BucketPolicy: donot allow NotPrincipal with Allow Effect

Ref. https://github.com/ceph/ceph/pull/58686

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
(cherry picked from commit 474c1404e2)
This commit is contained in:
Seena Fallah 2024-07-19 20:48:06 +02:00 committed by Casey Bodley
parent 88efafe863
commit 94b02d5cbf

View file

@ -12793,13 +12793,10 @@ def test_get_nonpublicpolicy_acl_bucket_policy_status():
assert resp['PolicyStatus']['IsPublic'] == False assert resp['PolicyStatus']['IsPublic'] == False
def test_get_nonpublicpolicy_deny_bucket_policy_status(): def test_bucket_policy_allow_notprincipal():
bucket_name = get_new_bucket() bucket_name = get_new_bucket()
client = get_client() client = get_client()
resp = client.get_bucket_policy_status(Bucket=bucket_name)
assert resp['PolicyStatus']['IsPublic'] == False
resource1 = "arn:aws:s3:::" + bucket_name resource1 = "arn:aws:s3:::" + bucket_name
resource2 = "arn:aws:s3:::" + bucket_name + "/*" resource2 = "arn:aws:s3:::" + bucket_name + "/*"
policy_document = json.dumps( policy_document = json.dumps(
@ -12816,9 +12813,12 @@ def test_get_nonpublicpolicy_deny_bucket_policy_status():
}] }]
}) })
client.put_bucket_policy(Bucket=bucket_name, Policy=policy_document) e = assert_raises(ClientError,
resp = client.get_bucket_policy_status(Bucket=bucket_name) client.put_bucket_policy, Bucket=bucket_name, Policy=policy_document)
assert resp['PolicyStatus']['IsPublic'] == True status, error_code = _get_status_and_error_code(e.response)
assert status == 400
assert error_code == 'InvalidArgument' or error_code == 'MalformedPolicy'
def test_get_undefined_public_block(): def test_get_undefined_public_block():
bucket_name = get_new_bucket() bucket_name = get_new_bucket()