Compare commits
No commits in common. "f4894a6d6ebb36ba1a559de4811180cb942d55a7" and "cb01346d07db7a874d3b5dcb38cde94099a030e5" have entirely different histories.
f4894a6d6e
...
cb01346d07
|
@ -36,7 +36,6 @@ export type ParsedRetention =
|
|||
export default class ObjectLockConfiguration {
|
||||
_parsedXml: any;
|
||||
_config: Config;
|
||||
_days: number | null;
|
||||
|
||||
/**
|
||||
* Create an Object Lock Configuration instance
|
||||
|
@ -46,7 +45,6 @@ export default class ObjectLockConfiguration {
|
|||
constructor(xml: any) {
|
||||
this._parsedXml = xml;
|
||||
this._config = {};
|
||||
this._days = null;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -185,8 +183,6 @@ export default class ObjectLockConfiguration {
|
|||
this._config.rule = {};
|
||||
this._config.rule.mode = validMode.mode;
|
||||
this._config.rule[validTime.timeType!] = validTime.timeValue;
|
||||
// Store the number of days
|
||||
this._days = validTime.timeType === 'years' ? 365 * validTime.timeValue : validTime.timeValue;
|
||||
}
|
||||
return validConfig;
|
||||
}
|
||||
|
|
|
@ -171,7 +171,6 @@ export default class RequestContext {
|
|||
_needTagEval: boolean;
|
||||
_foundAction?: string;
|
||||
_foundResource?: string;
|
||||
_objectLockRetentionDays?: number | null;
|
||||
|
||||
constructor(
|
||||
headers: { [key: string]: string | string[] },
|
||||
|
@ -193,7 +192,6 @@ export default class RequestContext {
|
|||
requestObjTags?: string,
|
||||
existingObjTag?: string,
|
||||
needTagEval?: false,
|
||||
objectLockRetentionDays?: number,
|
||||
) {
|
||||
this._headers = headers;
|
||||
this._query = query;
|
||||
|
@ -226,7 +224,6 @@ export default class RequestContext {
|
|||
this._requestObjTags = requestObjTags || null;
|
||||
this._existingObjTag = existingObjTag || null;
|
||||
this._needTagEval = needTagEval || false;
|
||||
this._objectLockRetentionDays = objectLockRetentionDays || null;
|
||||
return this;
|
||||
}
|
||||
|
||||
|
@ -258,7 +255,6 @@ export default class RequestContext {
|
|||
requestObjTags: this._requestObjTags,
|
||||
existingObjTag: this._existingObjTag,
|
||||
needTagEval: this._needTagEval,
|
||||
objectLockRetentionDays: this._objectLockRetentionDays,
|
||||
};
|
||||
return JSON.stringify(requestInfo);
|
||||
}
|
||||
|
@ -299,7 +295,6 @@ export default class RequestContext {
|
|||
obj.requestObjTags,
|
||||
obj.existingObjTag,
|
||||
obj.needTagEval,
|
||||
obj.objectLockRetentionDays,
|
||||
);
|
||||
}
|
||||
|
||||
|
@ -703,24 +698,4 @@ export default class RequestContext {
|
|||
getNeedTagEval() {
|
||||
return this._needTagEval;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get object lock retention days
|
||||
*
|
||||
* @returns objectLockRetentionDays - object lock retention days
|
||||
*/
|
||||
getObjectLockRetentionDays() {
|
||||
return this._objectLockRetentionDays;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set object lock retention days
|
||||
*
|
||||
* @param objectLockRetentionDays - object lock retention days
|
||||
* @returns itself
|
||||
*/
|
||||
setObjectLockRetentionDays(objectLockRetentionDays: number) {
|
||||
this._objectLockRetentionDays = objectLockRetentionDays;
|
||||
return this;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -324,10 +324,7 @@ export function evaluateAllPolicies(
|
|||
requestContext: RequestContext,
|
||||
allPolicies: any[],
|
||||
log: Logger,
|
||||
): {
|
||||
verdict: string;
|
||||
isImplicit: boolean;
|
||||
} {
|
||||
): string {
|
||||
log.trace('evaluating all policies');
|
||||
let allow = false;
|
||||
let allowWithTagCondition = false;
|
||||
|
@ -336,10 +333,7 @@ export function evaluateAllPolicies(
|
|||
const singlePolicyVerdict = evaluatePolicy(requestContext, allPolicies[i], log);
|
||||
// If there is any Deny, just return Deny
|
||||
if (singlePolicyVerdict === 'Deny') {
|
||||
return {
|
||||
verdict: 'Deny',
|
||||
isImplicit: false,
|
||||
};
|
||||
return 'Deny';
|
||||
}
|
||||
if (singlePolicyVerdict === 'Allow') {
|
||||
allow = true;
|
||||
|
@ -350,7 +344,6 @@ export function evaluateAllPolicies(
|
|||
} // else 'Neutral'
|
||||
}
|
||||
let verdict;
|
||||
let isImplicit = false;
|
||||
if (allow) {
|
||||
if (denyWithTagCondition) {
|
||||
verdict = 'NeedTagConditionEval';
|
||||
|
@ -362,9 +355,8 @@ export function evaluateAllPolicies(
|
|||
verdict = 'NeedTagConditionEval';
|
||||
} else {
|
||||
verdict = 'Deny';
|
||||
isImplicit = true;
|
||||
}
|
||||
}
|
||||
log.trace('result of evaluating all policies', { verdict, isImplicit });
|
||||
return { verdict, isImplicit };
|
||||
log.trace('result of evaluating all policies', { verdict });
|
||||
return verdict;
|
||||
}
|
||||
|
|
|
@ -166,9 +166,6 @@ export function findConditionKey(
|
|||
return requestContext.getNeedTagEval() && requestContext.getRequestObjTags()
|
||||
? getTagKeys(requestContext.getRequestObjTags()!)
