def test_bucket_website_and_policies(self, mcg_obj, bucket_factory):
"""
Tests bucket website bucket policy actions
"""
# Creating a OBC (account)
obc = bucket_factory(amount=1, interface='OC')
obc_obj = OBC(obc[0].name)
# Admin sets policy with Put/Get bucket website actions
bucket_policy_generated = gen_bucket_policy(
user_list=obc_obj.obc_account,
actions_list=bucket_website_action_list,
resources_list=[
obc_obj.bucket_name, f'{obc_obj.bucket_name}/{"*"}'
],
effect="Allow")
bucket_policy = json.dumps(bucket_policy_generated)
logger.info(
f'Creating bucket policy on bucket: {obc_obj.bucket_name} with principal: {obc_obj.obc_account}'
)
assert put_bucket_policy(mcg_obj, obc_obj.bucket_name,
bucket_policy), "Failed: PutBucketPolicy"
# Getting Policy
logger.info(f'Getting bucket policy for bucket: {obc_obj.bucket_name}')
get_policy = get_bucket_policy(mcg_obj, obc_obj.bucket_name)
logger.info(f"Got bucket policy: {get_policy['Policy']}")
logger.info(f"Adding bucket website config to: {obc_obj.bucket_name}")
assert s3_put_bucket_website(
s3_obj=obc_obj,
bucketname=obc_obj.bucket_name,
website_config=website_config), "Failed: PutBucketWebsite"
logger.info(
f"Getting bucket website config from: {obc_obj.bucket_name}")
assert s3_get_bucket_website(
s3_obj=obc_obj,
bucketname=obc_obj.bucket_name), "Failed: GetBucketWebsite"
logger.info("Writing index and error data to the bucket")
assert s3_put_object(s3_obj=obc_obj,
bucketname=obc_obj.bucket_name,
object_key="index.html",
data=index,
content_type='text/html'), "Failed: PutObject"
assert s3_put_object(s3_obj=obc_obj,
bucketname=obc_obj.bucket_name,
object_key="error.html",
data=error,
content_type='text/html'), "Failed: PutObject"
# Verifying whether DeleteBucketWebsite action is denied access
logger.info(
f'Verifying whether user: {obc_obj.obc_account} is denied to DeleteBucketWebsite'
)
try:
s3_delete_bucket_website(s3_obj=obc_obj,
bucketname=obc_obj.bucket_name)
except boto3exception.ClientError as e:
logger.info(e.response)
response = HttpResponseParser(e.response)
if response.error['Code'] == 'AccessDenied':
logger.info('GetObject action has been denied access')
else:
raise UnexpectedBehaviour(
f"{e.response} received invalid error code {response.error['Code']}"
)
# Admin modifies policy to allow DeleteBucketWebsite action
bucket_policy_generated = gen_bucket_policy(
user_list=obc_obj.obc_account,
actions_list=['DeleteBucketWebsite'],
resources_list=[
obc_obj.bucket_name, f'{obc_obj.bucket_name}/{"*"}'
],
effect="Allow")
bucket_policy = json.dumps(bucket_policy_generated)
logger.info(
f'Creating bucket policy on bucket: {obc_obj.bucket_name} with principal: {obc_obj.obc_account}'
)
assert put_bucket_policy(mcg_obj, obc_obj.bucket_name,
bucket_policy), "Failed: PutBucketPolicy"
# Getting Policy
logger.info(f'Getting bucket policy for bucket: {obc_obj.bucket_name}')
get_policy = get_bucket_policy(mcg_obj, obc_obj.bucket_name)
logger.info(f"Got bucket policy: {get_policy['Policy']}")
logger.info(
f"Deleting bucket website config from bucket: {obc_obj.bucket_name}"
)
assert s3_delete_bucket_website(
s3_obj=obc_obj,
bucketname=obc_obj.bucket_name), "Failed: DeleteBucketWebsite"
def test_public_website(self, mcg_obj, bucket_factory):
"""
Tests public bucket website access
"""
# Creating a S3 bucket to host website
s3_bucket = bucket_factory(amount=1, interface="S3")
# Creating random S3 users
users = []
account1 = "noobaa-user1" + str(uuid.uuid4().hex)
account2 = "noobaa-user2" + str(uuid.uuid4().hex)
for account in account1, account2:
users.append(
NoobaaAccount(
mcg=mcg_obj,
name=account,
email=f"{account}@mail.com",
buckets=[s3_bucket[0].name],
)
)
logger.info(f"Adding bucket website config to: {s3_bucket[0].name}")
assert s3_put_bucket_website(
s3_obj=mcg_obj,
bucketname=s3_bucket[0].name,
website_config=website_config,
), "Failed: PutBucketWebsite"
logger.info(f"Getting bucket website config from: {s3_bucket[0].name}")
assert s3_get_bucket_website(
s3_obj=mcg_obj, bucketname=s3_bucket[0].name
), "Failed: GetBucketWebsite"
logger.info("Writing index and error data to the bucket")
assert s3_put_object(
s3_obj=mcg_obj,
bucketname=s3_bucket[0].name,
object_key="index.html",
data=index,
content_type="text/html",
), "Failed: PutObject"
assert s3_put_object(
s3_obj=mcg_obj,
bucketname=s3_bucket[0].name,
object_key="error.html",
data=error,
content_type="text/html",
), "Failed: PutObject"
# Setting Get(read) policy action for all users(public)
bucket_policy_generated = gen_bucket_policy(
sid="PublicRead",
user_list=["*"],
actions_list=["GetObject"],
resources_list=[f"{s3_bucket[0].name}/{'*'}"],
effect="Allow",
)
bucket_policy = json.dumps(bucket_policy_generated)
logger.info(
f"Creating bucket policy on bucket: {s3_bucket[0].name} with public access"
)
assert put_bucket_policy(
mcg_obj, s3_bucket[0].name, bucket_policy
), "Failed: PutBucketPolicy"
# Getting Policy
logger.info(f"Getting bucket policy for bucket: {s3_bucket[0].name}")
get_policy = get_bucket_policy(mcg_obj, s3_bucket[0].name)
logger.info(f"Bucket policy: {get_policy['Policy']}")
# Verifying GetObject by reading the index of the website by anonymous users
for user in users:
logger.info(
f"Getting object using user: {user.email_id} on bucket: {s3_bucket[0].name} "
)
assert s3_get_object(
user, s3_bucket[0].name, "index.html"
), f"Failed: Get Object by user {user.email_id}"