alexvanin/test-helper
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Use --no-verify-ssl flag for https connections to S3

Browse source
This commit is contained in:
Alexey Vanin 2024-07-17 11:35:47 +03:00
parent b19b9977d4
commit 925e2e759c
2 changed files with 33 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
acl-migrate/check-aws.sh
View file

@ -3,27 +3,27 @@
source ./env
# check public read-write bucket with object inside
aws s3api get-bucket-acl --profile $S3PROF --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT || exit 1
aws s3api get-object-acl --profile $S3PROF --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT --key $S3KEY || exit 1
aws s3api get-object --profile $S3PROF --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT --key $S3KEY out || exit 1 # allow owner to get object
aws s3api put-object --profile $S3PROF --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT --key $S3KEY-new --body $FILE || exit 1 # allow owner to put object
aws s3api get-object --profile $S3PROFEXT --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT --key $S3KEY out || exit 1 # allow others to get object
aws s3api put-object --profile $S3PROFEXT --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT --key $S3KEY-new --body $FILE || exit 1 # allow others to put object
aws s3api get-bucket-acl --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT || exit 1
aws s3api get-object-acl --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT --key $S3KEY || exit 1
aws s3api get-object --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT --key $S3KEY out || exit 1 # allow owner to get object
aws s3api put-object --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT --key $S3KEY-new --body $FILE || exit 1 # allow owner to put object
aws s3api get-object --no-verify-ssl --profile $S3PROFEXT --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT --key $S3KEY out || exit 1 # allow others to get object
aws s3api put-object --no-verify-ssl --profile $S3PROFEXT --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT --key $S3KEY-new --body $FILE || exit 1 # allow others to put object
# check public read bucket with object inside
aws s3api get-bucket-acl --profile $S3PROF --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT || exit 1
aws s3api get-object-acl --profile $S3PROF --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT --key $S3KEY || exit 1
aws s3api get-object --profile $S3PROF --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT --key $S3KEY out || exit 1 # allow owner to get object
aws s3api put-object --profile $S3PROF --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT --key $S3KEY-new --body $FILE || exit 1 # allow owner to put object
aws s3api get-object --profile $S3PROFEXT --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT --key $S3KEY out || exit 1 # allow others to get object
aws s3api put-object --profile $S3PROFEXT --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT --key $S3KEY-new --body $FILE && exit 1 # deny others to put object
aws s3api get-bucket-acl --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT || exit 1
aws s3api get-object-acl --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT --key $S3KEY || exit 1
aws s3api get-object --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT --key $S3KEY out || exit 1 # allow owner to get object
aws s3api put-object --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT --key $S3KEY-new --body $FILE || exit 1 # allow owner to put object
aws s3api get-object --no-verify-ssl --profile $S3PROFEXT --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT --key $S3KEY out || exit 1 # allow others to get object
aws s3api put-object --no-verify-ssl --profile $S3PROFEXT --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT --key $S3KEY-new --body $FILE && exit 1 # deny others to put object
# check private read bucket with object inside
aws s3api get-bucket-acl --profile $S3PROF --bucket $S3PREFIX-private --endpoint $S3ENDPOINT || exit 1
aws s3api get-object-acl --profile $S3PROF --bucket $S3PREFIX-private --endpoint $S3ENDPOINT --key $S3KEY || exit 1
aws s3api get-object --profile $S3PROF --bucket $S3PREFIX-private --endpoint $S3ENDPOINT --key $S3KEY out || exit 1 # allow owner to get object
aws s3api put-object --profile $S3PROF --bucket $S3PREFIX-private --endpoint $S3ENDPOINT --key $S3KEY-new --body $FILE || exit 1 # allow owner to put object
aws s3api get-object --profile $S3PROFEXT --bucket $S3PREFIX-private --endpoint $S3ENDPOINT --key $S3KEY out && exit 1 # deny others to get object
aws s3api put-object --profile $S3PROFEXT --bucket $S3PREFIX-private --endpoint $S3ENDPOINT --key $S3KEY-new --body $FILE && exit 1 # deny others to put object
aws s3api get-bucket-acl --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-private --endpoint $S3ENDPOINT || exit 1
aws s3api get-object-acl --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-private --endpoint $S3ENDPOINT --key $S3KEY || exit 1
aws s3api get-object --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-private --endpoint $S3ENDPOINT --key $S3KEY out || exit 1 # allow owner to get object
aws s3api put-object --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-private --endpoint $S3ENDPOINT --key $S3KEY-new --body $FILE || exit 1 # allow owner to put object
aws s3api get-object --no-verify-ssl --profile $S3PROFEXT --bucket $S3PREFIX-private --endpoint $S3ENDPOINT --key $S3KEY out && exit 1 # deny others to get object
aws s3api put-object --no-verify-ssl --profile $S3PROFEXT --bucket $S3PREFIX-private --endpoint $S3ENDPOINT --key $S3KEY-new --body $FILE && exit 1 # deny others to put object
rm out && exit 0

