From a83396cda772d5cb4fa0c8bbc7b9116e3e605749 Mon Sep 17 00:00:00 2001 From: Seena Fallah Date: Fri, 19 Jul 2024 20:51:10 +0200 Subject: [PATCH] BlockPublicPolicy: add test when policy has principal Ref. https://tracker.ceph.com/issues/67048 Signed-off-by: Seena Fallah --- s3tests_boto3/functional/test_s3.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/s3tests_boto3/functional/test_s3.py b/s3tests_boto3/functional/test_s3.py index 39da62e..dbd8e75 100644 --- a/s3tests_boto3/functional/test_s3.py +++ b/s3tests_boto3/functional/test_s3.py @@ -12984,6 +12984,23 @@ def test_block_public_policy(): check_access_denied(client.put_bucket_policy, Bucket=bucket_name, Policy=policy_document) +def test_block_public_policy_with_principal(): + bucket_name = get_new_bucket() + client = get_client() + + access_conf = {'BlockPublicAcls': False, + 'IgnorePublicAcls': False, + 'BlockPublicPolicy': True, + 'RestrictPublicBuckets': False} + + client.put_public_access_block(Bucket=bucket_name, PublicAccessBlockConfiguration=access_conf) + resource = _make_arn_resource("{}/{}".format(bucket_name, "*")) + policy_document = make_json_policy("s3:GetObject", + resource, principal={"AWS": "arn:aws:iam::s3tenant1:root"}) + + client.put_bucket_policy(Bucket=bucket_name, Policy=policy_document) + + def test_ignore_public_acls(): bucket_name = get_new_bucket() client = get_client()