S3 - PutObject cant specify ACL and Grant (#4550)
This commit is contained in:
		
							parent
							
								
									e54e5cdb95
								
							
						
					
					
						commit
						dfb380d887
					
				| @ -347,6 +347,18 @@ class S3InvalidTokenError(S3ClientError): | |||||||
|         ) |         ) | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
|  | class S3AclAndGrantError(S3ClientError): | ||||||
|  |     code = 400 | ||||||
|  | 
 | ||||||
|  |     def __init__(self, *args, **kwargs): | ||||||
|  |         super(S3AclAndGrantError, self).__init__( | ||||||
|  |             "InvalidRequest", | ||||||
|  |             "Specifying both Canned ACLs and Header Grants is not allowed", | ||||||
|  |             *args, | ||||||
|  |             **kwargs, | ||||||
|  |         ) | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
| class BucketInvalidTokenError(BucketError): | class BucketInvalidTokenError(BucketError): | ||||||
|     code = 400 |     code = 400 | ||||||
| 
 | 
 | ||||||
|  | |||||||
| @ -46,6 +46,7 @@ from .exceptions import ( | |||||||
|     IllegalLocationConstraintException, |     IllegalLocationConstraintException, | ||||||
|     InvalidNotificationARN, |     InvalidNotificationARN, | ||||||
|     InvalidNotificationEvent, |     InvalidNotificationEvent, | ||||||
|  |     S3AclAndGrantError, | ||||||
|     InvalidObjectState, |     InvalidObjectState, | ||||||
|     ObjectNotInActiveTierError, |     ObjectNotInActiveTierError, | ||||||
|     NoSystemTags, |     NoSystemTags, | ||||||
| @ -1730,8 +1731,6 @@ class ResponseObject(_TemplateEnvironmentMixin, ActionAuthenticatorMixin): | |||||||
| 
 | 
 | ||||||
|     def _acl_from_headers(self, headers): |     def _acl_from_headers(self, headers): | ||||||
|         canned_acl = headers.get("x-amz-acl", "") |         canned_acl = headers.get("x-amz-acl", "") | ||||||
|         if canned_acl: |  | ||||||
|             return get_canned_acl(canned_acl) |  | ||||||
| 
 | 
 | ||||||
|         grants = [] |         grants = [] | ||||||
|         for header, value in headers.items(): |         for header, value in headers.items(): | ||||||
| @ -1758,6 +1757,10 @@ class ResponseObject(_TemplateEnvironmentMixin, ActionAuthenticatorMixin): | |||||||
|                     grantees.append(FakeGrantee(uri=value)) |                     grantees.append(FakeGrantee(uri=value)) | ||||||
|             grants.append(FakeGrant(grantees, [permission])) |             grants.append(FakeGrant(grantees, [permission])) | ||||||
| 
 | 
 | ||||||
|  |         if canned_acl and grants: | ||||||
|  |             raise S3AclAndGrantError() | ||||||
|  |         if canned_acl: | ||||||
|  |             return get_canned_acl(canned_acl) | ||||||
|         if grants: |         if grants: | ||||||
|             return FakeAcl(grants) |             return FakeAcl(grants) | ||||||
|         else: |         else: | ||||||
|  | |||||||
| @ -326,3 +326,29 @@ def test_acl_setting_via_headers_boto3(): | |||||||
|             "Permission": "READ", |             "Permission": "READ", | ||||||
|         } |         } | ||||||
|     ) |     ) | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | @mock_s3 | ||||||
|  | def test_raise_exception_for_grant_and_acl(): | ||||||
|  |     client = boto3.client("s3") | ||||||
|  |     s3 = boto3.resource("s3") | ||||||
|  |     bucket_name = "bucketname" | ||||||
|  |     client.create_bucket(Bucket=bucket_name) | ||||||
|  |     bucket = s3.Bucket(bucket_name) | ||||||
|  |     acl = client.get_bucket_acl(Bucket=bucket_name) | ||||||
|  |     acl_grantee_id = acl["Owner"]["ID"] | ||||||
|  | 
 | ||||||
|  |     # This should raise an exception or provide some error message, but runs without exception instead. | ||||||
|  |     with pytest.raises(ClientError) as exc: | ||||||
|  |         bucket.put_object( | ||||||
|  |             ACL="bucket-owner-full-control", | ||||||
|  |             Body="example-file-path", | ||||||
|  |             Key="example-key", | ||||||
|  |             ContentType="text/plain", | ||||||
|  |             GrantFullControl=f'id="{acl_grantee_id}"', | ||||||
|  |         ) | ||||||
|  |     err = exc.value.response["Error"] | ||||||
|  |     err["Code"].should.equal("InvalidRequest") | ||||||
|  |     err["Message"].should.equal( | ||||||
|  |         "Specifying both Canned ACLs and Header Grants is not allowed" | ||||||
|  |     ) | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user