set/getBucketPolicy takes/returns policy JSON file (#676)

set/getBucketPolicy takes/returns policy JSON file fix examples
minio · Mar 23, 2018 · f015d7c · f015d7c
1 parent 190533b
commit f015d7c
Show file tree

Hide file tree

Showing 8 changed files with 75 additions and 431 deletions.
diff --git a/docs/API.md b/docs/API.md
@@ -943,7 +943,7 @@ listener.on('notification', function(record) {
 ```
 
 <a name="getBucketPolicy"></a>
-### getBucketPolicy(bucketName, objectPrefix[, callback])
+### getBucketPolicy(bucketName [, callback])
 
 Get the bucket policy associated with the specified bucket. If `objectPrefix`
 is not empty, the bucket policy will be filtered based on object permissions
@@ -955,45 +955,39 @@ __Parameters__
 | Param  |  Type | Description  |
 |---|---|---|
 | `bucketName`  | _string_  | Name of the bucket |
-| `objectPrefix` | _string_ | Prefix of objects in the bucket with which to filter permissions off of. Use `''` for entire bucket. |
-| `callback(err, policy)`  | _function_  | Callback function is called with non `null` err value in case of error. `policy` will be the string representation of the bucket policy (`minio.Policy.NONE`, `minio.Policy.READONLY`, `minio.Policy.WRITEONLY`, or `minio.Policy.READWRITE`). If no callback is passed, a `Promise` is returned. |
+| `callback(err, policy)`  | _function_  | Callback function is called with non `null` err value in case of error. `policy` is the [bucket policy](https://github.com/minio/minio/blob/master/docs/bucket/policy/README.md). If no callback is passed, a `Promise` is returned. |
 
 
 ```js
-// Retrieve bucket policy of 'my-bucketname' that applies to all objects that
-// start with 'img-'.
-minioClient.getBucketPolicy('my-bucketname', 'img-', function(err, policy) {
+// Retrieve bucket policy of 'my-bucketname'
+minioClient.getBucketPolicy('my-bucketname', function(err, policy) {
   if (err) throw err
 
-  console.log(`Bucket policy: ${policy}`)
+  console.log(`Bucket policy file: ${policy}`)
 })
 ```
 
 <a name="setBucketPolicy"></a>
-### setBucketPolicy(bucketName, objectPrefix, bucketPolicy[, callback])
+### setBucketPolicy(bucketName, bucketPolicy[, callback])
 
-Set the bucket policy associated with the specified bucket. If `objectPrefix`
-is not empty, the bucket policy will only be assigned to objects that fit the
-given prefix.
+Set the bucket policy on the specified bucket. [bucketPolicy](https://github.com/minio/minio/blob/master/docs/bucket/policy/README.md) is detailed here.
 
 __Parameters__
 
 
 | Param  |  Type | Description  |
 |---|---|---|
-| `bucketName`  | _string_  | Name of the bucket |
-| `objectPrefix` | _string_ | Prefix of objects in the bucket to modify permissions of. Use `''` for entire bucket. |
-| `bucketPolicy` | _string_ | The bucket policy. This can be: `minio.Policy.NONE`, `minio.Policy.READONLY`, `minio.Policy.WRITEONLY`, or `minio.Policy.READWRITE`. |
+| `bucketName`  | _string_  | Name of the bucket. |
+| `bucketPolicy` | _string_ | bucket policy. |
 | `callback(err)`  | _function_  | Callback function is called with non `null` err value in case of error. If no callback is passed, a `Promise` is returned. |
 
 
 ```js
-// Set the bucket policy of `my-bucketname` to `readonly` (only allow retrieval),
-// but only for objects that start with 'img-'.
-minioClient.setBucketPolicy('my-bucketname', 'img-', minio.Policy.READONLY, function(err) {
+// Set the bucket policy of `my-bucketname`
+minioClient.setBucketPolicy('my-bucketname', JSON.stringify(policy), function(err) {
   if (err) throw err
 
-  console.log('Set bucket policy to \'readonly\'.')
+  console.log('Bucket policy set')
 })
 ```
 

diff --git a/examples/get-bucket-policy.js b/examples/get-bucket-policy.js
@@ -26,9 +26,7 @@ var s3Client = new Minio.Client({
 })
 
 // Retrieves the bucket policy and logs it to the console.
-// The second argument is the prefix for objects, leave empty if you don't
-// want to filter based on object-specific permissions.
-s3Client.getBucketPolicy('my-bucketname', '', (err, policy) => {
+s3Client.getBucketPolicy('testbucket', (err, policy) => {
 	if (err) throw err
 
 	console.log(`Bucket policy: ${policy}`)

diff --git a/examples/set-bucket-policy.js b/examples/set-bucket-policy.js
@@ -25,13 +25,48 @@ var s3Client = new Minio.Client({
   secretKey: 'YOUR-SECRETACCESSKEY'
 })
 
-// Sets the bucket policy to 'readonly'. This means that objects can only be
-// retrieved rather than created, modified, or destroyed in this bucket.
+// Bucket policy - GET requests on "testbucket" bucket will not need authentication.
+var policy = `
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:ListBucket"
+      ],
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": [
+          "*"
+        ]
+      },
+      "Resource": [
+        "arn:aws:s3:::testbucket"
+      ],
+      "Sid": ""
+    },
+    {
+      "Action": [
+        "s3:GetObject"
+      ],
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": [
+          "*"
+        ]
+      },
+      "Resource": [
+        "arn:aws:s3:::testbucket/*"
+      ],
+      "Sid": ""
+    }
+  ]
+}
+`
 
-// The second parameter is for filtering based on objects — you can leave this
-// empty if you'd like the permissions to apply to the entire bucket.
-s3Client.setBucketPolicy('my-bucketname', '', Minio.Policy.READONLY, (err) => {
+s3Client.setBucketPolicy('testbucket', policy, (err) => {
 	if (err) throw err
 
-	console.log('Set bucket policy to \'readonly\'.')
+	console.log('Set bucket policy')
 })
diff --git a/src/main/bucket-policy.js b/src/main/bucket-policy.js