minio
diff --git a/‎docs/API.md‎
Lines changed: 37 additions & 17 deletions b/‎docs/API.md‎
Lines changed: 37 additions & 17 deletions
diff --git a/‎examples/get_bucket_policy.py‎
Lines changed: 0 additions & 3 deletions b/‎examples/get_bucket_policy.py‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎examples/set_bucket_policy.py‎
Lines changed: 99 additions & 17 deletions b/‎examples/set_bucket_policy.py‎
Lines changed: 99 additions & 17 deletions
diff --git a/‎minio/__init__.py‎
Lines changed: 1 addition & 1 deletion b/‎minio/__init__.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎minio/api.py‎
Lines changed: 23 additions & 71 deletions b/‎minio/api.py‎
Lines changed: 23 additions & 71 deletions
@@ -317,55 +317,75 @@ for obj in uploads:
 ```
 
 <a name="get_bucket_policy"></a>
-### get_bucket_policy(bucket_name, prefix)
+### get_bucket_policy(bucket_name)
 Gets current policy of a bucket.
 
 __Parameters__
 
 |Param   |Type   |Description   |
 |:---|:---|:---|
 |``bucket_name``   | _string_  |Name of the bucket.|
-|``prefix``   |_string_    |The prefix of objects to get current policy. |
 
 __Return Value__
 
 |Param   |Type   |Description   |
 |:---|:---|:---|
-|``Policy``   | _minio.policy.Policy_   |Policy enum. Policy.READ_ONLY,Policy.WRITE_ONLY,Policy.READ_WRITE or Policy.NONE.   |
+|``Policy``    |  _string_ | Bucket policy in JSON format.|
+
 __Example__
 
 
 ```py
-# Get current policy of all object paths in bucket that begin with my-prefixname.
-policy = minioClient.get_bucket_policy('mybucket',
-                                       'my-prefixname')
+# Get current policy of all object paths in bucket "mybucket".
+policy = minioClient.get_bucket_policy('mybucket')
 print(policy)
 ```
 
 <a name="set_bucket_policy"></a>
-### set_bucket_policy(bucket_name, prefix, policy)
+### set_bucket_policy(bucket_name, policy)
 
-Set a bucket policy for a specified bucket. If `prefix` is not empty,
-the bucket policy will only be assigned to objects that fit the
-given prefix.
+Set a bucket policy for a specified bucket.
 
 __Parameters__
 
 |Param   |Type   |Description   |
 |:---|:---|:---|
-|``bucket_name``   | _string_  |Name of the bucket.|
-|``prefix``   |_string_ |The prefix of objects to get current policy. |
-|``Policy``   | _minio.policy.Policy_   |Policy enum. Policy.READ_ONLY,Policy.WRITE_ONLY,Policy.READ_WRITE or Policy.NONE.   |
+|``bucket_name``  | _string_  |Name of the bucket.|
+|``Policy``   | _string_ | Bucket policy in JSON format.|
 
 
 __Example__
 
 
 ```py
-# Set policy Policy.READ_ONLY to all object paths in bucket that begin with my-prefixname.
-minioClient.set_bucket_policy('mybucket',
-                              'my-prefixname',
-                              Policy.READ_ONLY)
+# Set bucket policy to read only to all object paths in bucket.
+policy_read_only = {"Version":"2012-10-17",
+                    "Statement":[
+                        {
+                        "Sid":"",
+                        "Effect":"Allow",
+                        "Principal":{"AWS":"*"},
+                        "Action":"s3:GetBucketLocation",
+                        "Resource":"arn:aws:s3:::mybucket"
+                        },
+                        {
+                        "Sid":"",
+                        "Effect":"Allow",
+                        "Principal":{"AWS":"*"},
+                        "Action":"s3:ListBucket",
+                        "Resource":"arn:aws:s3:::mybucket"
+                        },
+                        {
+                        "Sid":"",
+                        "Effect":"Allow",
+                        "Principal":{"AWS":"*"},
+                        "Action":"s3:GetObject",
+                        "Resource":"arn:aws:s3:::mybucket/*"
+                        }
+                    ]}
+
+
+minioClient.set_bucket_policy('mybucket', policy_read_only)
 ```
 
 <a name="get_bucket_notification"></a>
 
@@ -28,8 +28,5 @@
 try:
     # Get current policy of bucket 'my-bucketname'.
     print(client.get_bucket_policy('my-bucketname'))
-
-    # Get current policy of bucket 'my-bucketname' and prefix 'my-prefix'.
