Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

IAM: Fix resource list matching (#5908)

Browse Source
This commit is contained in:
Viren Nadkarni 2023-02-07 19:54:59 +05:30 committed by GitHub
parent 8cc9518662
commit 749a8572ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
moto/iam/access_control.py
View File

@ -378,7 +378,7 @@ class IAMPolicyStatement(object):
if is_action_concerned: if is_action_concerned:
if self.is_unknown_principal(self._statement.get("Principal")): if self.is_unknown_principal(self._statement.get("Principal")):
return PermissionResult.NEUTRAL return PermissionResult.NEUTRAL
same_resource = self._match(self._statement["Resource"], resource) same_resource = self._check_element_matches("Resource", resource)
if self._statement["Effect"] == "Allow" and same_resource: if self._statement["Effect"] == "Allow" and same_resource:
return PermissionResult.PERMITTED return PermissionResult.PERMITTED
else: # Deny else: # Deny

14
tests/test_s3/test_s3_bucket_policy.py
View File

@ -37,6 +37,20 @@ class TestBucketPolicy:
({"resource": "arn:aws:s3:::mybucket/test_txt"}, 200), ({"resource": "arn:aws:s3:::mybucket/test_txt"}, 200),
({"resource": "arn:aws:s3:::notmybucket/*"}, 403), ({"resource": "arn:aws:s3:::notmybucket/*"}, 403),
({"resource": "arn:aws:s3:::mybucket/other*"}, 403), ({"resource": "arn:aws:s3:::mybucket/other*"}, 403),
({"resource": ["arn:aws:s3:::mybucket", "arn:aws:s3:::mybucket/*"]}, 200),
(
{
"resource": [
"arn:aws:s3:::notmybucket",
"arn:aws:s3:::notmybucket/*",
]
},
403,
),
(
{"resource": ["arn:aws:s3:::mybucket", "arn:aws:s3:::notmybucket/*"]},
403,
),
({"effect": "Deny"}, 403), ({"effect": "Deny"}, 403),
], ],
) )