mirror of
https://github.com/ferdzo/fs.git
synced 2026-04-04 20:36:25 +00:00
48 lines
958 B
Go
48 lines
958 B
Go
package cmd
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
)
|
|
|
|
type rolePolicyOptions struct {
|
|
Role string
|
|
Bucket string
|
|
Prefix string
|
|
}
|
|
|
|
func buildPolicyFromRole(opts rolePolicyOptions) (adminPolicy, error) {
|
|
role := strings.ToLower(strings.TrimSpace(opts.Role))
|
|
bucket := strings.TrimSpace(opts.Bucket)
|
|
prefix := strings.TrimSpace(opts.Prefix)
|
|
if bucket == "" {
|
|
bucket = "*"
|
|
}
|
|
if prefix == "" {
|
|
prefix = "*"
|
|
}
|
|
|
|
var actions []string
|
|
switch role {
|
|
case "admin":
|
|
actions = []string{"s3:*"}
|
|
case "readwrite":
|
|
actions = []string{"s3:ListBucket", "s3:GetObject", "s3:PutObject", "s3:DeleteObject"}
|
|
case "readonly":
|
|
actions = []string{"s3:ListBucket", "s3:GetObject"}
|
|
default:
|
|
return adminPolicy{}, fmt.Errorf("invalid role %q (allowed: admin, readwrite, readonly)", opts.Role)
|
|
}
|
|
|
|
return adminPolicy{
|
|
Statements: []adminPolicyStatement{
|
|
{
|
|
Effect: "allow",
|
|
Actions: actions,
|
|
Bucket: bucket,
|
|
Prefix: prefix,
|
|
},
|
|
},
|
|
}, nil
|
|
}
|