-    print(client.get_bucket_policy('my-bucketname', 'my-prefix'))
 except ResponseError as err:
     print(err)
@@ -19,32 +19,114 @@
 
 from minio import Minio
 from minio.error import ResponseError
-from minio.policy import Policy
+import json
 
 client = Minio('s3.amazonaws.com',
                access_key='YOUR-ACCESSKEYID',
                secret_key='YOUR-SECRETACCESSKEY')
 
 # Make a new bucket
 try:
-    # Set policy Policy.READ_ONLY to bucket 'my-bucketname' which
-    # enables 'my-bucketname' readable by everyone.
-    client.set_bucket_policy('my-bucketname', '', Policy.READ_ONLY)
+    # Set bucket policy to read-only for bucket 'my-bucketname'
+    policy_read_only = {
+        "Version":"2012-10-17",
+        "Statement":[
+            {
+            "Sid":"",
+            "Effect":"Allow",
+            "Principal":{"AWS":"*"},
+            "Action":"s3:GetBucketLocation",
+            "Resource":"arn:aws:s3:::my-bucketname"
+            },
+            {
+            "Sid":"",
+            "Effect":"Allow",
+            "Principal":{"AWS":"*"},
+            "Action":"s3:ListBucket",
+            "Resource":"arn:aws:s3:::my-bucketname"
+            },
+            {
+            "Sid":"",
+            "Effect":"Allow",
+            "Principal":{"AWS":"*"},
+            "Action":"s3:GetObject",
+            "Resource":"arn:aws:s3:::my-bucketname/*"
+            }
+        ]
+    }
+    client.set_bucket_policy('my-bucketname', json.dumps(policy_read_only))
 
-    # Set policy Policy.READ_WRITE to bucket 'my-bucketname' and
-    # prefix 'public-folder/' which enables
-    # 'my-bucketname/public-folder/' read/writeable by everyone.
-    client.set_bucket_policy('my-bucketname', 'public-folder/',
-                             Policy.READ_WRITE)
+    # Set bucket policy to read-write for bucket 'my-bucketname'
+    policy_read_write = {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Action": ["s3:GetBucketLocation"],
+                "Sid": "",
+                "Resource": ["arn:aws:s3:::my-bucketname"],
+                "Effect": "Allow",
+                "Principal": {"AWS": "*"}
+            },
+            {
+                "Action": ["s3:ListBucket"],
+                "Sid": "",
+                "Resource": ["arn:aws:s3:::my-bucketname"],
+                "Effect": "Allow",
+                "Principal": {"AWS": "*"}
+            },
+            {
+                "Action": ["s3:ListBucketMultipartUploads"],
+                "Sid": "",
+                "Resource": ["arn:aws:s3:::my-bucketname"],
+                "Effect": "Allow",
+                "Principal": {"AWS": "*"}
+            },
+            {
+                "Action": ["s3:ListMultipartUploadParts",
+                            "s3:GetObject",
+                            "s3:AbortMultipartUpload",
+                            "s3:DeleteObject",
+                            "s3:PutObject"],
+                "Sid": "",
+                "Resource": ["arn:aws:s3:::my-bucketname/*"],
+                "Effect": "Allow",
+                "Principal": {"AWS": "*"}
+            }
+        ]
+    }
+    client.set_bucket_policy('my-bucketname', json.dumps(policy_read_write))
 
-    # Set policy Policy.WRITE_ONLY to bucket 'my-bucketname' and
-    # prefix 'incoming' which enables 'my-bucketname/incoming'
-    # writeable by everyone.
-    client.set_bucket_policy('my-bucketname', 'incoming',
-                             Policy.WRITE_ONLY)
+    # Set bucket policy to write-only for bucket 'my-bucketname'
+    policy_write_only = {
+        "Version":"2012-10-17",
+        "Statement":[
+            {
+                "Sid":"",
+                "Effect":"Allow",
+                "Principal":{"AWS":"*"},
+                "Action":"s3:GetBucketLocation",
+                "Resource":"arn:aws:s3:::my-bucketname"
+            },
+            {"Sid":"",
+            "Effect":"Allow",
+            "Principal":{"AWS":"*"},
+            "Action":"s3:ListBucketMultipartUploads",
+            "Resource":"arn:aws:s3:::my-bucketname"
+            },
+            {
+                "Sid":"",
+                "Effect":"Allow",
+                "Principal":{"AWS":"*"},
+                "Action":[
+                    "s3:ListMultipartUploadParts",
+                    "s3:AbortMultipartUpload",
+                    "s3:DeleteObject",
+                    "s3:PutObject"],
+                "Resource":"arn:aws:s3:::my-bucketname/*"
+            }
+        ]
+    }
+    client.set_bucket_policy('my-bucketname', json.dumps(policy_write_only))
 
-    # Set policy Policy.NONE to bucket 'my-bucketname' which
-    # removes existing policy and set no access to everyone.
