Skip to content

Commit

Permalink
Fixes bucket policy NotAction issue
Browse files Browse the repository at this point in the history
Signed-off-by: Uday Kurundwade <[email protected]>
  • Loading branch information
udaysk23 authored and openshift-cherrypick-robot committed Jan 8, 2025
1 parent 4cfcfc8 commit 2048878
Showing 1 changed file with 12 additions and 8 deletions.
20 changes: 12 additions & 8 deletions tests/functional/object/mcg/test_bucket_policy.py
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@
s3_delete_bucket_website,
s3_get_bucket_versioning,
s3_put_bucket_versioning,
s3_list_objects_v2,
list_multipart_upload,
list_uploaded_parts,
complete_multipart_upload,
Expand Down Expand Up @@ -942,17 +943,20 @@ def test_bucket_policy_elements_NotAction(self, mcg_obj, bucket_factory, effect)
"""

# Creating obc and obc object to get account details, keys etc
obc_bucket = bucket_factory(amount=1, interface="OC")
obc_bucket = bucket_factory(amount=2, interface="OC")
obc_obj = OBC(obc_bucket[0].name)
obc_obj1 = OBC(obc_bucket[1].name)

# Set bucket policy for user
bucket_policy_generated = gen_bucket_policy(
user_list=obc_obj.obc_account,
user_list=obc_obj1.obc_account,
action_property="NotAction",
actions_list=["DeleteBucket"],
resources_list=[f'{obc_obj.bucket_name}/{"*"}'],
effect=effect,
)
if effect == "Allow":
bucket_policy_generated["Statement"][0]["NotAction"][0] = "s3:ListBucket"
bucket_policy = json.dumps(bucket_policy_generated)

# Add Bucket Policy
Expand All @@ -971,19 +975,19 @@ def test_bucket_policy_elements_NotAction(self, mcg_obj, bucket_factory, effect)
# Put Object is allowed
logger.info("Writing index data to the bucket")
assert s3_put_object(
s3_obj=obc_obj,
s3_obj=obc_obj1,
bucketname=obc_obj.bucket_name,
object_key="index.html",
data=index,
content_type="text/html",
), "Failed to put object."

# Delete bucket get access denied.
logger.info(f"Deleting bucket {obc_obj.bucket_name}")
# List bucket get access denied.
logger.info(f"Listing bucket objects {obc_obj.bucket_name}")
try:
s3_delete_bucket_website(s3_obj=obc_obj, bucketname=obc_obj.bucket_name)
s3_list_objects_v2(s3_obj=obc_obj1, bucketname=obc_obj.bucket_name)
raise UnexpectedBehaviour(
"Failed: Bucket got deleted, expect to get AccessDenied."
"Failed: Object got listed, expect to get AccessDenied."
)
except boto3exception.ClientError as e:
logger.info(e.response)
Expand All @@ -1000,7 +1004,7 @@ def test_bucket_policy_elements_NotAction(self, mcg_obj, bucket_factory, effect)
logger.info("Writing index data to the bucket")
try:
s3_put_object(
s3_obj=obc_obj,
s3_obj=obc_obj1,
bucketname=obc_obj.bucket_name,
object_key="index.html",
data=index,
Expand Down

0 comments on commit 2048878

Please sign in to comment.