118 lines
3.9 KiB
Python
118 lines
3.9 KiB
Python
import re
|
|
from uuid import uuid4
|
|
|
|
import boto3
|
|
import pytest
|
|
from botocore.client import ClientError
|
|
|
|
from moto import mock_aws
|
|
from tests.test_s3 import s3_aws_verified
|
|
|
|
|
|
@mock_aws
|
|
def test_get_unknown_access_point():
|
|
client = boto3.client("s3control", region_name="ap-southeast-1")
|
|
|
|
with pytest.raises(ClientError) as exc:
|
|
client.get_access_point(AccountId="111111111111", Name="ap_name")
|
|
err = exc.value.response["Error"]
|
|
assert err["Code"] == "NoSuchAccessPoint"
|
|
assert err["Message"] == "The specified accesspoint does not exist"
|
|
assert err["AccessPointName"] == "ap_name"
|
|
|
|
|
|
@mock_aws
|
|
def test_get_access_point_minimal():
|
|
client = boto3.client("s3control", region_name="ap-southeast-1")
|
|
client.create_access_point(
|
|
AccountId="111111111111", Name="ap_name", Bucket="mybucket"
|
|
)
|
|
|
|
resp = client.get_access_point(AccountId="111111111111", Name="ap_name")
|
|
|
|
assert resp["Name"] == "ap_name"
|
|
assert resp["Bucket"] == "mybucket"
|
|
assert resp["NetworkOrigin"] == "Internet"
|
|
assert resp["PublicAccessBlockConfiguration"] == {
|
|
"BlockPublicAcls": True,
|
|
"IgnorePublicAcls": True,
|
|
"BlockPublicPolicy": True,
|
|
"RestrictPublicBuckets": True,
|
|
}
|
|
assert "CreationDate" in resp
|
|
assert "Alias" in resp
|
|
assert re.match("ap_name-[a-z0-9]+-s3alias", resp["Alias"])
|
|
assert resp["AccessPointArn"] == (
|
|
"arn:aws:s3:us-east-1:111111111111:accesspoint/ap_name"
|
|
)
|
|
assert "Endpoints" in resp
|
|
|
|
assert resp["Endpoints"]["ipv4"] == "s3-accesspoint.us-east-1.amazonaws.com"
|
|
assert resp["Endpoints"]["fips"] == "s3-accesspoint-fips.us-east-1.amazonaws.com"
|
|
assert resp["Endpoints"]["fips_dualstack"] == (
|
|
"s3-accesspoint-fips.dualstack.us-east-1.amazonaws.com"
|
|
)
|
|
assert resp["Endpoints"]["dualstack"] == (
|
|
"s3-accesspoint.dualstack.us-east-1.amazonaws.com"
|
|
)
|
|
|
|
|
|
@mock_aws
|
|
def test_get_access_point_full():
|
|
client = boto3.client("s3control", region_name="ap-southeast-1")
|
|
client.create_access_point(
|
|
AccountId="111111111111",
|
|
Name="ap_name",
|
|
Bucket="mybucket",
|
|
VpcConfiguration={"VpcId": "sth"},
|
|
PublicAccessBlockConfiguration={
|
|
"BlockPublicAcls": False,
|
|
"IgnorePublicAcls": False,
|
|
"BlockPublicPolicy": False,
|
|
"RestrictPublicBuckets": False,
|
|
},
|
|
)
|
|
|
|
resp = client.get_access_point(AccountId="111111111111", Name="ap_name")
|
|
|
|
assert resp["Name"] == "ap_name"
|
|
assert resp["Bucket"] == "mybucket"
|
|
assert resp["NetworkOrigin"] == "VPC"
|
|
assert resp["VpcConfiguration"] == {"VpcId": "sth"}
|
|
assert resp["PublicAccessBlockConfiguration"] == {
|
|
"BlockPublicAcls": False,
|
|
"IgnorePublicAcls": False,
|
|
"BlockPublicPolicy": False,
|
|
"RestrictPublicBuckets": False,
|
|
}
|
|
|
|
|
|
@pytest.mark.aws_verified
|
|
@s3_aws_verified
|
|
def test_delete_access_point(bucket_name=None):
|
|
sts = boto3.client("sts", "us-east-1")
|
|
account_id = sts.get_caller_identity()["Account"]
|
|
|
|
client = boto3.client("s3control", region_name="us-east-1")
|
|
ap_name = "ap-" + str(uuid4())[0:6]
|
|
expected_arn = f"arn:aws:s3:us-east-1:{account_id}:accesspoint/{ap_name}"
|
|
|
|
create = client.create_access_point(
|
|
AccountId=account_id, Name=ap_name, Bucket=bucket_name
|
|
)
|
|
assert create["Alias"].startswith(ap_name)
|
|
assert create["Alias"].endswith("-s3alias")
|
|
assert create["AccessPointArn"] == expected_arn
|
|
|
|
get = client.get_access_point(AccountId=account_id, Name=ap_name)
|
|
assert get["Alias"] == create["Alias"]
|
|
assert get["AccessPointArn"] == expected_arn
|
|
|
|
client.delete_access_point(AccountId=account_id, Name=ap_name)
|
|
|
|
with pytest.raises(ClientError) as exc:
|
|
client.get_access_point(AccountId=account_id, Name=ap_name)
|
|
err = exc.value.response["Error"]
|
|
assert err["Code"] == "NoSuchAccessPoint"
|
|
assert err["Message"] == "The specified accesspoint does not exist"
|