2022-01-18 20:10:22 +00:00
|
|
|
import boto3
|
|
|
|
import pytest
|
|
|
|
import sure # noqa # pylint: disable=unused-import
|
|
|
|
|
|
|
|
from boto3 import Session
|
|
|
|
from botocore.client import ClientError
|
2022-02-24 21:35:07 +00:00
|
|
|
from moto import mock_s3control
|
2022-01-18 20:10:22 +00:00
|
|
|
|
|
|
|
|
2022-02-24 21:35:07 +00:00
|
|
|
@mock_s3control
|
|
|
|
def test_get_public_access_block_for_account():
|
2022-05-08 22:25:40 +00:00
|
|
|
from moto.core import ACCOUNT_ID
|
2022-01-18 20:10:22 +00:00
|
|
|
|
2022-02-24 21:35:07 +00:00
|
|
|
client = boto3.client("s3control", region_name="us-west-2")
|
2022-01-18 20:10:22 +00:00
|
|
|
|
2022-02-24 21:35:07 +00:00
|
|
|
# With an invalid account ID:
|
|
|
|
with pytest.raises(ClientError) as ce:
|
|
|
|
client.get_public_access_block(AccountId="111111111111")
|
|
|
|
assert ce.value.response["Error"]["Code"] == "AccessDenied"
|
2022-01-18 20:10:22 +00:00
|
|
|
|
2022-02-24 21:35:07 +00:00
|
|
|
# Without one defined:
|
|
|
|
with pytest.raises(ClientError) as ce:
|
|
|
|
client.get_public_access_block(AccountId=ACCOUNT_ID)
|
|
|
|
assert ce.value.response["Error"]["Code"] == "NoSuchPublicAccessBlockConfiguration"
|
2022-01-18 20:10:22 +00:00
|
|
|
|
2022-02-24 21:35:07 +00:00
|
|
|
# Put a with an invalid account ID:
|
|
|
|
with pytest.raises(ClientError) as ce:
|
|
|
|
client.put_public_access_block(
|
|
|
|
AccountId="111111111111",
|
|
|
|
PublicAccessBlockConfiguration={"BlockPublicAcls": True},
|
2022-01-18 20:10:22 +00:00
|
|
|
)
|
2022-02-24 21:35:07 +00:00
|
|
|
assert ce.value.response["Error"]["Code"] == "AccessDenied"
|
2022-01-18 20:10:22 +00:00
|
|
|
|
2022-02-24 21:35:07 +00:00
|
|
|
# Put with an invalid PAB:
|
|
|
|
with pytest.raises(ClientError) as ce:
|
2022-01-18 20:10:22 +00:00
|
|
|
client.put_public_access_block(
|
2022-02-24 21:35:07 +00:00
|
|
|
AccountId=ACCOUNT_ID, PublicAccessBlockConfiguration={}
|
2022-01-18 20:10:22 +00:00
|
|
|
)
|
2022-02-24 21:35:07 +00:00
|
|
|
assert ce.value.response["Error"]["Code"] == "InvalidRequest"
|
|
|
|
assert (
|
|
|
|
"Must specify at least one configuration."
|
|
|
|
in ce.value.response["Error"]["Message"]
|
|
|
|
)
|
2022-01-18 20:10:22 +00:00
|
|
|
|
2022-02-24 21:35:07 +00:00
|
|
|
# Correct PAB:
|
|
|
|
client.put_public_access_block(
|
|
|
|
AccountId=ACCOUNT_ID,
|
|
|
|
PublicAccessBlockConfiguration={
|
|
|
|
"BlockPublicAcls": True,
|
|
|
|
"IgnorePublicAcls": True,
|
|
|
|
"BlockPublicPolicy": True,
|
|
|
|
"RestrictPublicBuckets": True,
|
|
|
|
},
|
|
|
|
)
|
2022-01-18 20:10:22 +00:00
|
|
|
|
2022-02-24 21:35:07 +00:00
|
|
|
# Get the correct PAB (for all regions):
|
|
|
|
for region in Session().get_available_regions("s3control"):
|
|
|
|
region_client = boto3.client("s3control", region_name=region)
|
|
|
|
assert region_client.get_public_access_block(AccountId=ACCOUNT_ID)[
|
|
|
|
"PublicAccessBlockConfiguration"
|
|
|
|
] == {
|
|
|
|
"BlockPublicAcls": True,
|
|
|
|
"IgnorePublicAcls": True,
|
|
|
|
"BlockPublicPolicy": True,
|
|
|
|
"RestrictPublicBuckets": True,
|
|
|
|
}
|
2022-01-18 20:10:22 +00:00
|
|
|
|
2022-02-24 21:35:07 +00:00
|
|
|
# Delete with an invalid account ID:
|
|
|
|
with pytest.raises(ClientError) as ce:
|
|
|
|
client.delete_public_access_block(AccountId="111111111111")
|
|
|
|
assert ce.value.response["Error"]["Code"] == "AccessDenied"
|
2022-01-18 20:10:22 +00:00
|
|
|
|
2022-02-24 21:35:07 +00:00
|
|
|
# Delete successfully:
|
|
|
|
client.delete_public_access_block(AccountId=ACCOUNT_ID)
|
|
|
|
|
|
|
|
# Confirm that it's deleted:
|
|
|
|
with pytest.raises(ClientError) as ce:
|
|
|
|
client.get_public_access_block(AccountId=ACCOUNT_ID)
|
|
|
|
assert ce.value.response["Error"]["Code"] == "NoSuchPublicAccessBlockConfiguration"
|