How to use put_bucket_policy method in localstack

Best Python code snippet using localstack_python

policy_spec.py

Source:policy_spec.py Github

copy

Full Screen

...111test_msg = "Create User lyve_-iam101303"112user1_response_pattern = "UserId = [\w-]*, ARN = [\S]*, Path = /$"113result = AuthTest(test_msg).create_user(**user_args).execute_test()114result.command_should_match_pattern(user1_response_pattern)115AwsTest("Aws can put policy on bucket").put_bucket_policy("usernametestbucket",user_name_testing).execute_test().command_is_successful()116AwsTest('Aws can delete bucket').delete_bucket("usernametestbucket").execute_test().command_is_successful()117result = AuthTest(test_msg).delete_user(**user_args).execute_test()118result.command_response_should_have("User deleted.")119120121122AwsTest('Aws can create bucket').create_bucket("seagate").execute_test().command_is_successful()123124AwsTest("Aws can get policy on bucket").get_bucket_policy("seagate").execute_test(negative_case=True).command_should_fail().command_error_should_have("NoSuchBucketPolicy")125126AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy).execute_test().command_is_successful()127128AwsTest("Aws can get policy on bucket").get_bucket_policy("seagate").execute_test().command_is_successful().command_response_should_have("Resource")129130AwsTest("Aws can delete policy on bucket").delete_bucket_policy("seagate").execute_test().command_is_successful()131132AwsTest("Aws can get policy on bucket").get_bucket_policy("seagate").execute_test(negative_case=True).command_should_fail().command_error_should_have("NoSuchBucketPolicy")133134AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_put_bucket).execute_test().command_is_successful()135136AwsTest("Aws can get policy on bucket").get_bucket_policy("seagate").execute_test().command_is_successful().command_response_should_have("Resource")137138AwsTest("Aws can delete policy on bucket").delete_bucket_policy("seagate").execute_test().command_is_successful()139140AwsTest("Aws can get policy on bucket").get_bucket_policy("seagate").execute_test(negative_case=True).command_should_fail().command_error_should_have("NoSuchBucketPolicy")141142#put-bucket-policy - Effect field absent143policy_put_bucket_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_put_bucket_effect_missing.txt')144policy_put_bucket = "file://" + os.path.abspath(policy_put_bucket_relative)145AwsTest("Put Bucket Policy with Effect field missing").put_bucket_policy("seagate", policy_put_bucket).execute_test(negative_case=True).command_should_fail().command_error_should_have("MalformedPolicy")146147148#put-bucket-policy - Resource-Action field unrelated149policy_put_bucket_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_put_bucket_resource_action_unrelated.txt')150policy_put_bucket = "file://" + os.path.abspath(policy_put_bucket_relative)151AwsTest("Put Bucket Policy with unrelated Resource and Action").put_bucket_policy("seagate", policy_put_bucket).execute_test(negative_case=True).command_should_fail().command_error_should_have("MalformedPolicy")152153154#put-bucket-policy - Action field accepts wild-card characters155policy_put_bucket_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_put_bucket_action_with_wildcards.txt')156policy_put_bucket = "file://" + os.path.abspath(policy_put_bucket_relative)157AwsTest("Put Bucket Policy with WildCard chars in Action").put_bucket_policy("seagate", policy_put_bucket).execute_test().command_is_successful()158159160#put-bucket-policy - Invalid field in policy161policy_put_bucket_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_put_bucket_invalid_field_present.txt')162policy_put_bucket = "file://" + os.path.abspath(policy_put_bucket_relative)163AwsTest("Put Bucket Policy with invalid field in policy json").put_bucket_policy("seagate", policy_put_bucket).execute_test(negative_case=True).command_should_fail().command_error_should_have("MalformedPolicy")164165166#put-bucket-policy - Fields not in order167policy_put_bucket_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_put_bucket_improper_field_order.txt')168policy_put_bucket = "file://" + os.path.abspath(policy_put_bucket_relative)169AwsTest("Put Bucket Policy with improper order of fields in policy json").put_bucket_policy("seagate", policy_put_bucket).execute_test(negative_case=True).command_should_fail().command_error_should_have("MalformedPolicy")170171172#put-bucket-policy - Multiple resources173policy_put_bucket_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_put_bucket_with_multiple_resources.txt')174policy_put_bucket = "file://" + os.path.abspath(policy_put_bucket_relative)175AwsTest("Put Bucket Policy with multiple resources in policy json").put_bucket_policy("seagate", policy_put_bucket).execute_test().command_is_successful()176177#put-bucket-policy - Invalid Action178policy_put_bucket_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_put_bucket_with_invalid_action.txt')179policy_put_bucket = "file://" + os.path.abspath(policy_put_bucket_relative)180AwsTest("Put Bucket Policy with invalid Action in policy json").put_bucket_policy("seagate", policy_put_bucket).execute_test(negative_case=True).command_should_fail().command_error_should_have("MalformedPolicy")181182#put-bucket-policy - Invalid Principal183policy_put_bucket_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_put_bucket_invalid_principal.txt')184policy_put_bucket = "file://" + os.path.abspath(policy_put_bucket_relative)185AwsTest("Put Bucket Policy with invalid Principal ID in policy json").put_bucket_policy("seagate", policy_put_bucket).execute_test(negative_case=True).command_should_fail().command_error_should_have("MalformedPolicy")186187188#put-bucket-policy - Valid principal189policy_put_bucket_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_put_bucket_with_valid_principal.txt')190policy_put_bucket = "file://" + os.path.abspath(policy_put_bucket_relative)191AwsTest("Put Bucket Policy with valid Principal in policy json").put_bucket_policy("seagate", policy_put_bucket).execute_test().command_is_successful()192193194#put-bucket-policy - 20KB policy size195policy_put_bucket_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_put_bucket_valid_policy_size_20KB.txt')196policy_put_bucket = "file://" + os.path.abspath(policy_put_bucket_relative)197AwsTest("Put Bucket Policy with 20KB policy size").put_bucket_policy("seagate", policy_put_bucket).execute_test().command_is_successful()198199#TODO below test fails intermittently with 'Connection aborted' error200#put-bucket-policy - 1MB large policy file201#policy_put_bucket_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_put_bucket_invalid_policy_size_1MB.txt')202#policy_put_bucket = "file://" + os.path.abspath(policy_put_bucket_relative)203#AwsTest("Put Bucket Policy with 1MB policy size should fail").put_bucket_policy("seagate", policy_put_bucket).execute_test(negative_case=True).command_should_fail().command_error_should_have("MalformedPolicy")204205206# Validate Conditions in Bucket Policy207AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_condition_StringEquals_success).execute_test().command_is_successful()208209AwsTest("Aws can get policy on bucket").get_bucket_policy("seagate").execute_test().command_is_successful().command_response_should_have("s3:x-amz-acl")210211AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_condition_ArnLike_success).execute_test(negative_case=True).command_should_fail().command_error_should_have("MalformedPolicy")212213AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_condition_StringLike_success).execute_test().command_is_successful()214215AwsTest("Aws can get policy on