2022-02-24 19:07:54 -01:00
|
|
|
import boto3
|
|
|
|
|
import pytest
|
|
|
|
|
from botocore.client import ClientError
|
2023-11-30 07:55:51 -08:00
|
|
|
|
2024-01-07 12:03:33 +00:00
|
|
|
from moto import mock_aws
|
2022-02-24 19:07:54 -01:00
|
|
|
|
|
|
|
|
|
2024-01-07 12:03:33 +00:00
|
|
|
@mock_aws
|
2022-02-24 19:07:54 -01:00
|
|
|
def test_get_access_point_policy():
|
|
|
|
|
client = boto3.client("s3control", region_name="us-west-2")
|
|
|
|
|
client.create_access_point(
|
|
|
|
|
AccountId="111111111111", Name="ap_name", Bucket="mybucket"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
policy = """{
|
|
|
|
|
"Version": "2012-10-17",
|
|
|
|
|
"Statement": [
|
|
|
|
|
{
|
|
|
|
|
"Sid": "",
|
|
|
|
|
"Effect": "Allow",
|
|
|
|
|
"Action": "s3:GetObjectTagging",
|
|
|
|
|
"Resource": "arn:aws:s3:us-east-1:123456789012:accesspoint/mybucket/object/*",
|
|
|
|
|
"Principal": {
|
|
|
|
|
"AWS": "*"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}"""
|
|
|
|
|
client.put_access_point_policy(
|
|
|
|
|
AccountId="111111111111", Name="ap_name", Policy=policy
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
resp = client.get_access_point_policy(AccountId="111111111111", Name="ap_name")
|
2023-08-04 17:51:28 -04:00
|
|
|
assert "Policy" in resp
|
|
|
|
|
assert resp["Policy"] == policy
|
2022-02-24 19:07:54 -01:00
|
|
|
|
|
|
|
|
|
2024-01-07 12:03:33 +00:00
|
|
|
@mock_aws
|
2022-02-24 19:07:54 -01:00
|
|
|
def test_get_unknown_access_point_policy():
|
|
|
|
|
client = boto3.client("s3control", region_name="ap-southeast-1")
|
|
|
|
|
client.create_access_point(
|
|
|
|
|
AccountId="111111111111", Name="ap_name", Bucket="mybucket"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
with pytest.raises(ClientError) as exc:
|
|
|
|
|
client.get_access_point_policy(AccountId="111111111111", Name="ap_name")
|
|
|
|
|
err = exc.value.response["Error"]
|
2023-08-04 17:51:28 -04:00
|
|
|
assert err["Code"] == "NoSuchAccessPointPolicy"
|
|
|
|
|
assert err["Message"] == "The specified accesspoint policy does not exist"
|
|
|
|
|
assert err["AccessPointName"] == "ap_name"
|
2022-02-24 19:07:54 -01:00
|
|
|
|
|
|
|
|
|
2024-01-07 12:03:33 +00:00
|
|
|
@mock_aws
|
2022-02-24 19:07:54 -01:00
|
|
|
def test_get_access_point_policy_status():
|
|
|
|
|
client = boto3.client("s3control", region_name="us-west-2")
|
|
|
|
|
client.create_access_point(
|
|
|
|
|
AccountId="111111111111", Name="ap_name", Bucket="mybucket"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
policy = """{
|
|
|
|
|
"Version": "2012-10-17",
|
|
|
|
|
"Statement": [
|
|
|
|
|
{
|
|
|
|
|
"Sid": "",
|
|
|
|
|
"Effect": "Allow",
|
|
|
|
|
"Action": "s3:GetObjectTagging",
|
|
|
|
|
"Resource": "arn:aws:s3:us-east-1:123456789012:accesspoint/mybucket/object/*",
|
|
|
|
|
"Principal": {
|
|
|
|
|
"AWS": "*"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}"""
|
|
|
|
|
client.put_access_point_policy(
|
|
|
|
|
AccountId="111111111111", Name="ap_name", Policy=policy
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
resp = client.get_access_point_policy_status(
|
|
|
|
|
AccountId="111111111111", Name="ap_name"
|
|
|
|
|
)
|
2023-08-04 17:51:28 -04:00
|
|
|
assert "PolicyStatus" in resp
|
|
|
|
|
assert resp["PolicyStatus"] == {"IsPublic": True}
|
2022-02-24 19:07:54 -01:00
|
|
|
|
|
|
|
|
|
2024-01-07 12:03:33 +00:00
|
|
|
@mock_aws
|
2022-02-24 19:07:54 -01:00
|
|
|
def test_delete_access_point_policy():
|
|
|
|
|
client = boto3.client("s3control", region_name="us-west-2")
|
|
|
|
|
client.create_access_point(
|
|
|
|
|
AccountId="111111111111", Name="ap_name", Bucket="mybucket"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
policy = """some json policy"""
|
|
|
|
|
client.put_access_point_policy(
|
|
|
|
|
AccountId="111111111111", Name="ap_name", Policy=policy
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
client.delete_access_point_policy(AccountId="111111111111", Name="ap_name")
|
|
|
|
|
|
|
|
|
|
with pytest.raises(ClientError) as exc:
|
|
|
|
|
client.get_access_point_policy(AccountId="111111111111", Name="ap_name")
|
|
|
|
|
err = exc.value.response["Error"]
|
2023-08-04 17:51:28 -04:00
|
|
|
assert err["Code"] == "NoSuchAccessPointPolicy"
|
2022-02-24 19:07:54 -01:00
|
|
|
|
|
|
|
|
|
2024-01-07 12:03:33 +00:00
|
|
|
@mock_aws
|
2022-02-24 19:07:54 -01:00
|
|
|
def test_get_unknown_access_point_policy_status():
|
|
|
|
|
client = boto3.client("s3control", region_name="ap-southeast-1")
|
|
|
|
|
client.create_access_point(
|
|
|
|
|
AccountId="111111111111", Name="ap_name", Bucket="mybucket"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
with pytest.raises(ClientError) as exc:
|
|
|
|
|
client.get_access_point_policy_status(AccountId="111111111111", Name="ap_name")
|
|
|
|
|
err = exc.value.response["Error"]
|
2023-08-04 17:51:28 -04:00
|
|
|
assert err["Code"] == "NoSuchAccessPointPolicy"
|
|
|
|
|
assert err["Message"] == "The specified accesspoint policy does not exist"
|
|
|
|
|
assert err["AccessPointName"] == "ap_name"
|