-    client.set_bucket_policy('my-bucketname', '', Policy.NONE)
 except ResponseError as err:
     print(err)
@@ -29,7 +29,7 @@
 
 __title__ = 'minio-py'
 __author__ = 'Minio, Inc.'
-__version__ = '3.0.5'
+__version__ = '4.0.0'
 __license__ = 'Apache 2.0'
 __copyright__ = 'Copyright 2015, 2016, 2017 Minio, Inc.'
 
 
@@ -81,7 +81,6 @@
                           xml_marshal_complete_multipart_upload,
                           xml_marshal_bucket_notifications,
                           xml_marshal_delete_objects)
-from . import policy
 from .fold_case_dict import FoldCaseDict
 from .thread_pool import ThreadPool
 
@@ -359,91 +358,44 @@ def remove_bucket(self, bucket_name):
         # Make sure to purge bucket_name from region cache.
         self._delete_bucket_region(bucket_name)
 
-    def _get_bucket_policy(self, bucket_name):
-        policy_dict = {}
-        try:
-            response = self._url_open("GET",
-                                      bucket_name=bucket_name,
-                                      query={"policy": ""})
-        except NoSuchBucketPolicy as e:
-            return None
-        except ResponseError as e:
-            raise
-
-        data = response.data
-        if isinstance(data, bytes) and isinstance(data, str):  # Python 2
-            policy_dict = json.loads(data.decode('utf-8'))
-        elif isinstance(data, str):  # Python 3
-            policy_dict = json.loads(data)
-        else:
-            policy_dict = json.loads(str(data, 'utf-8'))
-
-        return policy_dict
-
-    def get_bucket_policy(self, bucket_name, prefix=""):
+    def get_bucket_policy(self, bucket_name):
         """
         Get bucket policy of given bucket name.
 
         :param bucket_name: Bucket name.
-        :param prefix: Object prefix.
         """
         is_valid_bucket_name(bucket_name)
 
-        policy_dict = self._get_bucket_policy(bucket_name)
-        if not policy_dict:
-            return policy.Policy.NONE
-
-        if policy_dict.get('Statement') is None:
-            raise ValueError("None Policy statement")
-        # Normalize statements.
-        statements = []
-        policy._append_statements(statements, policy_dict.get('Statement', []))
+        response = self._url_open("GET",
+                                  bucket_name=bucket_name,
+                                  query={"policy": ""})
+        return response.data
 
-        return policy.get_policy(statements, bucket_name, prefix)
+    def delete_bucket_policy(self, bucket_name):
+        self._url_open("DELETE",
+                        bucket_name=bucket_name,
+                        query={"policy": ""})
 
-    def set_bucket_policy(self, bucket_name, prefix, policy_access):
+    def set_bucket_policy(self, bucket_name, policy):
         """
-        Set bucket policy of given bucket name and object prefix.
+        Set bucket policy of given bucket name.
 
         :param bucket_name: Bucket name.
-        :param prefix: Object prefix.
+        :param policy: Access policy/ies in JSON format.
         """
         is_valid_bucket_name(bucket_name)
 
-        policy_dict = self._get_bucket_policy(bucket_name)
-        if policy_access == policy.Policy.NONE and not policy_dict:
-            return
-
-        if not policy_dict:
-            policy_dict = {'Statement': [],
-                           "Version": "2012-10-17"}
-
-        # Normalize statements.
-        statements = []
-        policy._append_statements(statements, policy_dict['Statement'])
-
-        statements = policy.set_policy(statements, policy_access,
-                                       bucket_name, prefix)
-        if not statements:
-            self._url_open("DELETE",
-                           bucket_name=bucket_name,
-                           query={"policy": ""})
-        else:
-            policy_dict['Statement'] = statements
-            content = json.dumps(policy_dict)
-
-            headers = {
-                'Content-Length': str(len(content)),
-                'Content-Md5': get_md5_base64digest(content)
-            }
-            content_sha256_hex = get_sha256_hexdigest(content)
-
-            self._url_open("PUT",
-                           bucket_name=bucket_name,
-                           query={"policy": ""},
-                           headers=headers,
-                           body=content,
-                           content_sha256=content_sha256_hex)
+        headers = {
+            'Content-Length': str(len(policy)),
+            'Content-Md5': get_md5_base64digest(policy)
+        }
+        content_sha256_hex = get_sha256_hexdigest(policy)
+        self._url_open("PUT",
+                        bucket_name=bucket_name,
+                        query={"policy": ""},
+                        headers=headers,
+                        body=policy,
+                        content_sha256=content_sha256_hex)
 
     def get_bucket_notification(self, bucket_name):
         """