bucket").get_bucket_policy("seagate").execute_test().command_is_successful().command_response_should_have("s3:x-amz-acl")216217AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_condition_StringEqualsIfExists_success).execute_test().command_is_successful()218219AwsTest("Aws can get policy on bucket").get_bucket_policy("seagate").execute_test().command_is_successful().command_response_should_have("s3:x-amz-acl")220221AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_condition_Bool_success).execute_test().command_is_successful()222223AwsTest("Aws can get policy on bucket").get_bucket_policy("seagate").execute_test().command_is_successful().command_response_should_have("aws:SecureTransport")224225AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_condition_Bool_RandomKeyValue_success).execute_test().command_is_successful()226227AwsTest("Aws can get policy on bucket").get_bucket_policy("seagate").execute_test().command_is_successful().command_response_should_have("aws:xyz")228229AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_condition_Bool_invalidKey_fail).execute_test(negative_case=True).command_should_fail().command_error_should_have("MalformedPolicy")230231AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_condition_StringEquals_invalidKey_fail).execute_test(negative_case=True).command_should_fail().command_error_should_have("MalformedPolicy")232233AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_condition_NumericLessThanEquals_success).execute_test().command_is_successful()234235AwsTest("Aws can get policy on bucket").get_bucket_policy("seagate").execute_test().command_is_successful().command_response_should_have("s3:max-keys")236237AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_condition_DateLessThan_success).execute_test().command_is_successful()238239AwsTest("Aws can get policy on bucket").get_bucket_policy("seagate").execute_test().command_is_successful().command_response_should_have("aws:CurrentTime")240241AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_condition_BinaryEquals_success).execute_test(negative_case=True).command_should_fail().command_error_should_have("MalformedPolicy")242243AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_condition_BinaryEquals_invalidValue_fail).execute_test(negative_case=True).command_should_fail().command_error_should_have("MalformedPolicy")244245AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_condition_StringLike_invalidKey_fail).execute_test(negative_case=True).command_should_fail().command_error_should_have("MalformedPolicy")246247AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_condition_StringLikeIfExists_success).execute_test().command_is_successful()248249AwsTest("Aws can get policy on bucket").get_bucket_policy("seagate").execute_test().command_is_successful().command_response_should_have("s3:x-amz-acl")250251AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_condition_combination_fail).execute_test(negative_case=True).command_should_fail().command_error_should_have("Conditions do not apply to combination of actions and resources in statement")252253254############### Authorize Policy #######################255print("Authorizing policy tests start....")256257def load_test_config():258 conf_file = os.path.join(os.path.dirname(__file__),'s3iamcli_test_config.yaml')259 with open(conf_file, 'r') as f:260 config = yaml.safe_load(f)261 S3ClientConfig.ldapuser = config['ldapuser']262 S3ClientConfig.ldappasswd = config['ldappasswd']263264265load_test_config()266#put-bucket-policy - Valid principal267policy_put_bucket_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'get_bucket_policy_restricted_cross_account.txt')268policy_put_bucket = "file://" + os.path.abspath(policy_put_bucket_relative)269AwsTest("Put Bucket Policy with Allow access for all").put_bucket_policy("seagate", policy_put_bucket).execute_test().command_is_successful()270271# Create secondary account272test_msg = "Create account newaccount"273account_args = {'AccountName': 'newaccount', 'Email': 'newaccount@seagate.com', 'ldapuser': S3ClientConfig.ldapuser, 'ldappasswd': S3ClientConfig.ldappasswd}274account_response_pattern = "AccountId = [\w-]*, CanonicalId = [\w-]*, RootUserName = [\w+=,.@-]*, AccessKeyId = [\w-]*, SecretKey = [\w/+]*$"275result = AuthTest(test_msg).create_account(**account_args).execute_test()276result.command_should_match_pattern(account_response_pattern)277account_response_elements = AuthTest.get_response_elements(result.status.stdout)278secondary_access_key = account_response_elements['AccessKeyId']279secondary_secret_key = account_response_elements['SecretKey']280S3ClientConfig.access_key_id = secondary_access_key281S3ClientConfig.secret_key = secondary_secret_key282print(secondary_access_key)283print(secondary_secret_key)284os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key285os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key286287AwsTest("Cross account can not perform GetBucketPolicy").get_bucket_policy("seagate").execute_test(negative_case=True).command_should_fail().command_error_should_have("MethodNotAllowed")288289# Test access for IAM user under bucket owner account290# IAM user can peform Get,PUT and DELETE bucket policy operations if granted access291# Bucket owenr can perform Get,PUT and DELETE bucket policy operations even if denied access in policy292AwsTest('Aws can create bucket').create_bucket("newaccountbucket").execute_test().command_is_successful()293AwsTest("Aws can put policy on bucket").put_bucket_policy("newaccountbucket",policy_for_iam_user).execute_test().command_is_successful()294AwsTest("Aws can get policy on bucket").get_bucket_policy("newaccountbucket").execute_test().command_is_successful()295account_args['UserName'] = "u1"296test_msg = "Create User u1"297user1_response_pattern = "UserId = [\w-]*, ARN = [\S]*, Path = /$"298result = AuthTest(test_msg).create_user(**account_args).execute_test()299result.command_should_match_pattern(user1_response_pattern)300user_access_key_args = {}301accesskey_response_pattern = "AccessKeyId = [\w-]*, SecretAccessKey = [\w/+]*, Status = [\w]*$"302result = AuthTest(test_msg).create_access_key(**account_args).execute_test()303result.command_should_match_pattern(accesskey_response_pattern)304accesskey_response_elements = AuthTest.get_response_elements(result.status.stdout)305user_access_key_args['AccessKeyId'] = accesskey_response_elements['AccessKeyId']306user_access_key_args['SecretAccessKey'] = accesskey_response_elements['SecretAccessKey']307user_access_key_args['UserName'] = "u1"308os.environ["AWS_ACCESS_KEY_ID"] = accesskey_response_elements['AccessKeyId']309os.environ["AWS_SECRET_ACCESS_KEY"] = accesskey_response_elements['SecretAccessKey']310311AwsTest("IAM user can get policy on bucket").get_bucket_policy("newaccountbucket").execute_test().command_is_successful()312AwsTest("IAM user can delete policy on bucket").delete_bucket_policy("newaccountbucket").execute_test().command_is_successful()313#Setting Deny in Policy for bucket Owner314AwsTest("Aws can put policy on bucket").put_bucket_policy("newaccountbucket",deny_policy_for_iam_user).execute_test().command_is_successful()315os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key316os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key317#Switching back to newaccount and checkig if owner can perform GET,PUT and DELETE policy though Deny in Policy318AwsTest("IAM user can get policy on bucket").get_bucket_policy("newaccountbucket").execute_test().command_is_successful()319AwsTest("IAM user can delete policy on bucket").delete_bucket_policy("newaccountbucket").execute_test().command_is_successful()320AwsTest("Aws can put policy on bucket").put_bucket_policy("newaccountbucket",policy_access_only_to_owner).execute_test().command_is_successful()321#As per permissions provided in above