mirror of
https://github.com/ceph/s3-tests.git
synced 2024-11-30 19:33:40 +00:00
sts: remove test_get_session_token_permanent_creds_denied
Fixes: https://tracker.ceph.com/issues/69001
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 66e8f000c9
)
This commit is contained in:
parent
811db45733
commit
c32dd9fea0
1 changed files with 0 additions and 33 deletions
|
@ -181,39 +181,6 @@ def test_get_session_token():
|
|||
finally: # clean up user policy even if create_bucket/delete_bucket fails
|
||||
iam_client.delete_user_policy(UserName=sts_user_id,PolicyName=policy_name)
|
||||
|
||||
@pytest.mark.test_of_sts
|
||||
@pytest.mark.fails_on_dbstore
|
||||
def test_get_session_token_permanent_creds_denied():
|
||||
s3bucket_error=None
|
||||
iam_client=get_iam_client()
|
||||
sts_client=get_sts_client()
|
||||
sts_user_id=get_alt_user_id()
|
||||
default_endpoint=get_config_endpoint()
|
||||
s3_main_access_key=get_main_aws_access_key()
|
||||
s3_main_secret_key=get_main_aws_secret_key()
|
||||
|
||||
user_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Deny\",\"Action\":\"s3:*\",\"Resource\":[\"*\"],\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":\"sts:GetSessionToken\",\"Resource\":\"*\",\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}}]}"
|
||||
(resp_err,resp,policy_name)=put_user_policy(iam_client,sts_user_id,None,user_policy)
|
||||
assert resp['ResponseMetadata']['HTTPStatusCode'] == 200
|
||||
|
||||
response=sts_client.get_session_token()
|
||||
assert response['ResponseMetadata']['HTTPStatusCode'] == 200
|
||||
|
||||
s3_client=boto3.client('s3',
|
||||
aws_access_key_id = s3_main_access_key,
|
||||
aws_secret_access_key = s3_main_secret_key,
|
||||
aws_session_token = response['Credentials']['SessionToken'],
|
||||
endpoint_url=default_endpoint,
|
||||
region_name='',
|
||||
)
|
||||
bucket_name = get_new_bucket_name()
|
||||
try:
|
||||
s3bucket = s3_client.create_bucket(Bucket=bucket_name)
|
||||
except ClientError as e:
|
||||
s3bucket_error = e.response.get("Error", {}).get("Code")
|
||||
assert s3bucket_error == 'AccessDenied'
|
||||
iam_client.delete_user_policy(UserName=sts_user_id,PolicyName=policy_name)
|
||||
|
||||
@pytest.mark.test_of_sts
|
||||
@pytest.mark.fails_on_dbstore
|
||||
def test_assume_role_allow():
|
||||
|
|
Loading…
Reference in a new issue