moto/tests/test_s3control/test_s3control_s3.py

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

129 lines
4.1 KiB
Python
Raw Permalink Normal View History

import boto3
2024-01-07 12:03:33 +00:00
from moto import mock_aws, settings
2022-08-13 09:49:43 +00:00
from moto.core import DEFAULT_ACCOUNT_ID as ACCOUNT_ID
REGION = "us-east-1"
if not settings.TEST_SERVER_MODE:
2024-01-07 12:03:33 +00:00
@mock_aws
def test_pab_are_kept_separate():
client = boto3.client("s3control", region_name=REGION)
s3_client = boto3.client("s3", region_name=REGION)
s3_client.create_bucket(Bucket="bucket")
client.put_public_access_block(
AccountId=ACCOUNT_ID,
PublicAccessBlockConfiguration={
"BlockPublicAcls": True,
"IgnorePublicAcls": True,
"BlockPublicPolicy": True,
"RestrictPublicBuckets": True,
},
)
s3_client.put_public_access_block(
Bucket="bucket",
PublicAccessBlockConfiguration={
"BlockPublicAcls": True,
"IgnorePublicAcls": False,
"BlockPublicPolicy": True,
"RestrictPublicBuckets": False,
},
)
pab_from_control = client.get_public_access_block(AccountId=ACCOUNT_ID)
assert pab_from_control["PublicAccessBlockConfiguration"] == {
"BlockPublicAcls": True,
"IgnorePublicAcls": True,
"BlockPublicPolicy": True,
"RestrictPublicBuckets": True,
}
pab_from_s3 = s3_client.get_public_access_block(Bucket="bucket")
assert pab_from_s3["PublicAccessBlockConfiguration"] == {
"BlockPublicAcls": True,
"IgnorePublicAcls": False,
"BlockPublicPolicy": True,
"RestrictPublicBuckets": False,
}
2024-01-07 12:03:33 +00:00
@mock_aws
def test_pab_are_kept_separate_with_inverse_mocks():
client = boto3.client("s3control", region_name=REGION)
s3_client = boto3.client("s3", region_name=REGION)
s3_client.create_bucket(Bucket="bucket")
client.put_public_access_block(
AccountId=ACCOUNT_ID,
PublicAccessBlockConfiguration={
"BlockPublicAcls": True,
"IgnorePublicAcls": True,
"BlockPublicPolicy": True,
"RestrictPublicBuckets": True,
},
)
s3_client.put_public_access_block(
Bucket="bucket",
PublicAccessBlockConfiguration={
"BlockPublicAcls": True,
"IgnorePublicAcls": False,
"BlockPublicPolicy": True,
"RestrictPublicBuckets": False,
},
)
pab_from_control = client.get_public_access_block(AccountId=ACCOUNT_ID)
assert pab_from_control["PublicAccessBlockConfiguration"] == {
"BlockPublicAcls": True,
"IgnorePublicAcls": True,
"BlockPublicPolicy": True,
"RestrictPublicBuckets": True,
}
pab_from_s3 = s3_client.get_public_access_block(Bucket="bucket")
assert pab_from_s3["PublicAccessBlockConfiguration"] == {
"BlockPublicAcls": True,
"IgnorePublicAcls": False,
"BlockPublicPolicy": True,
"RestrictPublicBuckets": False,
}
2024-01-07 12:03:33 +00:00
@mock_aws
def test_access_point_read_write():
# Setup
bucket = "test-bucket"
ap_client = boto3.client("s3control", region_name=REGION)
s3_client = boto3.client("s3", region_name=REGION)
s3_client.create_bucket(Bucket=bucket)
read_ap = ap_client.create_access_point(
AccountId=ACCOUNT_ID, Name="read-ap", Bucket=bucket
)
write_ap = ap_client.create_access_point(
AccountId=ACCOUNT_ID, Name="write-ap", Bucket=bucket
)
content = b"This is test content"
key = "test/object.txt"
# Execute
s3_client.put_object(
Bucket=write_ap["AccessPointArn"],
Key=key,
Body=content,
ContentType="text/plain",
)
# Verify
assert (
s3_client.get_object(Bucket=read_ap["AccessPointArn"], Key=key)[
"Body"
].read()
== content
)
assert s3_client.get_object(Bucket=bucket, Key=key)["Body"].read() == content