new policy , iam users will not be able to execute any operations322os.environ["AWS_ACCESS_KEY_ID"] = accesskey_response_elements['AccessKeyId']323os.environ["AWS_SECRET_ACCESS_KEY"] = accesskey_response_elements['SecretAccessKey']324325AwsTest("IAM users restricted get policy on bucket").get_bucket_policy("newaccountbucket").execute_test(negative_case=True).command_should_fail()326AwsTest("IAM user restricted delete policy on bucket").delete_bucket_policy("newaccountbucket").execute_test(negative_case=True).command_should_fail()327AwsTest("Aws can put policy on bucket").put_bucket_policy("newaccountbucket",policy_access_only_to_owner).execute_test(negative_case=True).command_should_fail()328329os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key330os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key331332AwsTest('Aws can delete bucket').delete_bucket("newaccountbucket").execute_test().command_is_successful()333test_msg = 'Delete access key'334result = AuthTest(test_msg).delete_access_key(**user_access_key_args).execute_test()335result.command_response_should_have("Access key deleted.")336result = AuthTest(test_msg).delete_user(**account_args).execute_test()337result.command_response_should_have("User deleted.")338339340############# Deny in Policy but Allow in ACL ###############341342AwsTest('Aws can create bucket').create_bucket("auth-bucket").execute_test().command_is_successful()343344AwsTest('Aws can upload file').put_object_with_permission_headers("auth-bucket", "samplefile", "grant-read-acp" , "id=C12345" ).execute_test().command_is_successful()345346AwsTest("Aws can put policy on bucket").put_bucket_policy("auth-bucket",policy_authorization).execute_test().command_is_successful()347348349del os.environ["AWS_ACCESS_KEY_ID"]350del os.environ["AWS_SECRET_ACCESS_KEY"]351352AwsTest('Aws can get object acl').get_object_acl("auth-bucket", "samplefile").execute_test(negative_case=True).command_should_fail().command_error_should_have("AccessDenied")353################## Allow in Policy and No permission in ACL #################354os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key355os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key356357policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'allow_policy_nopermission_acl.txt')358policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)359360AwsTest("Aws can put policy on bucket").put_bucket_policy("auth-bucket",policy_authorization).execute_test().command_is_successful()361362del os.environ["AWS_ACCESS_KEY_ID"]363del os.environ["AWS_SECRET_ACCESS_KEY"]364365AwsTest('Aws can upload file').put_object_with_permission_headers("auth-bucket", "samplefile2", "grant-read-acp" , "id=C12345" ).execute_test().command_is_successful()366367########################### No permission in policy and no permission in acl ###########368os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key369os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key370371policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'nopermission_policy_nopermission_acl.txt')372policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)373374AwsTest("Aws can put policy on bucket").put_bucket_policy("auth-bucket",policy_authorization).execute_test().command_is_successful()375376del os.environ["AWS_ACCESS_KEY_ID"]377del os.environ["AWS_SECRET_ACCESS_KEY"]378379AwsTest('Unauthorized account can not get object').get_object("auth-bucket", "samplefile")\380.execute_test(negative_case=True).command_should_fail().command_error_should_have("AccessDenied")381382############################ Allow-Deny policy and no permission in acl ###################383os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key384os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key385386policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'allow_and_deny_policy_nopermission_acl.txt')387policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)388389AwsTest("Aws can put policy on bucket").put_bucket_policy("auth-bucket",policy_authorization).execute_test().command_is_successful()390391del os.environ["AWS_ACCESS_KEY_ID"]392del os.environ["AWS_SECRET_ACCESS_KEY"]393394AwsTest('Aws can upload file').put_object_with_permission_headers("auth-bucket", "samplefile2", "grant-read-acp" , "id=C12345" ).execute_test(negative_case=True).command_should_fail().command_error_should_have("AccessDenied")395396############################ nopermission in policy and allow in acl ###################397398AwsTest('Aws can get object acl').get_object_acl("auth-bucket", "samplefile").execute_test().command_is_successful()399400401############################ policy authorization with condition StringEquals #####################402policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_StringEquals_authorize.json')403policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)404# put object testObject405AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\406.execute_test().command_is_successful()407# put bucket policy on every Principal for 'put object' with condition StringEquals to 'bucket_owner_read'408AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()409# Owner account is able to put object410AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\411.execute_test().command_is_successful()412# seocndary account can put object with canned acl bucket_owner_read413os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key414os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key415AwsTest('Aws can create object with \'bucket-owner-read\' canned acl input')\416.put_object("seagate", "testObject", canned_acl="bucket-owner-read").execute_test().command_is_successful()417# seocndary account can not put object without canned acl bucket_owner_read418AwsTest('AWS can put object to seagate bucket').put_object("seagate", "testObject")\419.execute_test(negative_case=True).command_should_fail().command_error_should_have("AccessDenied")420del os.environ["AWS_ACCESS_KEY_ID"]421del os.environ["AWS_SECRET_ACCESS_KEY"]422423############################ policy authorization with condition StringEqualsIgnoreCase #####################424policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_StringEqualsIgnoreCase_authorize.json')425policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)426# put object testObject427AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\428.execute_test().command_is_successful()429# put bucket policy on every Principal for 'put object' with condition StringEqualsIgnoreCase to 'Bucket_owner_read' (B capital)430AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()431# Owner account is able to put object432AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\433.execute_test().command_is_successful()434# seocndary account can put object with canned acl bucket_owner_read435os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key436os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key437AwsTest('Aws can create object with \'bucket-owner-read\' canned acl input')\438.put_object("seagate", "testObject", canned_acl="bucket-owner-read").execute_test().command_is_successful()439# seocndary account can not put object without canned acl bucket_owner_read440AwsTest('AWS can put object to seagate bucket').put_object("seagate", "testObject")\441.execute_test(negative_case=True).command_should_fail().command_error_should_have("AccessDenied")442del os.environ["AWS_ACCESS_KEY_ID"]443del os.environ["AWS_SECRET_ACCESS_KEY"]444445############################ policy authorization with condition StringNotEquals #####################446policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_StringNotEquals_authorize.json')447policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)448# put object