucketName string) (string, error) {
 	// Get resources properly escaped and lined up before
 	// using them in http request.
 	urlValues := make(url.Values)
@@ -89,21 +59,20 @@ func (c Client) getBucketPolicy(bucketName string) (policy.BucketAccessPolicy, e
 
 	defer closeResponse(resp)
 	if err != nil {
-		return emptyBucketAccessPolicy, err
+		return "", err
 	}
 
 	if resp != nil {
 		if resp.StatusCode != http.StatusOK {
-			return emptyBucketAccessPolicy, httpRespToErrorResponse(resp, bucketName, "")
+			return "", httpRespToErrorResponse(resp, bucketName, "")
 		}
 	}
 
 	bucketPolicyBuf, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
-		return emptyBucketAccessPolicy, err
+		return "", err
 	}
 
-	policy := policy.BucketAccessPolicy{}
-	err = json.Unmarshal(bucketPolicyBuf, &policy)
+	policy := string(bucketPolicyBuf)
 	return policy, err
 }

api-put-bucket.go

@@ -20,13 +20,12 @@ package minio
 import (
 	"bytes"
 	"context"
-	"encoding/json"
 	"encoding/xml"
-	"fmt"
+	"io/ioutil"
 	"net/http"
 	"net/url"
+	"strings"
 
-	"github.com/minio/minio-go/pkg/policy"
 	"github.com/minio/minio-go/pkg/s3utils"
 )
 
@@ -101,73 +100,40 @@ func (c Client) MakeBucket(bucketName string, location string) (err error) {
 
 // SetBucketPolicy set the access permissions on an existing bucket.
 //
-// For example
-//
-//  none - owner gets full access [default].
-//  readonly - anonymous get access for everyone at a given object prefix.
-//  readwrite - anonymous list/put/delete access to a given object prefix.
-//  writeonly - anonymous put/delete access to a given object prefix.
-func (c Client) SetBucketPolicy(bucketName string, objectPrefix string, bucketPolicy policy.BucketPolicy) error {
+func (c Client) SetBucketPolicy(bucketName, policy string) error {
 	// Input validation.
 	if err := s3utils.CheckValidBucketName(bucketName); err != nil {
 		return err
 	}
-	if err := s3utils.CheckValidObjectNamePrefix(objectPrefix); err != nil {
-		return err
-	}
-
-	if !bucketPolicy.IsValidBucketPolicy() {
-		return ErrInvalidArgument(fmt.Sprintf("Invalid bucket policy provided. %s", bucketPolicy))
-	}
-
-	policyInfo, err := c.getBucketPolicy(bucketName)
-	errResponse := ToErrorResponse(err)
-	if err != nil && errResponse.Code != "NoSuchBucketPolicy" {
-		return err
-	}
-
-	if bucketPolicy == policy.BucketPolicyNone && policyInfo.Statements == nil {
-		// As the request is for removing policy and the bucket
-		// has empty policy statements, just return success.
-		return nil
-	}
-
-	policyInfo.Statements = policy.SetPolicy(policyInfo.Statements, bucketPolicy, bucketName, objectPrefix)
 
 	// Save the updated policies.
-	return c.putBucketPolicy(bucketName, policyInfo)
+	return c.putBucketPolicy(bucketName, policy)
 }
 
 // Saves a new bucket policy.
-func (c Client) putBucketPolicy(bucketName string, policyInfo policy.BucketAccessPolicy) error {
+func (c Client) putBucketPolicy(bucketName, policy string) error {
 	// Input validation.
 	if err := s3utils.CheckValidBucketName(bucketName); err != nil {
 		return err
 	}
 
-	// If there are no policy statements, we should remove entire policy.
-	if len(policyInfo.Statements) == 0 {
-		return c.removeBucketPolicy(bucketName)
-	}
-
 	// Get resources properly escaped and lined up before
 	// using them in http request.
 	urlValues := make(url.Values)
 	urlValues.Set("policy", "")
 
-	policyBytes, err := json.Marshal(&policyInfo)
+	// Content-length is mandatory for put policy request
+	policyReader := strings.NewReader(policy)
+	b, err := ioutil.ReadAll(policyReader)
 	if err != nil {
 		return err
 	}
 
-	policyBuffer := bytes.NewReader(policyBytes)
 	reqMetadata := requestMetadata{
-		bucketName:       bucketName,
-		queryValues:      urlValues,
-		contentBody:      policyBuffer,
-		contentLength:    int64(len(policyBytes)),
-		contentMD5Base64: sumMD5Base64(policyBytes),
-		contentSHA256Hex: sum256Hex(policyBytes),
+		bucketName:    bucketName,
+		queryValues:   urlValues,
+		contentBody:   policyReader,
+		contentLength: int64(len(b)),
 	}
 
 	// Execute PUT to upload a new bucket policy.

api.go

@@ -99,7 +99,7 @@ type Options struct {
 // Global constants.
 const (
 	libraryName    = "minio-go"
-	libraryVersion = "5.0.1"
+	libraryVersion = "6.0.0"
 )
 
 // User Agent should always following the below style.

core.go

@@ -21,8 +21,6 @@ import (
 	"context"
 	"io"
 	"strings"
-
-	"github.com/minio/minio-go/pkg/policy"
 )
 
 // Core - Inherits Client and adds new methods to expose the low level S3 APIs.
@@ -127,12 +125,12 @@ func (c Core) AbortMultipartUpload(bucket, object, uploadID string) error {
 }
 
 // GetBucketPolicy - fetches bucket access policy for a given bucket.
-func (c Core) GetBucketPolicy(bucket string) (policy.BucketAccessPolicy, error) {
+func (c Core) GetBucketPolicy(bucket string) (string, error) {
 	return c.getBucketPolicy(bucket)
 }
 
 // PutBucketPolicy - applies a new bucket access policy for a given bucket.
-func (c Core) PutBucketPolicy(bucket string, bucketPolicy policy.BucketAccessPolicy) error {
+func (c Core) PutBucketPolicy(bucket, bucketPolicy string) error {
 	return c.putBucketPolicy(bucket, bucketPolicy)
 }
 

core_test.go

@@ -22,7 +22,6 @@ import (
 	"io"
 	"log"
 	"os"
-	"reflect"
 	"testing"
 	"time"
 
@@ -360,8 +359,8 @@ func TestGetBucketPolicy(t *testing.T) {
 			t.Error("Error:", err, bucketName)
 		}
 	}
-	if !reflect.DeepEqual(bucketPolicy, emptyBucketAccessPolicy) {
-		t.Errorf("Bucket policy expected %#v, got %#v", emptyBucketAccessPolicy, bucketPolicy)
+	if bucketPolicy != "" {
+		t.Errorf("Bucket policy expected %#v, got %#v", "", bucketPolicy)
 	}
 
 	err = c.RemoveBucket(bucketName)