s3: policy tests for ListBucket with prefix, delimiter & max-keys

Allow conditionals on ListBucket similar to s3 docs which allow for these clauses Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
2024-11-21 23:29:47 +00:00 · 2017-07-27 17:34:11 +02:00 · 2017-07-27 17:34:11 +02:00 · b1e1ba0edf
commit b1e1ba0edf
parent 3e650c5e6e
1 changed files with 118 additions and 1 deletions
--- a/s3tests/functional/test_s3.py
+++ b/s3tests/functional/test_s3.py
@ -8928,7 +8928,7 @@ def test_bucket_policy_another_bucket():
@attr(resource='bucket')
@attr(method='put')
@attr(operation='Test put condition operator end with ifExists')
-@attr('policy')
+@attr('bucket-policy')
 def test_bucket_policy_set_condition_operator_end_with_IfExists():
    bucket = _create_keys(keys=['foo'])
    policy = '''{
@ -8961,6 +8961,123 @@ def test_bucket_policy_set_condition_operator_end_with_IfExists():
    eq(res.status, 403)


+@attr(resource='bucket')
+@attr(method='get')
+@attr(operation='Test listbucket with prefix')
+@attr('bucket-policy')
+def test_bucket_policy_list_bucket_with_prefix():
+    bucket = _create_keys(keys=['foo','folder/foo1','folder/foo2','folder/foo3','foo2'])
+    tag_conditional = {"StringEquals": {
+        "s3:prefix" : "folder"
+    }}
+
+    resource = _make_arn_resource(bucket.name)
+    policy_document = make_json_policy("s3:ListBucket",
+                                       resource,
+                                       conditions=tag_conditional)
+
+    eq(bucket.set_policy(policy_document), True)
+
+    new_conn = _get_alt_connection()
+
+    # boto2 cannot give me a bucket object without doing a get bucket :/
+    res = new_conn.make_request('GET', bucket.name, query_args = 'prefix=folder')
+    eq(res.status, 200)
+    ns = {"aws" : "http://s3.amazonaws.com/doc/2006-03-01/"}
+    keys = ET.fromstring(res.read()).findall('.//aws:Key', ns)
+    eq(len(keys), 3)
+
+    res = new_conn.make_request('GET', bucket.name, query_args = 'prefix=somethingelse')
+    eq(res.status, 403)
+
+    res = new_conn.make_request('GET', bucket.name)
+    eq(res.status, 403)
+
+
+@attr(resource='bucket')
+@attr(method='get')
+@attr(operation='Test listbucket with maxkeys')
+@attr('bucket-policy')
+def test_bucket_policy_list_bucket_with_maxkeys():
+    bucket = _create_keys(keys=['key'+str(i) for i in range(8)])
+
+    list_conditional = {"NumericLessThanEquals": {
+        "s3:max-keys" : "6"
+    }}
+
+    resource = _make_arn_resource(bucket.name)
+    policy_document = make_json_policy("s3:ListBucket",
+                                       resource,
+                                       conditions=list_conditional)
+
+
+    eq(bucket.set_policy(policy_document), True)
+
+    new_conn = _get_alt_connection()
+
+
+    res = new_conn.make_request('GET', bucket.name, query_args = 'max-keys=6')
+    eq(res.status, 200)
+    ns = {"aws" : "http://s3.amazonaws.com/doc/2006-03-01/"}
+    keys = ET.fromstring(res.read()).findall('.//aws:Key', ns)
+    eq(len(keys), 6)
+
+    res = new_conn.make_request('GET', bucket.name, query_args = 'max-keys=5')
+    eq(res.status, 200)
+    ns = {"aws" : "http://s3.amazonaws.com/doc/2006-03-01/"}
+    keys = ET.fromstring(res.read()).findall('.//aws:Key', ns)
+    eq(len(keys), 5)
+
+    res = new_conn.make_request('GET', bucket.name, query_args = 'max-keys=7')
+    eq(res.status, 403)
+
+    res = new_conn.make_request('GET', bucket.name)
+    eq(res.status, 403)
+
+
+@attr(resource='bucket')
+@attr(method='get')
+@attr(operation='Test listbucket with delimiter')
+@attr('bucket-policy')
+def test_bucket_policy_list_bucket_with_delimiter():
+    bucket = _create_keys(keys=['key/'+str(i) for i in range(5)])
+
+    list_conditional = {"StringEquals": {
+        "s3:delimiter" : "/"
+    }}
+
+    resource = _make_arn_resource(bucket.name)
+    policy_document = make_json_policy("s3:ListBucket",
+                                       resource,
+                                       conditions=list_conditional)
+    eq(bucket.set_policy(policy_document), True)
+
+    new_conn = _get_alt_connection()
+
+    # specifying a delimiter will list contents without the delimiter
+    res = new_conn.make_request('GET', bucket.name, query_args = 'delimiter=/')
+    eq(res.status, 200)
+    ns = {"aws" : "http://s3.amazonaws.com/doc/2006-03-01/"}
+    keys = ET.fromstring(res.read()).findall('.//aws:Key', ns)
+    eq(len(keys), 0)
+
+    # now lets upload some keys again
+    bucket2 = _create_keys(keys=['key'+str(i) for i in range(5)])
+    resource = _make_arn_resource(bucket2.name)
+    policy2 = make_json_policy("s3:ListBucket",
+                               resource,
+                               conditions=list_conditional)
+    eq(bucket2.set_policy(policy2), True)
+    res = new_conn.make_request('GET', bucket2.name, query_args = 'delimiter=/')
+    eq(res.status, 200)
+    ns = {"aws" : "http://s3.amazonaws.com/doc/2006-03-01/"}
+    keys = ET.fromstring(res.read()).findall('.//aws:Key', ns)
+    eq(len(keys), 5)
+
+    res = new_conn.make_request('GET', bucket.name)
+    eq(res.status, 403)
+
+
 def _tags_from_dict(d):
    tag_list = []
    for k,v in d.items():