testObject449AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\450.execute_test().command_is_successful()451# put bucket policy on every Principal for 'put object' with condition StringNotEquals to 'bucket_owner_read'452AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()453# Owner account is able to put object454AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\455.execute_test().command_is_successful()456# seocndary account can put object with any canned acl except bucket_owner_read457os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key458os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key459AwsTest('Aws can create object with \'bucket-owner-full-control\' canned acl input')\460.put_object("seagate", "testObject", canned_acl="bucket-owner-full-control").execute_test().command_is_successful()461# seocndary account can not put object with canned acl bucket_owner_read462AwsTest('Aws can create object with \'bucket-owner-read\' canned acl input')\463.put_object("seagate", "testObject", canned_acl="bucket-owner-read").execute_test(negative_case=True)\464.command_should_fail().command_error_should_have("AccessDenied")465del os.environ["AWS_ACCESS_KEY_ID"]466del os.environ["AWS_SECRET_ACCESS_KEY"]467468############################ policy authorization with condition StringNotEqualsIgnoreCase #####################469policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_StringNotEqualsIgnoreCase_authorize.json')470policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)471# put object testObject472AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\473.execute_test().command_is_successful()474# put bucket policy on every Principal for 'put object' with condition StringNotEqualsIgnoreCase to 'Bucket_owner_read' (B capital)475AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()476# Owner account is able to put object477AwsTest('AWS can put object to seagate bucket').put_object("seagate", "testObject")\478.execute_test().command_is_successful()479# seocndary account can not put object with canned acl bucket_owner_read480os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key481os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key482AwsTest('Aws can create object with \'bucket-owner-read\' canned acl input')\483.put_object("seagate", "testObject", canned_acl="bucket-owner-read").execute_test(negative_case=True)\484.command_should_fail().command_error_should_have("AccessDenied")485# seocndary account can put object with any canned acl except bucket-owner-read (case insensitive)486AwsTest('AWS can put object to seagate bucket').put_object("seagate", "testObject")\487.execute_test().command_is_successful()488del os.environ["AWS_ACCESS_KEY_ID"]489del os.environ["AWS_SECRET_ACCESS_KEY"]490491############################ policy authorization with condition StringLike #####################492policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_StringLike_authorize.json')493policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)494# put object testObject495AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\496.execute_test().command_is_successful()497# put bucket policy on every Principal for 'put object' with condition StringLike to 'bucket_*'498AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()499# Owner account is able to put object500AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\501.execute_test().command_is_successful()502# seocndary account can put object with canned acl bucket_owner_read503os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key504os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key505AwsTest('Aws can create object with \'bucket-owner-read\' canned acl input')\506.put_object("seagate", "testObject", canned_acl="bucket-owner-read").execute_test().command_is_successful()507# seocndary account can not put object without canned acl bucket_owner_read508AwsTest('AWS can put object to seagate bucket').put_object("seagate", "testObject")\509.execute_test(negative_case=True).command_should_fail().command_error_should_have("AccessDenied")510del os.environ["AWS_ACCESS_KEY_ID"]511del os.environ["AWS_SECRET_ACCESS_KEY"]512513############################ policy authorization with condition StringEqualsIfExists #####################514policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_StringEqualsIfExists_authorize.json')515policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)516# put object testObject517AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\518.execute_test().command_is_successful()519# put bucket policy on every Principal for 'put object' with condition StringEqualsIfExists to 'bucket_owner_read'520AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()521# Owner account is able to put object522AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\523.execute_test().command_is_successful()524# seocndary account can not put object with canned acl other than bucket_owner_read, if exists525os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key526os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key527AwsTest('Aws can create object with \'bucket-owner-full-control\' canned acl input')\528.put_object("seagate", "testObject", canned_acl="bucket-owner-full-control")\529.execute_test(negative_case=True).command_should_fail().command_error_should_have("AccessDenied")530# seocndary account can put object if no canned acl exists531AwsTest('AWS can put object to seagate bucket').put_object("seagate", "testObject")\532.execute_test().command_is_successful()533del os.environ["AWS_ACCESS_KEY_ID"]534del os.environ["AWS_SECRET_ACCESS_KEY"]535536############################ policy authorization with condition NumericEquals #####################537policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_NumericEquals_authorize.json')538policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)539# put object testObject540AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\541.execute_test().command_is_successful()542# list objects543AwsTest('Bucket Owner can list objects of seagate bucket').list_objects("seagate")\544.execute_test().command_is_successful()545# put bucket policy on every Principal for 'ListBucket' with condition NumericEquals to 'max-keys=2'546AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()547# list objects by owner after policy application548AwsTest('Bucket Owner can list objects of seagate bucket').list_objects("seagate")\549.execute_test().command_is_successful()550# seocndary account can list objects with query param max-keys 2551os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key552os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key553AwsTest('Aws can list objects')\554.list_objects("seagate", max_keys="2").execute_test().command_is_successful()555# seocndary account can not list objects with query param max-keys other than 2556os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key557os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key558AwsTest('Aws can not list objects').list_objects("seagate", max_keys="3").execute_test(negative_case=True)\559.command_should_fail().command_error_should_have("AccessDenied")560# seocndary account can not list objects without max key condition561AwsTest('AWS can not list objects').list_objects("seagate")\562.execute_test(negative_case=True).command_should_fail().command_error_should_have("AccessDenied")563del os.environ["AWS_ACCESS_KEY_ID"]564del os.environ["AWS_SECRET_ACCESS_KEY"]565566############################ policy authorization with condition NumericNotEquals #####################567policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_NumericNotEquals_authorize.json')568policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)569# put