summaryrefslogtreecommitdiff
path: root/pkg/policy/bucket-policy_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/policy/bucket-policy_test.go')
-rw-r--r--pkg/policy/bucket-policy_test.go8
1 files changed, 8 insertions, 0 deletions
diff --git a/pkg/policy/bucket-policy_test.go b/pkg/policy/bucket-policy_test.go
index b6b4551..1a71d87 100644
--- a/pkg/policy/bucket-policy_test.go
+++ b/pkg/policy/bucket-policy_test.go
@@ -1592,6 +1592,7 @@ func TestListBucketPolicies(t *testing.T) {
downloadUploadCondKeyMap.Add("s3:prefix", set.CreateStringSet("both"))
downloadUploadCondMap.Add("StringEquals", downloadUploadCondKeyMap)
+ commonSetActions := commonBucketActions.Union(readOnlyBucketActions)
testCases := []struct {
statements []Statement
bucketName string
@@ -1630,6 +1631,13 @@ func TestListBucketPolicies(t *testing.T) {
Principal: User{AWS: set.CreateStringSet("*")},
Resources: set.CreateStringSet("arn:aws:s3:::mybucket/download*"),
}}, "mybucket", "", map[string]BucketPolicy{"mybucket/download*": BucketPolicyReadOnly}},
+ {[]Statement{
+ {
+ Actions: commonSetActions.Union(readOnlyObjectActions),
+ Effect: "Allow",
+ Principal: User{AWS: set.CreateStringSet("*")},
+ Resources: set.CreateStringSet("arn:aws:s3:::mybucket", "arn:aws:s3:::mybucket/*"),
+ }}, "mybucket", "", map[string]BucketPolicy{"mybucket/*": BucketPolicyReadOnly}},
// Write Only
{[]Statement{
{
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-26 12:15:07 +0000