def test_basic_bucket_policy_operations(self, mcg_obj, bucket_factory): """ Test Add, Modify, delete bucket policies """ # Creating obc and obc object to get account details, keys etc obc_name = bucket_factory(amount=1, interface='OC')[0].name obc_obj = OBC(mcg_obj, obc=obc_name) bucket_policy_generated = gen_bucket_policy( user_list=obc_obj.obc_account, actions_list=['GetObject'], resources_list=[obc_obj.bucket_name]) bucket_policy = json.dumps(bucket_policy_generated) # Add Bucket Policy logger.info(f'Creating bucket policy on bucket: {obc_obj.bucket_name}') put_policy = helpers.put_bucket_policy(mcg_obj, obc_obj.bucket_name, bucket_policy) if put_policy is not None: response = HttpResponseParser(put_policy) if response.status_code == 200: logger.info('Bucket policy has been created successfully') else: raise InvalidStatusCode( f"Invalid Status code: {response.status_code}") else: raise NoBucketPolicyResponse("Put policy response is none") # Get bucket policy logger.info(f'Getting Bucket policy on bucket: {obc_obj.bucket_name}') get_policy = helpers.get_bucket_policy(mcg_obj, obc_obj.bucket_name) logger.info(f"Got bucket policy: {get_policy['Policy']}") # Modifying bucket policy to take new policy logger.info('Modifying bucket policy') actions_list = ['ListBucket', 'CreateBucket'] actions = list(map(lambda action: "s3:%s" % action, actions_list)) modified_policy_generated = gen_bucket_policy( user_list=obc_obj.obc_account, actions_list=actions_list, resources_list=[obc_obj.bucket_name]) bucket_policy_modified = json.dumps(modified_policy_generated) put_modified_policy = helpers.put_bucket_policy( mcg_obj, obc_obj.bucket_name, bucket_policy_modified) if put_modified_policy is not None: response = HttpResponseParser(put_modified_policy) if response.status_code == 200: logger.info('Bucket policy has been modified successfully') else: raise InvalidStatusCode( f"Invalid Status code: {response.status_code}") else: raise NoBucketPolicyResponse( "Put modified policy response is none") # Get Modified Policy get_modified_policy = helpers.get_bucket_policy( mcg_obj, obc_obj.bucket_name) modified_policy = json.loads(get_modified_policy['Policy']) logger.info(f'Got modified bucket policy: {modified_policy}') actions_from_modified_policy = modified_policy['statement'][0][ 'action'] modified_actions = list(map(str, actions_from_modified_policy)) initial_actions = list(map(str.lower, actions)) logger.info(f'Actions from modified_policy: {modified_actions}') logger.info(f'User provided actions actions: {initial_actions}') if modified_actions == initial_actions: logger.info("Modified actions and initial actions are same") else: raise UnexpectedBehaviour( 'Modification Failed: Action lists are not identical') # Delete Policy logger.info( f'Delete bucket policy by admin on bucket: {obc_obj.bucket_name}') delete_policy = helpers.delete_bucket_policy(mcg_obj, obc_obj.bucket_name) logger.info(f'Delete policy response: {delete_policy}') if delete_policy is not None: response = HttpResponseParser(delete_policy) if response.status_code == 204: logger.info('Bucket policy is deleted successfully') else: raise InvalidStatusCode( f"Invalid Status code: {response.status_code}") else: raise NoBucketPolicyResponse("Delete policy response is none") # Confirming again by calling get_bucket_policy try: helpers.get_bucket_policy(mcg_obj, obc_obj.bucket_name) except boto3exception.ClientError as e: logger.info(e.response) response = HttpResponseParser(e.response) if response.error['Code'] == 'NoSuchBucketPolicy': logger.info('Bucket policy has been deleted successfully') else: raise UnexpectedBehaviour( f"{e.response} received invalid error code {response.error['Code']}" )
def test_bucket_policy_actions(self, mcg_obj, bucket_factory): """ Tests user access to Put, Get, Delete bucket policy actions """ # Creating obc and obc object to get account details, keys etc obc_name = bucket_factory(amount=1, interface='OC')[0].name obc_obj = OBC(mcg_obj, obc=obc_name) bucket_policy_generated = gen_bucket_policy( user_list=obc_obj.obc_account, actions_list=['PutBucketPolicy'], resources_list=[obc_obj.bucket_name]) bucket_policy = json.dumps(bucket_policy_generated) # Admin creates a policy on the user bucket, for Action: PutBucketPolicy logger.info( f'Creating policy by admin on bucket: {obc_obj.bucket_name}') put_policy = helpers.put_bucket_policy(mcg_obj, obc_obj.bucket_name, bucket_policy) logger.info(f'Put bucket policy response from admin: {put_policy}') # Verifying Put bucket policy by user by changing the actions to GetBucketPolicy & DeleteBucketPolicy user_generated_policy = gen_bucket_policy( user_list=obc_obj.obc_account, actions_list=['GetBucketPolicy', 'DeleteBucketPolicy'], resources_list=[obc_obj.bucket_name]) bucket_policy1 = json.dumps(user_generated_policy) logger.info( f'Changing bucket policy by User on bucket: {obc_obj.bucket_name}') put_policy_user = helpers.put_bucket_policy(obc_obj, obc_obj.bucket_name, bucket_policy1) logger.info(f'Put bucket policy response from user: {put_policy_user}') # Verifying whether user can get the bucket policy after modification get_policy = helpers.get_bucket_policy(obc_obj, obc_obj.bucket_name) logger.info(f"Got bucket policy: {get_policy['Policy']}") # Verifying whether user is not allowed Put the bucket policy after modification logger.info( f'Verifying whether user: {obc_obj.obc_account} is denied to put objects' ) try: helpers.put_bucket_policy(obc_obj, obc_obj.bucket_name, bucket_policy1) except boto3exception.ClientError as e: logger.info(e.response) response = HttpResponseParser(e.response) if response.error['Code'] == 'AccessDenied': logger.info( f'Put bucket policy has been denied access to the user: {obc_obj.obc_account}' ) else: raise UnexpectedBehaviour( f"{e.response} received invalid error code {response.error['Code']}" ) # Verifying whether user can Delete the bucket policy after modification logger.info(f'Deleting bucket policy on bucket: {obc_obj.bucket_name}') delete_policy = helpers.delete_bucket_policy(obc_obj, obc_obj.bucket_name) logger.info(f'Delete policy response: {delete_policy}')