/** * Returns new object statements for given policy type. */ private List <Statement> newObjectStatement(PolicyType policy, String prefix) { List <Statement> statements = new List <Statement>(); if (policy.Equals(PolicyType.NONE) || bucketName == null || bucketName.Length == 0) { return(statements); } Resources resources = new Resources(PolicyConstants.AWS_RESOURCE_PREFIX + bucketName + "/" + prefix + "*"); Statement statement = new Statement(); statement.effect = "Allow"; statement.principal = new Principal("*"); statement.resources = resources; statement.sid = ""; if (policy.Equals(PolicyType.READ_ONLY)) { statement.actions = PolicyConstants.READ_ONLY_OBJECT_ACTIONS; } else if (policy.Equals(PolicyType.WRITE_ONLY)) { statement.actions = PolicyConstants.WRITE_ONLY_OBJECT_ACTIONS; } else if (policy.Equals(PolicyType.READ_WRITE)) { statement.actions = PolicyConstants.READ_WRITE_OBJECT_ACTIONS(); } statements.Add(statement); return(statements); }
/** * Appends new statements for given policy type. */ private void appendStatements(PolicyType policy, String prefix) { List <Statement> appendStatements = newStatements(policy, prefix); foreach (Statement statement in appendStatements) { appendStatement(statement); } }
/** * Returns new statements for given policy type. */ private List <Statement> newStatements(PolicyType policy, String prefix) { List <Statement> statements = this.newBucketStatement(policy, prefix); List <Statement> objectStatements = this.newObjectStatement(policy, prefix); statements.AddRange(objectStatements); return(statements); }
/** * Sets policy type for given prefix. */ // @JsonIgnore public void SetPolicy(PolicyType policy, String prefix) { if (statements == null) { statements = new List <Statement>(); } removeStatements(prefix); appendStatements(policy, prefix); }
/** * Returns new bucket statements for given policy type. */ private List <Statement> newBucketStatement(PolicyType policy, String prefix) { List <Statement> statements = new List <Statement>(); if (policy.Equals(PolicyType.NONE) || bucketName == null || bucketName.Length == 0) { return(statements); } Resources resources = new Resources(PolicyConstants.AWS_RESOURCE_PREFIX + bucketName); Statement statement = new Statement(); statement.actions = PolicyConstants.COMMON_BUCKET_ACTIONS; statement.effect = "Allow"; statement.principal = new Principal("*"); statement.resources = resources; statement.sid = ""; statements.Add(statement); if (policy.Equals(PolicyType.READ_ONLY) || policy.Equals(PolicyType.READ_WRITE)) { statement = new Statement(); statement.actions = PolicyConstants.READ_ONLY_BUCKET_ACTIONS; statement.effect = "Allow"; statement.principal = new Principal("*"); statement.resources = resources; statement.sid = ""; if (prefix != null && prefix.Length != 0) { ConditionKeyMap map = new ConditionKeyMap(); map.Put("s3:prefix", prefix); statement.conditions = new ConditionMap("StringEquals", map); } statements.Add(statement); } if (policy.Equals(PolicyType.WRITE_ONLY) || policy.Equals(PolicyType.READ_WRITE)) { statement = new Statement(); statement.actions = PolicyConstants.WRITE_ONLY_BUCKET_ACTIONS; statement.effect = "Allow"; statement.principal = new Principal("*"); statement.resources = resources; statement.sid = ""; statements.Add(statement); } return(statements); }
/** * Returns policy type of all prefixes. */ //@JsonIgnore public Dictionary <String, PolicyType> GetPolicies() { Dictionary <String, PolicyType> policyRules = new Dictionary <string, PolicyType>(); ISet <String> objResources = new HashSet <String>(); String bucketResource = PolicyConstants.AWS_RESOURCE_PREFIX + bucketName; // Search all resources related to objects policy foreach (Statement s in statements) { if (s.resources != null) { objResources.UnionWith(s.resources.startsWith(bucketResource + "/")); } } // Pretend that policy resource as an actual object and fetch its policy foreach (string r in objResources) { // Put trailing * if exists in asterisk string asterisk = ""; string resource = r; if (r.EndsWith("*")) { resource = r.Substring(0, r.Length - 1); asterisk = "*"; } // String objectPath = resource.Substring(bucketResource.Length + 1, resource.Length); String objectPath = resource.Substring(bucketResource.Length + 1, resource.Length - bucketResource.Length - 1); PolicyType policy = this.GetPolicy(objectPath); policyRules.Add(bucketName + "/" + objectPath + asterisk, policy); } return(policyRules); }