return error on invalid action in PutUserPolicy (#6482)

weed/iamapi/iamapi_management_handlers.go

@@ -343,6 +343,11 @@ func GetActions(policy *PolicyDocument) ([]string, error) {
 					continue
 				}
 				statementAction := MapToStatementAction(act[1])
+
+				if statementAction == "" {
+					return nil, fmt.Errorf("not a valid action: '%s'", act[1])
+				}
+
 				path := res[5]
 				if path == "*" {
 					actions = append(actions, statementAction)

weed/iamapi/iamapi_management_handlers_test.go

@@ -69,3 +69,24 @@ func TestGetActionsWildcardPath(t *testing.T) {
 	}
 	assert.Equal(t, expectedActions, actions)
 }
+
+func TestGetActionsInvalidAction(t *testing.T) {
+	policyDocument := PolicyDocument{
+		Version: "2012-10-17",
+		Statement: []*Statement{
+			{
+				Effect: "Allow",
+				Action: []string{
+					"s3:InvalidAction",
+				},
+				Resource: []string{
+					"arn:aws:s3:::shared/user-Alice/*",
+				},
+			},
+		},
+	}
+
+	_, err := GetActions(&policyDocument)
+	assert.NotNil(t, err)
+	assert.Equal(t, "not a valid action: 'InvalidAction'", err.Error())
+}