Create policy with unique paths

mocsharp · mocsharp · commit e4ba7715f6d3 · 2022-07-21T13:54:29.000-07:00
Signed-off-by: Victor Chang &lt;vicchang@nvidia.com&gt;
diff --git a/src/S3Policy/PolicyExtensions.cs b/src/S3Policy/PolicyExtensions.cs
@@ -99,19 +99,19 @@ public static Policy ToPolicy(PolicyRequest[] policyRequests)
                         Sid = "AllowUserToSeeBucketListInTheConsole",
                         Action = new string[] {"s3:ListAllMyBuckets", "s3:GetBucketLocation" },
                         Effect = "Allow",
-                        Resource = policyRequests.Select(pr => pr.BucketName).ToArray(),
+                        Resource = policyRequests.Select(pr => pr.BucketName).Distinct().ToArray(),
                     },
                     new Statement
                     {
                         Sid = "AllowRootAndHomeListingOfBucket",
                         Action = new string[] { "s3:ListBucket" },
                         Effect = "Allow",
-                        Resource = policyRequests.Select(pr => pr.BucketName).ToArray(),
+                        Resource = policyRequests.Select(pr => pr.BucketName).Distinct().ToArray(),
                         Condition = new Condition
                         {
                             StringEquals = new StringEquals
                             {
-                                S3Prefix = pathList.ToArray(),
+                                S3Prefix = pathList.Distinct().ToArray(),
                                 S3Delimiter = new string[] { "/" }
                             }
                         }
@@ -121,13 +121,15 @@ public static Policy ToPolicy(PolicyRequest[] policyRequests)
                         Sid = "AllowListingOfUserFolder",
                         Action = new string[] { "s3:ListBucket" },
                         Effect = "Allow",
-                        Resource = policyRequests.Select(pr => pr.BucketName).ToArray(),
+                        Resource = policyRequests.Select(pr => pr.BucketName).Distinct().ToArray(),
                         Condition = new Condition
                         {
                             StringLike = new StringLike
                             {
-                                S3Prefix = policyRequests.Select(pr => $"{pr.FolderName}/*")
-                                .Union( policyRequests.Select(pr => $"{pr.FolderName}")).ToArray()
+                                S3Prefix = policyRequests
+                                    .Select(pr => $"{pr.FolderName}/*")
+                                    .Union( policyRequests.Select(pr => $"{pr.FolderName}"))
+                                    .Distinct().ToArray()
                             }
                         }
                     },
@@ -136,7 +138,10 @@ public static Policy ToPolicy(PolicyRequest[] policyRequests)
                         Sid = "AllowAllS3ActionsInUserFolder",
                         Action = new string[] { "s3:*" },
                         Effect = "Allow",
-                        Resource = policyRequests.Select(pr => $"{pr.BucketName}/{pr.FolderName}/*").ToArray(),
+                        Resource = policyRequests
+                            .Select(pr => System.IO.Path.Join(pr.BucketName, pr.FolderName, "*"))
+                            .Distinct()
+                            .ToArray(),
                     },
                 }
             };

Original file line number	Diff line number	Diff line change
`@@ -99,19 +99,19 @@ public static Policy ToPolicy(PolicyRequest[] policyRequests)`
`99`	`99`	`Sid = "AllowUserToSeeBucketListInTheConsole",`
`100`	`100`	`Action = new string[] {"s3:ListAllMyBuckets", "s3:GetBucketLocation" },`
`101`	`101`	`Effect = "Allow",`
`102`		`- Resource = policyRequests.Select(pr => pr.BucketName).ToArray(),`
	`102`	`+ Resource = policyRequests.Select(pr => pr.BucketName).Distinct().ToArray(),`
`103`	`103`	`},`
`104`	`104`	`new Statement`
`105`	`105`	`{`
`106`	`106`	`Sid = "AllowRootAndHomeListingOfBucket",`
`107`	`107`	`Action = new string[] { "s3:ListBucket" },`
`108`	`108`	`Effect = "Allow",`
`109`		`- Resource = policyRequests.Select(pr => pr.BucketName).ToArray(),`
	`109`	`+ Resource = policyRequests.Select(pr => pr.BucketName).Distinct().ToArray(),`
`110`	`110`	`Condition = new Condition`
`111`	`111`	`{`
`112`	`112`	`StringEquals = new StringEquals`
`113`	`113`	`{`
`114`		`- S3Prefix = pathList.ToArray(),`
	`114`	`+ S3Prefix = pathList.Distinct().ToArray(),`
`115`	`115`	`S3Delimiter = new string[] { "/" }`
`116`	`116`	`}`
`117`	`117`	`}`
`@@ -121,13 +121,15 @@ public static Policy ToPolicy(PolicyRequest[] policyRequests)`
`121`	`121`	`Sid = "AllowListingOfUserFolder",`
`122`	`122`	`Action = new string[] { "s3:ListBucket" },`
`123`	`123`	`Effect = "Allow",`
`124`		`- Resource = policyRequests.Select(pr => pr.BucketName).ToArray(),`
	`124`	`+ Resource = policyRequests.Select(pr => pr.BucketName).Distinct().ToArray(),`
`125`	`125`	`Condition = new Condition`
`126`	`126`	`{`
`127`	`127`	`StringLike = new StringLike`
`128`	`128`	`{`
`129`		`- S3Prefix = policyRequests.Select(pr => $"{pr.FolderName}/*")`
`130`		`- .Union( policyRequests.Select(pr => $"{pr.FolderName}")).ToArray()`
	`129`	`+ S3Prefix = policyRequests`
	`130`	`+ .Select(pr => $"{pr.FolderName}/*")`
	`131`	`+ .Union( policyRequests.Select(pr => $"{pr.FolderName}"))`
	`132`	`+ .Distinct().ToArray()`
`131`	`133`	`}`
`132`	`134`	`}`
`133`	`135`	`},`
`@@ -136,7 +138,10 @@ public static Policy ToPolicy(PolicyRequest[] policyRequests)`
`136`	`138`	`Sid = "AllowAllS3ActionsInUserFolder",`
`137`	`139`	`Action = new string[] { "s3:*" },`
`138`	`140`	`Effect = "Allow",`
`139`		`- Resource = policyRequests.Select(pr => $"{pr.BucketName}/{pr.FolderName}/*").ToArray(),`
	`141`	`+ Resource = policyRequests`
	`142`	`+ .Select(pr => System.IO.Path.Join(pr.BucketName, pr.FolderName, "*"))`
	`143`	`+ .Distinct()`
	`144`	`+ .ToArray(),`
`140`	`145`	`},`
`141`	`146`	`}`
`142`	`147`	`};`