forked from TrueCloudLab/s3-tests
add a few test cases for public bucket policies
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
(cherry picked from commit 3f9d31c6c7)
This commit is contained in:
Abhishek Lekshmanan
parent
1d39198872
commit
0e3084c995
1 changed files with 108 additions and 2 deletions
|
|
@ -12414,7 +12414,7 @@ def test_get_bucket_policy_status():
|
||||||
@attr(operation='get bucket policy status on a public acl bucket')
|
@attr(operation='get bucket policy status on a public acl bucket')
|
||||||
@attr(assertion='succeeds')
|
@attr(assertion='succeeds')
|
||||||
@attr('policy_status')
|
@attr('policy_status')
|
||||||
def test_get_public_bucket_policy_status():
|
def test_get_public_acl_bucket_policy_status():
|
||||||
bucket_name = get_new_bucket()
|
bucket_name = get_new_bucket()
|
||||||
client = get_client()
|
client = get_client()
|
||||||
client = get_client()
|
client = get_client()
|
||||||
|
|
@ -12427,10 +12427,116 @@ def test_get_public_bucket_policy_status():
|
||||||
@attr(operation='get bucket policy status on a authenticated acl bucket')
|
@attr(operation='get bucket policy status on a authenticated acl bucket')
|
||||||
@attr(assertion='succeeds')
|
@attr(assertion='succeeds')
|
||||||
@attr('policy_status')
|
@attr('policy_status')
|
||||||
def test_get_authpublic_bucket_policy_status():
|
def test_get_authpublic_acl_bucket_policy_status():
|
||||||
bucket_name = get_new_bucket()
|
bucket_name = get_new_bucket()
|
||||||
client = get_client()
|
client = get_client()
|
||||||
client = get_client()
|
client = get_client()
|
||||||
client.put_bucket_acl(Bucket=bucket_name, ACL='authenticated-read')
|
client.put_bucket_acl(Bucket=bucket_name, ACL='authenticated-read')
|
||||||
resp = client.get_bucket_policy_status(Bucket=bucket_name)
|
resp = client.get_bucket_policy_status(Bucket=bucket_name)
|
||||||
eq(resp['PolicyStatus']['IsPublic'],True)
|
eq(resp['PolicyStatus']['IsPublic'],True)
|
||||||
|
|
||||||
|
|
||||||
|
@attr(resource='bucket')
|
||||||
|
@attr(method='get')
|
||||||
|
@attr(operation='get bucket policy status on a public policy bucket')
|
||||||
|
@attr(assertion='succeeds')
|
||||||
|
@attr('policy_status')
|
||||||
|
def test_get_publicpolicy_acl_bucket_policy_status():
|
||||||
|
bucket_name = get_new_bucket()
|
||||||
|
client = get_client()
|
||||||
|
client = get_client()
|
||||||
|
|
||||||
|
resp = client.get_bucket_policy_status(Bucket=bucket_name)
|
||||||
|
eq(resp['PolicyStatus']['IsPublic'],False)
|
||||||
|
|
||||||
|
resource1 = "arn:aws:s3:::" + bucket_name
|
||||||
|
resource2 = "arn:aws:s3:::" + bucket_name + "/*"
|
||||||
|
policy_document = json.dumps(
|
||||||
|
{
|
||||||
|
"Version": "2012-10-17",
|
||||||
|
"Statement": [{
|
||||||
|
"Effect": "Allow",
|
||||||
|
"Principal": {"AWS": "*"},
|
||||||
|
"Action": "s3:ListBucket",
|
||||||
|
"Resource": [
|
||||||
|
"{}".format(resource1),
|
||||||
|
"{}".format(resource2)
