Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2855 from mikegrima/s3tags

Browse Source 
Raise errors on tagging buckets with aws:*
This commit is contained in:
Bert Blommers 2020-03-31 09:14:52 +01:00 committed by GitHub
commit c80f63fc82
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
moto/s3/exceptions.py
View File

@ -368,3 +368,12 @@ class WrongPublicAccessBlockAccountIdError(S3ClientError):
super(WrongPublicAccessBlockAccountIdError, self).__init__( super(WrongPublicAccessBlockAccountIdError, self).__init__(
"AccessDenied", "Access Denied" "AccessDenied", "Access Denied"
) )
class NoSystemTags(S3ClientError):
code = 400
def __init__(self):
super(NoSystemTags, self).__init__(
"InvalidTag", "System tags cannot be added/updated by requester"
)

6
moto/s3/responses.py
View File

@ -34,6 +34,7 @@ from .exceptions import (
InvalidNotificationARN, InvalidNotificationARN,
InvalidNotificationEvent, InvalidNotificationEvent,
ObjectNotInActiveTierError, ObjectNotInActiveTierError,
NoSystemTags,
) )
from .models import ( from .models import (
s3_backend, s3_backend,
@ -1399,6 +1400,11 @@ class ResponseObject(_TemplateEnvironmentMixin, ActionAuthenticatorMixin):
for tag in parsed_xml["Tagging"]["TagSet"]["Tag"]: for tag in parsed_xml["Tagging"]["TagSet"]["Tag"]:
tags.append(FakeTag(tag["Key"], tag["Value"])) tags.append(FakeTag(tag["Key"], tag["Value"]))
# Verify that "aws:" is not in the tags. If so, then this is a problem:
for tag in tags:
if tag.key.startswith("aws:"):
raise NoSystemTags()
tag_set = FakeTagSet(tags) tag_set = FakeTagSet(tags)
tagging = FakeTagging(tag_set) tagging = FakeTagging(tag_set)
return tagging return tagging

18
tests/test_s3/test_s3.py
View File

@ -2413,6 +2413,24 @@ def test_boto3_put_bucket_tagging():
"Cannot provide multiple Tags with the same key" "Cannot provide multiple Tags with the same key"
) )
# Cannot put tags that are "system" tags - i.e. tags that start with "aws:"
with assert_raises(ClientError) as ce:
s3.put_bucket_tagging(
Bucket=bucket_name,
Tagging={"TagSet": [{"Key": "aws:sometag", "Value": "nope"}]},
)
e = ce.exception
e.response["Error"]["Code"].should.equal("InvalidTag")
e.response["Error"]["Message"].should.equal(
"System tags cannot be added/updated by requester"
)
# This is OK though:
s3.put_bucket_tagging(
Bucket=bucket_name,
Tagging={"TagSet": [{"Key": "something:aws:stuff", "Value": "this is fine"}]},
)
@mock_s3 @mock_s3
def test_boto3_get_bucket_tagging(): def test_boto3_get_bucket_tagging():