diff --git a/s3tests_boto3/functional/test_sts.py b/s3tests_boto3/functional/test_sts.py index 8969167..b13f56d 100644 --- a/s3tests_boto3/functional/test_sts.py +++ b/s3tests_boto3/functional/test_sts.py @@ -181,39 +181,6 @@ def test_get_session_token(): finally: # clean up user policy even if create_bucket/delete_bucket fails iam_client.delete_user_policy(UserName=sts_user_id,PolicyName=policy_name) -@pytest.mark.test_of_sts -@pytest.mark.fails_on_dbstore -def test_get_session_token_permanent_creds_denied(): - s3bucket_error=None - iam_client=get_iam_client() - sts_client=get_sts_client() - sts_user_id=get_alt_user_id() - default_endpoint=get_config_endpoint() - s3_main_access_key=get_main_aws_access_key() - s3_main_secret_key=get_main_aws_secret_key() - - user_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Deny\",\"Action\":\"s3:*\",\"Resource\":[\"*\"],\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":\"sts:GetSessionToken\",\"Resource\":\"*\",\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}}]}" - (resp_err,resp,policy_name)=put_user_policy(iam_client,sts_user_id,None,user_policy) - assert resp['ResponseMetadata']['HTTPStatusCode'] == 200 - - response=sts_client.get_session_token() - assert response['ResponseMetadata']['HTTPStatusCode'] == 200 - - s3_client=boto3.client('s3', - aws_access_key_id = s3_main_access_key, - aws_secret_access_key = s3_main_secret_key, - aws_session_token = response['Credentials']['SessionToken'], - endpoint_url=default_endpoint, - region_name='', - ) - bucket_name = get_new_bucket_name() - try: - s3bucket = s3_client.create_bucket(Bucket=bucket_name) - except ClientError as e: - s3bucket_error = e.response.get("Error", {}).get("Code") - assert s3bucket_error == 'AccessDenied' - iam_client.delete_user_policy(UserName=sts_user_id,PolicyName=policy_name) - @pytest.mark.test_of_sts @pytest.mark.fails_on_dbstore def test_assume_role_allow():