|
||||||
|
]
|
||||||
|
}]
|
||||||
|
})
|
||||||
|
|
||||||
|
client.put_bucket_policy(Bucket=bucket_name, Policy=policy_document)
|
||||||
|
resp = client.get_bucket_policy_status(Bucket=bucket_name)
|
||||||
|
eq(resp['PolicyStatus']['IsPublic'],True)
|
||||||
|
|
||||||
|
|
||||||
|
@attr(resource='bucket')
|
||||||
|
@attr(method='get')
|
||||||
|
@attr(operation='get bucket policy status on a public policy bucket')
|
||||||
|
@attr(assertion='succeeds')
|
||||||
|
@attr('policy_status')
|
||||||
|
def test_get_nonpublicpolicy_acl_bucket_policy_status():
|
||||||
|
bucket_name = get_new_bucket()
|
||||||
|
client = get_client()
|
||||||
|
client = get_client()
|
||||||
|
|
||||||
|
resp = client.get_bucket_policy_status(Bucket=bucket_name)
|
||||||
|
eq(resp['PolicyStatus']['IsPublic'],False)
|
||||||
|
|
||||||
|
resource1 = "arn:aws:s3:::" + bucket_name
|
||||||
|
resource2 = "arn:aws:s3:::" + bucket_name + "/*"
|
||||||
|
policy_document = json.dumps(
|
||||||
|
{
|
||||||
|
"Version": "2012-10-17",
|
||||||
|
"Statement": [{
|
||||||
|
"Effect": "Allow",
|
||||||
|
"Principal": {"AWS": "*"},
|
||||||
|
"Action": "s3:ListBucket",
|
||||||
|
"Resource": [
|
||||||
|
"{}".format(resource1),
|
||||||
|
"{}".format(resource2)
|
||||||
|
],
|
||||||
|
"Condition": {
|
||||||
|
"IpAddress":
|
||||||
|
{"aws:SourceIp": "10.0.0.0/32"}
|
||||||
|
}
|
||||||
|
}]
|
||||||
|
})
|
||||||
|
|
||||||
|
client.put_bucket_policy(Bucket=bucket_name, Policy=policy_document)
|
||||||
|
resp = client.get_bucket_policy_status(Bucket=bucket_name)
|
||||||
|
eq(resp['PolicyStatus']['IsPublic'],False)
|
||||||
|
|
||||||
|
|
||||||
|
@attr(resource='bucket')
|
||||||
|
@attr(method='get')
|
||||||
|
@attr(operation='get bucket policy status on a public policy bucket')
|
||||||
|
@attr(assertion='succeeds')
|
||||||
|
@attr('policy_status')
|
||||||
|
def test_get_nonpublicpolicy_deny_bucket_policy_status():
|
||||||
|
bucket_name = get_new_bucket()
|
||||||
|
client = get_client()
|
||||||
|
client = get_client()
|
||||||
|
|
||||||
|
resp = client.get_bucket_policy_status(Bucket=bucket_name)
|
||||||
|
eq(resp['PolicyStatus']['IsPublic'],False)
|
||||||
|
|
||||||
|
resource1 = "arn:aws:s3:::" + bucket_name
|
||||||
|
resource2 = "arn:aws:s3:::" + bucket_name + "/*"
|
||||||
|
policy_document = json.dumps(
|
||||||
|
{
|
||||||
|
"Version": "2012-10-17",
|
||||||
|
"Statement": [{
|
||||||
|
"Effect": "Allow",
|
||||||
|
"NotPrincipal": {"AWS": "arn:aws:iam::s3tenant1:root"},
|
||||||
|
"Action": "s3:ListBucket",
|
||||||
|
"Resource": [
|
||||||
|
"{}".format(resource1),
|
||||||
|
"{}".format(resource2)
|
||||||
|
],
|
||||||
|
}]
|
||||||
|
})
|
||||||
|
|
||||||
|
client.put_bucket_policy(Bucket=bucket_name, Policy=policy_document)
|
||||||
|
resp = client.get_bucket_policy_status(Bucket=bucket_name)
|
||||||
|
eq(resp['PolicyStatus']['IsPublic'],True)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue