Skip to content

Commit

Permalink
moved upgrade script of upgrade_bucket_policy to 5.15.6 dir
Browse files Browse the repository at this point in the history 
* The script was misplaced in 5.14.0 dir
* Also fixed the script to be idempotent, to avoid failures if a manual fix was applied

Signed-off-by: Danny Zaken <[email protected]>
(cherry picked from commit 3adf2b5)
  • Loading branch information
@dannyzaken
dannyzaken committed Aug 28, 2024
1 parent 7264179 commit 400e3aa
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 19 deletions.
9 changes: 4 additions & 5 deletions src/test/unit_tests/test_upgrade_scripts.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ const { S3 } = require('@aws-sdk/client-s3');
const { NodeHttpHandler } = require("@smithy/node-http-handler");
const http = require('http');
const system_store = require('../../server/system_services/system_store').get_instance();
const upgrade_bucket_policy = require('../../upgrade/upgrade_scripts/5.14.0/upgrade_bucket_policy');
const upgrade_bucket_policy = require('../../upgrade/upgrade_scripts/5.15.6/upgrade_bucket_policy');
const dbg = require('../../util/debug_module')(__filename);
const assert = require('assert');
const mocha = require('mocha');
Expand All @@ -21,7 +21,7 @@ let s3;
async function _clean_all_bucket_policies() {
for (const bucket of system_store.data.buckets) {
if (bucket.s3_policy) {
await s3.deleteBucketPolicy({Bucket: bucket.name.unwrap()});
await s3.deleteBucketPolicy({ Bucket: bucket.name.unwrap() });
}
}
}
Expand Down Expand Up @@ -50,8 +50,7 @@ mocha.describe('test upgrade scripts', async function() {
mocha.it('test upgrade bucket policy to version 5.14.0', async function() {
const old_policy = {
version: '2012-10-17',
statement: [
{
statement: [{
sid: 'id-1',
effect: 'allow',
principal: ["*"],
Expand Down Expand Up @@ -79,7 +78,7 @@ mocha.describe('test upgrade scripts', async function() {
}
});

await upgrade_bucket_policy.run({dbg, system_store, system_server: null});
await upgrade_bucket_policy.run({ dbg, system_store, system_server: null });
const res = await s3.getBucketPolicy({ // should work - bucket policy should fit current schema
Bucket: BKT,
});
Expand Down
32 changes: 18 additions & 14 deletions ...e_scripts/5.14.0/upgrade_bucket_policy.js → ...e_scripts/5.15.6/upgrade_bucket_policy.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@

const util = require('util');
const { OP_NAME_TO_ACTION } = require('../../../endpoint/s3/s3_bucket_policy_utils');
const _ = require('lodash');


function _create_actions_map() {
const actions_map = new Map();
Expand All @@ -26,20 +28,22 @@ async function run({ dbg, system_store, system_server }) {
//Do not update if there are no bucket policy.
if (!bucket.s3_policy) continue;

const new_policy = {};
if (bucket.s3_policy.version) new_policy.Version = bucket.s3_policy.version;

new_policy.Statement = bucket.s3_policy.statement.map(statement => ({
Effect: statement.effect === 'allow' ? 'Allow' : 'Deny',
Action: statement.action.map(action => actions_map.get(action)),
Principal: { AWS: statement.principal },
Resource: statement.resource,
Sid: statement.sid
}));
buckets.push({
_id: bucket._id,
s3_policy: new_policy,
});

if (_.isUndefined(bucket.s3_policy.Statement)) {
const new_policy = {};
if (bucket.s3_policy.version) new_policy.Version = bucket.s3_policy.version;
new_policy.Statement = bucket.s3_policy.statement.map(statement => ({
Effect: statement.effect === 'allow' ? 'Allow' : 'Deny',
Action: statement.action.map(action => actions_map.get(action)),
Principal: { AWS: statement.principal },
Resource: statement.resource,
Sid: statement.sid
}));
buckets.push({
_id: bucket._id,
s3_policy: new_policy,
});
}
}

if (buckets.length > 0) {
Expand Down

0 comments on commit 400e3aa

Please sign in to comment.