[#261] alc: Remove unused
All checks were successful
/ Vulncheck (pull_request) Successful in 2m1s
/ DCO (pull_request) Successful in 1m49s
/ Builds (1.20) (pull_request) Successful in 2m21s
/ Builds (1.21) (pull_request) Successful in 2m4s
/ Lint (pull_request) Successful in 2m56s
/ Tests (1.20) (pull_request) Successful in 2m17s
/ Tests (1.21) (pull_request) Successful in 1m46s
All checks were successful
/ Vulncheck (pull_request) Successful in 2m1s
/ DCO (pull_request) Successful in 1m49s
/ Builds (1.20) (pull_request) Successful in 2m21s
/ Builds (1.21) (pull_request) Successful in 2m4s
/ Lint (pull_request) Successful in 2m56s
/ Tests (1.20) (pull_request) Successful in 2m17s
/ Tests (1.21) (pull_request) Successful in 1m46s
Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
This commit is contained in:
parent
8273af8bf8
commit
38c5503a02
1 changed files with 0 additions and 78 deletions
|
@ -1186,73 +1186,6 @@ func resourceInfoFromName(name, bucketName string) resourceInfo {
|
||||||
return resInfo
|
return resInfo
|
||||||
}
|
}
|
||||||
|
|
||||||
func astToPolicy(ast *ast) *bucketPolicy {
|
|
||||||
bktPolicy := &bucketPolicy{}
|
|
||||||
|
|
||||||
for _, resource := range ast.Resources {
|
|
||||||
allowed, denied := triageOperations(resource.Operations)
|
|
||||||
handleResourceOperations(bktPolicy, allowed, eacl.ActionAllow, resource.Name())
|
|
||||||
handleResourceOperations(bktPolicy, denied, eacl.ActionDeny, resource.Name())
|
|
||||||
}
|
|
||||||
|
|
||||||
return bktPolicy
|
|
||||||
}
|
|
||||||
|
|
||||||
func handleResourceOperations(bktPolicy *bucketPolicy, list []*astOperation, eaclAction eacl.Action, resourceName string) {
|
|
||||||
userOpsMap := make(map[string][]eacl.Operation)
|
|
||||||
|
|
||||||
for _, op := range list {
|
|
||||||
if !op.IsGroupGrantee() {
|
|
||||||
for _, user := range op.Users {
|
|
||||||
userOps := userOpsMap[user]
|
|
||||||
userOps = append(userOps, op.Op)
|
|
||||||
userOpsMap[user] = userOps
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
userOps := userOpsMap[allUsersGroup]
|
|
||||||
userOps = append(userOps, op.Op)
|
|
||||||
userOpsMap[allUsersGroup] = userOps
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
for user, userOps := range userOpsMap {
|
|
||||||
var actions []string
|
|
||||||
LOOP:
|
|
||||||
for action, ops := range actionToOpMap {
|
|
||||||
for _, op := range ops {
|
|
||||||
if !contains(userOps, op) {
|
|
||||||
continue LOOP
|
|
||||||
}
|
|
||||||
}
|
|
||||||
actions = append(actions, action)
|
|
||||||
}
|
|
||||||
if len(actions) != 0 {
|
|
||||||
state := statement{
|
|
||||||
Effect: actionToEffect(eaclAction),
|
|
||||||
Principal: principal{CanonicalUser: user},
|
|
||||||
Action: actions,
|
|
||||||
Resource: []string{arnAwsPrefix + resourceName},
|
|
||||||
}
|
|
||||||
if user == allUsersGroup {
|
|
||||||
state.Principal = principal{AWS: allUsersWildcard}
|
|
||||||
}
|
|
||||||
bktPolicy.Statement = append(bktPolicy.Statement, state)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func triageOperations(operations []*astOperation) ([]*astOperation, []*astOperation) {
|
|
||||||
var allowed, denied []*astOperation
|
|
||||||
for _, op := range operations {
|
|
||||||
if op.Action == eacl.ActionAllow {
|
|
||||||
allowed = append(allowed, op)
|
|
||||||
} else {
|
|
||||||
denied = append(denied, op)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return allowed, denied
|
|
||||||
}
|
|
||||||
|
|
||||||
func addTo(list []*astOperation, userID string, op eacl.Operation, groupGrantee bool, action eacl.Action) []*astOperation {
|
func addTo(list []*astOperation, userID string, op eacl.Operation, groupGrantee bool, action eacl.Action) []*astOperation {
|
||||||
var found *astOperation
|
var found *astOperation
|
||||||
for _, astop := range list {
|
for _, astop := range list {
|
||||||
|
@ -1439,17 +1372,6 @@ func effectToAction(effect string) eacl.Action {
|
||||||
return eacl.ActionUnknown
|
return eacl.ActionUnknown
|
||||||
}
|
}
|
||||||
|
|
||||||
func actionToEffect(action eacl.Action) string {
|
|
||||||
switch action {
|
|
||||||
case eacl.ActionAllow:
|
|
||||||
return "Allow"
|
|
||||||
case eacl.ActionDeny:
|
|
||||||
return "Deny"
|
|
||||||
default:
|
|
||||||
return ""
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func permissionToOperations(permission AWSACL) []eacl.Operation {
|
func permissionToOperations(permission AWSACL) []eacl.Operation {
|
||||||
switch permission {
|
switch permission {
|
||||||
case aclFullControl:
|
case aclFullControl:
|
||||||
|
|
Loading…
Reference in a new issue