object testObject570AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\571.execute_test().command_is_successful()572# list objects573AwsTest('Bucket Owner can list objects of seagate bucket').list_objects("seagate")\574.execute_test().command_is_successful()575# put bucket policy on every Principal for 'ListBucket' with condition NumericNotEquals to 'max-keys=2'576AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()577# list objects by owner after policy application578AwsTest('Bucket Owner can list objects of seagate bucket').list_objects("seagate")\579.execute_test().command_is_successful()580# seocndary account can list objects with query param max-keys other than 2581os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key582os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key583AwsTest('Aws can list objects')\584.list_objects("seagate", max_keys="3").execute_test().command_is_successful()585# seocndary account can not list objects with query param max-keys 2586os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key587os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key588AwsTest('Aws can not list objects').list_objects("seagate", max_keys="2").execute_test(negative_case=True)\589.command_should_fail().command_error_should_have("AccessDenied")590# seocndary account can list objects without max key condition591AwsTest('AWS can not list objects').list_objects("seagate").execute_test().command_is_successful()592del os.environ["AWS_ACCESS_KEY_ID"]593del os.environ["AWS_SECRET_ACCESS_KEY"]594595############################ policy authorization with condition NumericLessThan #####################596policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_NumericLessThan_authorize.json')597policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)598# put object testObject599AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\600.execute_test().command_is_successful()601# list objects602AwsTest('Bucket Owner can list objects of seagate bucket').list_objects("seagate")\603.execute_test().command_is_successful()604# put bucket policy on every Principal for 'ListBucket' with condition NumericLessThan to 'max-keys=2'605AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()606# list objects by owner after policy application607AwsTest('Bucket Owner can list objects of seagate bucket').list_objects("seagate")\608.execute_test().command_is_successful()609# seocndary account can list objects with query param max-keys 1610os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key611os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key612AwsTest('Aws can list objects')\613.list_objects("seagate", max_keys="1").execute_test().command_is_successful()614# seocndary account can not list objects with query param max-keys greater than or equals to 2615os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key616os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key617AwsTest('Aws can not list objects').list_objects("seagate", max_keys="3").execute_test(negative_case=True)\618.command_should_fail().command_error_should_have("AccessDenied")619AwsTest('Aws can not list objects').list_objects("seagate", max_keys="2").execute_test(negative_case=True)\620.command_should_fail().command_error_should_have("AccessDenied")621# seocndary account can not list objects without max key condition622AwsTest('AWS can not list objects').list_objects("seagate")\623.execute_test(negative_case=True).command_should_fail().command_error_should_have("AccessDenied")624del os.environ["AWS_ACCESS_KEY_ID"]625del os.environ["AWS_SECRET_ACCESS_KEY"]626627############################ policy authorization with condition NumericLessThanEquals #####################628policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_NumericLessThanEquals_authorize.json')629policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)630# put object testObject631AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\632.execute_test().command_is_successful()633# list objects634AwsTest('Bucket Owner can list objects of seagate bucket').list_objects("seagate")\635.execute_test().command_is_successful()636# put bucket policy on every Principal for 'ListBucket' with condition NumericLessThanEquals to 'max-keys=2'637AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()638# list objects by owner after policy application639AwsTest('Bucket Owner can list objects of seagate bucket').list_objects("seagate")\640.execute_test().command_is_successful()641# seocndary account can list objects with query param max-keys less than or equals to 2642os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key643os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key644AwsTest('Aws can list objects')\645.list_objects("seagate", max_keys="1").execute_test().command_is_successful()646AwsTest('Aws can list objects')\647.list_objects("seagate", max_keys="2").execute_test().command_is_successful()648# seocndary account can not list objects with query param max-keys greater than 2649os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key650os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key651AwsTest('Aws can list objects').list_objects("seagate", max_keys="3").execute_test(negative_case=True)\652.command_should_fail().command_error_should_have("AccessDenied")653# seocndary account can not list objects without max key condition654AwsTest('AWS can not list objects').list_objects("seagate")\655.execute_test(negative_case=True).command_should_fail().command_error_should_have("AccessDenied")656del os.environ["AWS_ACCESS_KEY_ID"]657del os.environ["AWS_SECRET_ACCESS_KEY"]658659############################ policy authorization with condition NumericGreaterThan #####################660policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_NumericGreaterThan_authorize.json')661policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)662# put object testObject663AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\664.execute_test().command_is_successful()665# list objects666AwsTest('Bucket Owner can list objects of seagate bucket').list_objects("seagate")\667.execute_test().command_is_successful()668# put bucket policy on every Principal for 'ListBucket' with condition NumericGreaterThan to 'max-keys=2'669AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()670# list objects by owner after policy application671AwsTest('Bucket Owner can list objects of seagate bucket').list_objects("seagate")\672.execute_test().command_is_successful()673# seocndary account can list objects with query param max-keys greater than 2674os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key675os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key676AwsTest('Aws can list objects')\677.list_objects("seagate", max_keys="3").execute_test().command_is_successful()678# seocndary account can not list objects with query param max-keys less than or equals to 2679os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key680os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key681AwsTest('Aws can not list objects').list_objects("seagate", max_keys="1").execute_test(negative_case=True)\682.command_should_fail().command_error_should_have("AccessDenied")683AwsTest('Aws can not list objects').list_objects("seagate", max_keys="2").execute_test(negative_case=True)\684.command_should_fail().command_error_should_have("AccessDenied")685# seocndary account can not list objects without max key condition686AwsTest('AWS can not list objects').list_objects("seagate")\687.execute_test(negative_case=True).command_should_fail().command_error_should_have("AccessDenied")688del os.environ["AWS_ACCESS_KEY_ID"]689del os.environ["AWS_SECRET_ACCESS_KEY"]690691############################ policy authorization with condition NumericGreaterThanEquals #####################692policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_NumericGreaterThanEquals_authorize.json')693policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)694# put object testObject695AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\696.execute_test().command_is_successful()697# list objects698AwsTest('Bucket Owner can list objects of seagate bucket').list_objects("seagate")\699.execute_test().command_is_successful()700# put bucket policy on every Principal for 'ListBucket' with condition NumericGreaterThanEquals to 'max-keys=2'701AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()702# list objects by owner after policy application703AwsTest('Bucket Owner can list objects of seagate bucket').list_objects("seagate")\704.execute_test().command_is_successful()705# seocndary account can list objects with query param max-keys greater than or equals to 2706os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key707os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key708AwsTest('Aws can list objects')\709.list_objects("seagate", max_keys="3").execute_test().command_is_successful()710AwsTest('Aws can list objects')\711.list_objects("seagate", max_keys="2").execute_test().command_is_successful()712# seocndary account can not list objects with query param max-keys less than 2713os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key714os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key715AwsTest('Aws can list objects').list_objects("seagate", max_keys="1").execute_test(negative_case=True)\716.command_should_fail().command_error_should_have("AccessDenied")717# seocndary account can not list objects without max key condition718AwsTest('AWS can not list objects').list_objects("seagate")\719.execute_test(negative_case=True).command_should_fail().command_error_should_have("AccessDenied")720del os.environ["AWS_ACCESS_KEY_ID"]721del os.environ["AWS_SECRET_ACCESS_KEY"]722723############################ policy authorization with condition NumericEqualsIfExists #####################724policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_NumericEqualsIfExists_authorize.json')725policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)726# put object testObject727AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\728.execute_test().command_is_successful()729# list objects730AwsTest('Bucket Owner can list objects of seagate bucket').list_objects("seagate")\731.execute_test().command_is_successful()732# put bucket policy on every Principal for 'ListBucket' with condition NumericEqualsIfExists to 'max-keys=2'733AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()734# list objects by owner after policy application735AwsTest('Bucket Owner can list objects of seagate bucket').list_objects("seagate")\736.execute_test().command_is_successful()737# seocndary account can list objects with query param max-keys 2738os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key739os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key740AwsTest('Aws can list objects')\741.list_objects("seagate", max_keys="2").execute_test().command_is_successful()742# seocndary account can not list objects with query param max-keys other than 2743os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key744os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key745AwsTest('Aws can not list objects').list_objects("seagate", max_keys="3").execute_test(negative_case=True)\746.command_should_fail().command_error_should_have("AccessDenied")747# seocndary account can list objects without max key condition748AwsTest('AWS can list objects').list_objects("seagate").execute_test().command_is_successful()749del os.environ["AWS_ACCESS_KEY_ID"]750del os.environ["AWS_SECRET_ACCESS_KEY"]751752############################ policy authorization with condition type - Null: true #####################753policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_Null_true_authorize.json')754policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)755# put object testObject756AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\757.execute_test().command_is_successful()758# put bucket policy on every Principal for 'put object' with condition Null to 's3:x-amz-acl': true759AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()760# Owner account is able to put object761AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\762.execute_test().command_is_successful()763# seocndary account can not put object with canned acl input764os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key765os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key766AwsTest('Aws can create object with \'bucket-owner-read\' canned acl input')\767.put_object("seagate", "testObject", canned_acl="bucket-owner-read")\768.execute_test(negative_case=True).command_should_fail().command_error_should_have("AccessDenied")769# seocndary account can put object without canned acl input770AwsTest('AWS can put object to seagate bucket').put_object("seagate", "testObject")\771.execute_test().command_is_successful()772del os.environ["AWS_ACCESS_KEY_ID"]773del os.environ["AWS_SECRET_ACCESS_KEY"]774775############################ policy authorization with condition type - Null: false #####################776policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_Null_false_authorize.json')777policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)778# put object testObject779AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\780.execute_test().command_is_successful()781# put bucket policy on every Principal for 'put object' with condition Null to 's3:x-amz-acl': false782AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()783# Owner account is able to put object784AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\785.execute_test().command_is_successful()786# seocndary account can put object with canned acl input787os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key788os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key789AwsTest('Aws can create object with \'bucket-owner-read\' canned acl input')\790.put_object("seagate", "testObject", canned_acl="bucket-owner-read")\791.execute_test().command_is_successful()792# seocndary account can not put object without canned acl input793AwsTest('AWS can put object to seagate bucket').put_object("seagate", "testObject")\794.execute_test(negative_case=True).command_should_fail().command_error_should_have("AccessDenied")795del os.environ["AWS_ACCESS_KEY_ID"]796del os.environ["AWS_SECRET_ACCESS_KEY"]797798############################ policy authorization with condition DateNotEquals #####################799800policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_DateNotEquals_authorize_success.json')801policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)802# put bucket policy on every Principal for 'PutObject' with condition DateNotEquals to '"aws:CurrentTime": "2020-01-01T00:00:00Z"'803AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()804# put object testObject805AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\806.execute_test().command_is_successful()807808os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key809os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key810811# put object testObject by secondary account812AwsTest('Secondary account can put object to seagate bucket').put_object("seagate", "testObject")\813.execute_test().command_is_successful()814815del os.environ["AWS_ACCESS_KEY_ID"]816del os.environ["AWS_SECRET_ACCESS_KEY"]817818819############################ policy authorization with condition DateEquals_fail #####################820policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_DateEquals_authorize_fail.json')821policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)822# put bucket policy on every Principal for 'PutObject' with condition DateEquals to '"aws:CurrentTime": "2020-01-01T00:00:00Z"'823AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()824825# put object testObject826AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\827.execute_test().command_is_successful()828829os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key830os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key831832# put object testObject by secondary account833AwsTest('Secondary account cannot put object to seagate bucket').put_object("seagate", "testObject")\834.execute_test(negative_case=True).command_should_fail().command_error_should_have("AccessDenied")835836del os.environ["AWS_ACCESS_KEY_ID"]837del os.environ["AWS_SECRET_ACCESS_KEY"]838839840############################ policy authorization with condition DateNotEqualsIfExists #####################841policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_DateNotEqualsIfExists_authorize_success.json')842policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)843# put bucket policy on every Principal for 'PutObject' with condition DateNotEqualsIfExists to '"aws:CurrentTime": "2020-01-01T00:00:00Z"'844AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()845846# put object testObject847AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\848.execute_test().command_is_successful()849850os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key851os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key852853# put object testObject by secondary account854AwsTest('Secondary account cannot put object to seagate bucket').put_object("seagate", "testObject")\855.execute_test().command_is_successful()856857del os.environ["AWS_ACCESS_KEY_ID"]858del os.environ["AWS_SECRET_ACCESS_KEY"]859860861############################ policy authorization with condition DateEquals_InvalidValue_fail #####################862policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_DateEquals_invalidValue_authorize_fail.json')863policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)864# put bucket policy on every Principal for 'PutObject' with condition DateEquals to '"aws:CurrentTime": ""'865AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()866867# put object testObject868AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\869.execute_test().command_is_successful()870871os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key872os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key873874# put object testObject by secondary account875AwsTest('Secondary account cannot put object to seagate bucket').put_object("seagate", "testObject")\876.execute_test(negative_case=True).command_should_fail().command_error_should_have("AccessDenied")877878del os.environ["AWS_ACCESS_KEY_ID"]879del os.environ["AWS_SECRET_ACCESS_KEY"]880881############################ policy authorization with condition DateGreaterThan #####################882policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_DateGreaterThan_authorize_success.json')883policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)884# put bucket policy on every Principal for 'PutObject' with condition DateGreaterThan to '"aws:CurrentTime": "2020-01-01T00:00:00Z"'885AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()886887# put object testObject888AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\889.execute_test().command_is_successful()890891os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key892os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key893894# put object testObject by secondary account895AwsTest('Secondary account cannot put object to seagate bucket').put_object("seagate", "testObject")\896.execute_test().command_is_successful()897898del os.environ["AWS_ACCESS_KEY_ID"]899del os.environ["AWS_SECRET_ACCESS_KEY"]900901############################ policy authorization with condition DateGreaterThanEquals #####################902policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_DateGreaterThanEquals_authorize_success.json')903policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)904# put bucket policy on every Principal for 'PutObject' with condition DateGreaterThanEquals to '"aws:CurrentTime": "2020-01-01T00:00:00Z"'905AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()906907# put object testObject908AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\909.execute_test().command_is_successful()910911os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key912os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key913914# put object testObject by secondary account915AwsTest('Secondary account cannot put object to seagate bucket').put_object("seagate", "testObject")\916.execute_test().command_is_successful()917918del os.environ["AWS_ACCESS_KEY_ID"]919del os.environ["AWS_SECRET_ACCESS_KEY"]920921922############################ policy authorization with condition DateLessThan success #####################923policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_DateLessThan_success.json')924policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)925# put bucket policy on every Principal for 'PutObject' with condition DateLessThan to '"aws:CurrentTime": "2199-06-30T00:00:00Z"'926AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()927928# put object testObject929AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\930.execute_test().command_is_successful()931932os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key933os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key934935# put object testObject by secondary account936AwsTest('Secondary account cannot put object to seagate bucket').put_object("seagate", "testObject")\937.execute_test().command_is_successful()938939del os.environ["AWS_ACCESS_KEY_ID"]940del os.environ["AWS_SECRET_ACCESS_KEY"]941942943############################ policy authorization with condition DateLessThan fail #####################944policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_DateLessThan_fail.json')945policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)946# put bucket policy on every Principal for 'PutObject' with condition DateLessThan to '"aws:CurrentTime": "2000-06-30T00:00:00Z"'947AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()948949# put object testObject950AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\951.execute_test().command_is_successful()952953os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key954os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key955956# put object testObject by secondary account should fail957AwsTest('Secondary account cannot put object to seagate bucket').put_object("seagate", "testObject")\958.execute_test(negative_case=True).command_should_fail().command_error_should_have("AccessDenied")959960del os.environ["AWS_ACCESS_KEY_ID"]961del os.environ["AWS_SECRET_ACCESS_KEY"]962963964############################ policy authorization with condition DateLessThanEquals success #####################965policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_DateLessThanEquals_success.json')966policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)967# put bucket policy on every Principal for 'PutObject' with condition DateLessThan to '"aws:CurrentTime": "2199-06-30T00:00:00Z"'968AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()969970# put object testObject971AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\972.execute_test().command_is_successful()973974os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key975os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key976977# put object testObject by secondary