|
||||
: undefined;
|
||||
// The maximum retention period is 100 years.
|
||||
case 's3:object-lock-remaining-retention-days':
|
||||
return requestContext.getObjectLockRetentionDays() || undefined;
|
||||
default:
|
||||
return undefined;
|
||||
}
|
||||
|
|
|
@ -1425,10 +1425,7 @@ describe('policyEvaluator', () => {
|
|||
const result = evaluateAllPolicies(requestContext,
|
||||
[samples['arn:aws:iam::aws:policy/AmazonS3FullAccess'],
|
||||
samples['Deny Bucket Policy']], log);
|
||||
assert.deepStrictEqual(result, {
|
||||
verdict: 'Deny',
|
||||
isImplicit: false,
|
||||
});
|
||||
assert.strictEqual(result, 'Deny');
|
||||
});
|
||||
|
||||
it('should deny access if request action is not in any policy', () => {
|
||||
|
@ -1439,10 +1436,7 @@ describe('policyEvaluator', () => {
|
|||
const result = evaluateAllPolicies(requestContext,
|
||||
[samples['Multi-Statement Policy'],
|
||||
samples['Variable Bucket Policy']], log);
|
||||
assert.deepStrictEqual(result, {
|
||||
verdict: 'Deny',
|
||||
isImplicit: true,
|
||||
});
|
||||
assert.strictEqual(result, 'Deny');
|
||||
});
|
||||
|
||||
it('should deny access if request resource is not in any policy', () => {
|
||||
|
@ -1454,10 +1448,7 @@ describe('policyEvaluator', () => {
|
|||
samples['Multi-Statement Policy'],
|
||||
samples['Variable Bucket Policy'],
|
||||
], log);
|
||||
assert.deepStrictEqual(result, {
|
||||
verdict: 'Deny',
|
||||
isImplicit: true,
|
||||
});
|
||||
assert.strictEqual(result, 'Deny');
|
||||
});
|
||||
|
||||
const TestMatrixPolicies = {
|
||||
|
@ -1516,115 +1507,67 @@ describe('policyEvaluator', () => {
|
|||
const TestMatrix = [
|
||||
{
|
||||
policiesToEvaluate: [],
|
||||
expectedPolicyEvaluation: {
|
||||
verdict: 'Deny',
|
||||
isImplicit: true,
|
||||
},
|
||||
expectedPolicyEvaluation: 'Deny',
|
||||
},
|
||||
{
|
||||
policiesToEvaluate: ['Allow'],
|
||||
expectedPolicyEvaluation: {
|
||||
verdict: 'Allow',
|
||||
isImplicit: false,
|
||||
},
|
||||
expectedPolicyEvaluation: 'Allow',
|
||||
},
|
||||
{
|
||||
policiesToEvaluate: ['Neutral'],
|
||||
expectedPolicyEvaluation: {
|
||||
verdict: 'Deny',
|
||||
isImplicit: true,
|
||||
},
|
||||
expectedPolicyEvaluation: 'Deny',
|
||||
},
|
||||
{
|
||||
policiesToEvaluate: ['Deny'],
|
||||
expectedPolicyEvaluation: {
|
||||
verdict: 'Deny',
|
||||
isImplicit: false,
|
||||
},
|
||||
expectedPolicyEvaluation: 'Deny',
|
||||
},
|
||||
{
|
||||
policiesToEvaluate: ['Allow', 'Allow'],
|
||||
expectedPolicyEvaluation: {
|
||||
verdict: 'Allow',
|
||||
isImplicit: false,
|
||||
},
|
||||
expectedPolicyEvaluation: 'Allow',
|
||||
},
|
||||
{
|
||||
policiesToEvaluate: ['Allow', 'Neutral'],
|
||||
expectedPolicyEvaluation: {
|
||||
verdict: 'Allow',
|
||||
isImplicit: false,
|
||||
},
|
||||
expectedPolicyEvaluation: 'Allow',
|
||||
},
|
||||
{
|
||||
policiesToEvaluate: ['Neutral', 'Allow'],
|
||||
expectedPolicyEvaluation: {
|
||||
verdict: 'Allow',
|
||||