30
acl-migrate/prepare-aws.sh
View file

@ -4,22 +4,22 @@ source ./env
export AWS_PAGER=""
# public read-write bucket with object inside
aws s3api create-bucket --profile $S3PROF --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT --acl public-read-write || exit 1
aws s3api head-bucket --profile $S3PROF --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT --debug 2>&1 | grep 'X-Container-Id' || exit 1
aws s3api put-object --profile $S3PROF --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT --key $S3KEY --body $FILE || exit 1
aws s3api get-bucket-acl --profile $S3PROF --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT || exit 1
aws s3api get-object-acl --profile $S3PROF --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT --key $S3KEY || exit 1
aws s3api create-bucket --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT --acl public-read-write || exit 1
aws s3api head-bucket --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT --debug 2>&1 | grep 'X-Container-Id' || exit 1
aws s3api put-object --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT --key $S3KEY --body $FILE || exit 1
aws s3api get-bucket-acl --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT || exit 1
aws s3api get-object-acl --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-public-rw --endpoint $S3ENDPOINT --key $S3KEY || exit 1
# public read bucket with object inside
aws s3api create-bucket --profile $S3PROF --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT --acl public-read || exit 1
aws s3api head-bucket --profile $S3PROF --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT --debug 2>&1 | grep 'X-Container-Id' || exit 1
aws s3api put-object --profile $S3PROF --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT --key $S3KEY --body $FILE || exit 1
aws s3api get-bucket-acl --profile $S3PROF --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT || exit 1
aws s3api get-object-acl --profile $S3PROF --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT --key $S3KEY || exit 1
aws s3api create-bucket --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT --acl public-read || exit 1
aws s3api head-bucket --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT --debug 2>&1 | grep 'X-Container-Id' || exit 1
aws s3api put-object --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT --key $S3KEY --body $FILE || exit 1
aws s3api get-bucket-acl --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT || exit 1
aws s3api get-object-acl --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-public-r --endpoint $S3ENDPOINT --key $S3KEY || exit 1
# private read bucket with object inside
aws s3api create-bucket --profile $S3PROF --bucket $S3PREFIX-private --endpoint $S3ENDPOINT --acl private || exit 1
aws s3api head-bucket --profile $S3PROF --bucket $S3PREFIX-private --endpoint $S3ENDPOINT --debug 2>&1 | grep 'X-Container-Id' || exit 1
aws s3api put-object --profile $S3PROF --bucket $S3PREFIX-private --endpoint $S3ENDPOINT --key $S3KEY --body $FILE || exit 1
aws s3api get-bucket-acl --profile $S3PROF --bucket $S3PREFIX-private --endpoint $S3ENDPOINT || exit 1
aws s3api get-object-acl --profile $S3PROF --bucket $S3PREFIX-private --endpoint $S3ENDPOINT --key $S3KEY || exit 1
aws s3api create-bucket --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-private --endpoint $S3ENDPOINT --acl private || exit 1
aws s3api head-bucket --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-private --endpoint $S3ENDPOINT --debug 2>&1 | grep 'X-Container-Id' || exit 1
aws s3api put-object --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-private --endpoint $S3ENDPOINT --key $S3KEY --body $FILE || exit 1
aws s3api get-bucket-acl --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-private --endpoint $S3ENDPOINT || exit 1
aws s3api get-object-acl --no-verify-ssl --profile $S3PROF --bucket $S3PREFIX-private --endpoint $S3ENDPOINT --key $S3KEY || exit 1