account978AwsTest('Secondary account cannot put object to seagate bucket').put_object("seagate", "testObject")\979.execute_test().command_is_successful()980981del os.environ["AWS_ACCESS_KEY_ID"]982del os.environ["AWS_SECRET_ACCESS_KEY"]983984985############################ policy authorization with condition DateLessThanEquals success #####################986policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_DateLessThanEquals_success.json')987policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)988# put bucket policy on every Principal for 'PutObject' with condition DateLessThan to '"aws:CurrentTime": "2199-06-30T00:00:00Z"'989AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()990991# put object testObject992AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\993.execute_test().command_is_successful()994995os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key996os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key997998# put object testObject by secondary account999AwsTest('Secondary account cannot put object to seagate bucket').put_object("seagate", "testObject")\1000.execute_test().command_is_successful()10011002del os.environ["AWS_ACCESS_KEY_ID"]1003del os.environ["AWS_SECRET_ACCESS_KEY"]10041005############################ policy authorization with condition DateLessThanEquals success YYYY-MM-DD #####################1006policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_DateLessThanEquals_authorize_yyyymmdd_success.json')1007policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)1008# put bucket policy on every Principal for 'PutObject' with condition DateLessThan to '"aws:CurrentTime": "2199-06-30"'1009AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()10101011# put object testObject1012AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\1013.execute_test().command_is_successful()10141015os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key1016os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key10171018# put object testObject by secondary account1019AwsTest('Secondary account cannot put object to seagate bucket').put_object("seagate", "testObject")\1020.execute_test().command_is_successful()10211022del os.environ["AWS_ACCESS_KEY_ID"]1023del os.environ["AWS_SECRET_ACCESS_KEY"]10241025############################ policy authorization with condition DateLessThanEquals success YYYY-MM-DDThh:mmZ #####################1026policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_DateLessThanEquals_authorize_hhmm_success.json')1027policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)1028# put bucket policy on every Principal for 'PutObject' with condition DateLessThan to '"aws:CurrentTime": "2199-06-30T00:00Z"'1029AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()10301031# put object testObject1032AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\1033.execute_test().command_is_successful()10341035os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key1036os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key10371038# put object testObject by secondary account1039AwsTest('Secondary account cannot put object to seagate bucket').put_object("seagate", "testObject")\1040.execute_test().command_is_successful()10411042del os.environ["AWS_ACCESS_KEY_ID"]1043del os.environ["AWS_SECRET_ACCESS_KEY"]10441045############################ policy authorization with condition DateLessThanEquals success YYYY-MM-DDThh:mm:ss.ssZ #####################1046policy_authorization_relative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_condition_DateLessThanEquals_authorize_hhmmss.ss_success.json')1047policy_authorization = "file://" + os.path.abspath(policy_authorization_relative)1048# put bucket policy on every Principal for 'PutObject' with condition DateLessThan to '"aws:CurrentTime": "2199-06-30T10:02:30.45Z"'1049AwsTest("Aws can put policy on bucket").put_bucket_policy("seagate", policy_authorization).execute_test().command_is_successful()10501051# put object testObject1052AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\1053.execute_test().command_is_successful()10541055os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key1056os.environ["AWS_SECRET_ACCESS_KEY"] = secondary_secret_key10571058# put object testObject by secondary account1059AwsTest('Secondary account cannot put object to seagate bucket').put_object("seagate", "testObject")\1060.execute_test().command_is_successful()10611062del os.environ["AWS_ACCESS_KEY_ID"]1063del os.environ["AWS_SECRET_ACCESS_KEY"]10641065##################################### policy validation for AllUsers through CURL ##########################10661067policy_put_bucket_allusers = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_put_bucket_with_all_users_permission.txt')1068policy_put_bucket_allusers = "file://" + os.path.abspath(policy_put_bucket_allusers)1069AwsTest("Put Bucket Policy with valid Principal in policy json").put_bucket_policy("seagate", policy_put_bucket_allusers).execute_test().command_is_successful()10701071# put object testObject1072AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\1073.execute_test().command_is_successful()10741075cmd = "curl -s -X GET -H \"Accept: application/json\" -H \"Content-Type: application/json\" https://s3.seagate.com/seagate/testObject --cacert /etc/ssl/stx-s3-clients/s3/ca.crt"1076AwsTest('Accessible For allusers').execute_curl(cmd).execute_test().command_is_successful()10771078##################################### policy validation for AllUsers through CURL negative test ##########################10791080policy_put_bucket_allusers_negative = os.path.join(os.path.dirname(__file__), 'policy_files', 'policy_put_bucket_with_all_users_permission_negative.txt')1081policy_put_bucket_allusers_negative = "file://" + os.path.abspath(policy_put_bucket_allusers_negative)1082AwsTest("Put Bucket Policy with valid Principal in policy json").put_bucket_policy("seagate", policy_put_bucket_allusers_negative).execute_test().command_is_successful()10831084# put object testObject1085AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject")\1086.execute_test().command_is_successful()10871088AwsTest('Bucket Owner can put object to seagate bucket').put_object("seagate", "testObject2")\1089.execute_test().command_is_successful()10901091cmd = "curl -s -X GET -H \"Accept: application/json\" -H \"Content-Type: application/json\" https://s3.seagate.com/seagate/testObject --cacert /etc/ssl/stx-s3-clients/s3/ca.crt"1092AwsTest('Denied For AllUsers').execute_curl(cmd).\1093execute_test().command_is_successful().command_response_should_have("AccessDenied")1094################## clean up #####################10951096os.environ["AWS_ACCESS_KEY_ID"] = secondary_access_key ...

Full Screen

Full Screen

put_bucket_policy.py

Source:put_bucket_policy.py Github

copy

Full Screen

...21 }]22 }23 bucket_policy = json.dumps(bucket_policy)24 try:25 response = self.client.put_bucket_policy(Bucket=bucket_name, Policy=bucket_policy)26 print(json.dumps(response, sort_keys=True, indent=4, separators=(',', ':')))27 except ClientError as e:28 logging.error(e)29 return False30 return response31if __name__ == '__main__':32 url = "http://172.16.68.100:7480"33 # url = "http://10.255.20.121:7480"34 conn = CONNECTION(url)...

Full Screen

Full Screen

Automation Testing Tutorials

Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.

LambdaTest Learning Hubs:

YouTube

You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.

Run localstack automation tests on LambdaTest cloud grid

Perform automation testing on 3000+ real desktop and mobile devices online.

Try LambdaTest Now !!

Get 100 minutes of automation test minutes FREE!!

Next-Gen App & Browser Testing Cloud

Was this article helpful?

Helpful

NotHelpful