isImplicit: false,
|
||||
},
|
||||
expectedPolicyEvaluation: 'Allow',
|
||||
},
|
||||
{
|
||||
policiesToEvaluate: ['Neutral', 'Neutral'],
|
||||
expectedPolicyEvaluation: {
|
||||
verdict: 'Deny',
|
||||
isImplicit: true,
|
||||
},
|
||||
expectedPolicyEvaluation: 'Deny',
|
||||
},
|
||||
{
|
||||
policiesToEvaluate: ['Allow', 'Deny'],
|
||||
expectedPolicyEvaluation: {
|
||||
verdict: 'Deny',
|
||||
isImplicit: false,
|
||||
},
|
||||
expectedPolicyEvaluation: 'Deny',
|
||||
},
|
||||
{
|
||||
policiesToEvaluate: ['AllowWithTagCondition'],
|
||||
expectedPolicyEvaluation: {
|
||||
verdict: 'NeedTagConditionEval',
|
||||
isImplicit: false,
|
||||
},
|
||||
expectedPolicyEvaluation: 'NeedTagConditionEval',
|
||||
},
|
||||
{
|
||||
policiesToEvaluate: ['Allow', 'AllowWithTagCondition'],
|
||||
expectedPolicyEvaluation: {
|
||||
verdict: 'Allow',
|
||||
isImplicit: false,
|
||||
},
|
||||
expectedPolicyEvaluation: 'Allow',
|
||||
},
|
||||
{
|
||||
policiesToEvaluate: ['DenyWithTagCondition'],
|
||||
expectedPolicyEvaluation: {
|
||||
verdict: 'Deny',
|
||||
isImplicit: true,
|
||||
},
|
||||
expectedPolicyEvaluation: 'Deny',
|
||||
},
|
||||
{
|
||||
policiesToEvaluate: ['Allow', 'DenyWithTagCondition'],
|
||||
expectedPolicyEvaluation: {
|
||||
verdict: 'NeedTagConditionEval',
|
||||
isImplicit: false,
|
||||
},
|
||||
expectedPolicyEvaluation: 'NeedTagConditionEval',
|
||||
},
|
||||
{
|
||||
policiesToEvaluate: ['AllowWithTagCondition', 'DenyWithTagCondition'],
|
||||
expectedPolicyEvaluation: {
|
||||
verdict: 'NeedTagConditionEval',
|
||||
isImplicit: false,
|
||||
},
|
||||
expectedPolicyEvaluation: 'NeedTagConditionEval',
|
||||
},
|
||||
{
|
||||
policiesToEvaluate: ['AllowWithTagCondition', 'DenyWithTagCondition', 'Deny'],
|
||||
expectedPolicyEvaluation: {
|
||||
verdict: 'Deny',
|
||||
isImplicit: false,
|
||||
},
|
||||
expectedPolicyEvaluation: 'Deny',
|
||||
},
|
||||
{
|
||||
policiesToEvaluate: ['DenyWithTagCondition', 'AllowWithTagCondition', 'Allow'],
|
||||
expectedPolicyEvaluation: {
|
||||
verdict: 'NeedTagConditionEval',
|
||||
isImplicit: false,
|
||||
},
|
||||
expectedPolicyEvaluation: 'NeedTagConditionEval',
|
||||
},
|
||||
];
|
||||
|
||||
|
@ -1639,7 +1582,7 @@ describe('policyEvaluator', () => {
|
|||
requestContext,
|
||||
testCase.policiesToEvaluate.map(policyName => TestMatrixPolicies[policyName]),
|
||||
log);
|
||||
assert.deepStrictEqual(result, testCase.expectedPolicyEvaluation);
|
||||
assert.strictEqual(result, testCase.expectedPolicyEvaluation);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
|
|
@ -111,7 +111,6 @@ describe('RequestContext', () => {
|
|||
specificResource: 'specific-resource',
|
||||
sslEnabled: true,
|
||||
tokenIssueTime: null,
|
||||
objectLockRetentionDays: null,
|
||||
};
|
||||
it('serialize()', () => {
|
||||
assert.deepStrictEqual(JSON.parse(rc.serialize()), SerializedFields);
|
||||
|
|
Loading…
Reference in New Issue