Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

S3 - PutObject cant specify ACL and Grant (#4550)

Browse Source
This commit is contained in:
Bert Blommers 2021-11-09 21:49:37 -01:00 committed by GitHub
parent e54e5cdb95
commit dfb380d887
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 43 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
moto/s3/exceptions.py
View File

@ -347,6 +347,18 @@ class S3InvalidTokenError(S3ClientError):
) )
class S3AclAndGrantError(S3ClientError):
code = 400
def __init__(self, *args, **kwargs):
super(S3AclAndGrantError, self).__init__(
"InvalidRequest",
"Specifying both Canned ACLs and Header Grants is not allowed",
*args,
**kwargs,
)
class BucketInvalidTokenError(BucketError): class BucketInvalidTokenError(BucketError):
code = 400 code = 400

7
moto/s3/responses.py
View File

@ -46,6 +46,7 @@ from .exceptions import (
IllegalLocationConstraintException, IllegalLocationConstraintException,
InvalidNotificationARN, InvalidNotificationARN,
InvalidNotificationEvent, InvalidNotificationEvent,
S3AclAndGrantError,
InvalidObjectState, InvalidObjectState,
ObjectNotInActiveTierError, ObjectNotInActiveTierError,
NoSystemTags, NoSystemTags,
@ -1730,8 +1731,6 @@ class ResponseObject(_TemplateEnvironmentMixin, ActionAuthenticatorMixin):
def _acl_from_headers(self, headers): def _acl_from_headers(self, headers):
canned_acl = headers.get("x-amz-acl", "") canned_acl = headers.get("x-amz-acl", "")
if canned_acl:
return get_canned_acl(canned_acl)
grants = [] grants = []
for header, value in headers.items(): for header, value in headers.items():
@ -1758,6 +1757,10 @@ class ResponseObject(_TemplateEnvironmentMixin, ActionAuthenticatorMixin):
grantees.append(FakeGrantee(uri=value)) grantees.append(FakeGrantee(uri=value))
grants.append(FakeGrant(grantees, [permission])) grants.append(FakeGrant(grantees, [permission]))
if canned_acl and grants:
raise S3AclAndGrantError()
if canned_acl:
return get_canned_acl(canned_acl)
if grants: if grants:
return FakeAcl(grants) return FakeAcl(grants)
else: else:

26
tests/test_s3/test_s3_acl.py
View File

@ -326,3 +326,29 @@ def test_acl_setting_via_headers_boto3():
"Permission": "READ", "Permission": "READ",
} }
) )
@mock_s3
def test_raise_exception_for_grant_and_acl():
client = boto3.client("s3")
s3 = boto3.resource("s3")
bucket_name = "bucketname"
client.create_bucket(Bucket=bucket_name)
bucket = s3.Bucket(bucket_name)
acl = client.get_bucket_acl(Bucket=bucket_name)
acl_grantee_id = acl["Owner"]["ID"]
# This should raise an exception or provide some error message, but runs without exception instead.
with pytest.raises(ClientError) as exc:
bucket.put_object(
ACL="bucket-owner-full-control",
Body="example-file-path",
Key="example-key",
ContentType="text/plain",
GrantFullControl=f'id="{acl_grantee_id}"',
)
err = exc.value.response["Error"]
err["Code"].should.equal("InvalidRequest")
err["Message"].should.equal(
"Specifying both Canned ACLs and Header Grants is not allowed"
)