Esempi in Python per s3_buckets

Linguaggio di programmazione: Python

Spazio dei nomi/nome del pacchetto: aws.s3.resources

Metodo/funzione: s3_buckets

Esempi su hotexamples.com: 7

s3_buckets in Python: 7 esempi trovati. Questi sono i migliori esempi reali in Python per aws.s3.resources.s3_buckets, estratti da progetti open source. Li puoi valutare, per aiutarci a migliorare la qualità dei nostri esempi.

Esempio n. 1

Mostra file

File: test_s3_bucket_web_hosting_disabled.py Progetto: hwine/frost

import pytest

from aws.s3.helpers import get_s3_resource_id
from aws.s3.resources import s3_buckets, s3_buckets_website


@pytest.mark.s3
@pytest.mark.parametrize(
    ["s3_bucket", "s3_bucket_website"],
    zip(s3_buckets(), s3_buckets_website()),
    ids=get_s3_resource_id,
)
def test_s3_bucket_web_hosting_disabled(s3_bucket, s3_bucket_website):
    """
    Disable hosting static site in the S3 bucket.
    """
    assert not s3_bucket_website["IndexDocument"]
    assert not s3_bucket_website["ErrorDocument"]
    assert not s3_bucket_website["RedirectAllRequestsTo"]

Esempio n. 2

Mostra file

File: test_s3_bucket_logging_enabled.py Progetto: hwine/frost

import pytest

from aws.s3.helpers import get_s3_resource_id
from aws.s3.resources import s3_buckets, s3_buckets_logging


@pytest.mark.s3
@pytest.mark.parametrize(
    ["s3_bucket", "s3_bucket_logging_enabled"],
    zip(s3_buckets(), s3_buckets_logging()),
    ids=get_s3_resource_id,
)
def test_s3_bucket_logging_enabled(s3_bucket, s3_bucket_logging_enabled):
    """
    Enable access logs for S3 buckets.
    """
    assert s3_bucket_logging_enabled, "Logging not enabled for {0[Name]}".format(
        s3_bucket)

Esempio n. 3

Mostra file

import pytest

from aws.s3.helpers import get_s3_bucket_name_only
from aws.s3.resources import s3_buckets, s3_buckets_cors_rules


@pytest.mark.s3
@pytest.mark.parametrize(
    ["s3_bucket", "s3_bucket_cors_rules"],
    zip(s3_buckets(), s3_buckets_cors_rules()),
    ids=get_s3_bucket_name_only,
)
def test_s3_bucket_cors_disabled(s3_bucket, s3_bucket_cors_rules):
    """
    Disable sharing S3 bucket contents cross origin with CORS headers.

    http://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html
    """
    assert s3_bucket_cors_rules is None, "CORS enabled for {0[Name]}".format(
        s3_bucket)

Esempio n. 4

Mostra file

File: test_s3_bucket_versioning_enabled.py Progetto: lucyjosef/pytest-services

import pytest

from aws.s3.resources import (
    s3_buckets,
    s3_buckets_versioning,
)


@pytest.mark.s3
@pytest.mark.parametrize(['s3_bucket', 's3_bucket_versioning'],
                         zip(s3_buckets(), s3_buckets_versioning()),
                         ids=lambda bucket: bucket['Name'])
def test_s3_bucket_versioning_enabled(s3_bucket, s3_bucket_versioning):
    """
    Enable restoring every version of every object in the S3 bucket to easily recover data.

    http://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html
    """
    assert s3_bucket_versioning.get('Status', None) == 'Enabled'

Esempio n. 5

Mostra file

import pytest

from aws.s3.helpers import get_s3_resource_id
from aws.s3.resources import s3_buckets, s3_bucket_lifecycle_configuration


@pytest.mark.s3
@pytest.mark.parametrize(
    ["s3_bucket", "lifecycle_configuration"],
    zip(s3_buckets(), s3_bucket_lifecycle_configuration()),
    ids=get_s3_resource_id,
)
def test_s3_bucket_has_life_cycle_policy(s3_bucket, lifecycle_configuration):
    """
    Check a bucket has a life cycle policy.
    """
    assert (None not in lifecycle_configuration
            ), f"{s3_bucket['Name']} has no life cycle policy."

Esempio n. 6

Mostra file

File: test_s3_bucket_does_not_grant_all_principals_all_actions.py Progetto: Mozilla-GitHub-Standards/cc72edb6177ecc74df05ed860574f81844d3dc409aae8c41c10cefe46a97e520

import json

import pytest

from aws.s3.resources import s3_buckets, s3_buckets_policy

STAR_ACTIONS = ["*", "s3:*", "s3:delete*", "s3:put*", "s3:get*", "s3:list*"]


@pytest.mark.s3
@pytest.mark.parametrize(
    ["s3_bucket", "s3_bucket_policy"],
    zip(s3_buckets(), s3_buckets_policy()),
    ids=lambda bucket: bucket["Name"],
)
def test_s3_bucket_does_not_grant_all_principals_all_actions(
        s3_bucket, s3_bucket_policy):
    """
    Check policy does not allow all principals all actions on the S3 Bucket.

    Mitigations:

    * limit actions instead of using * or S3:* http://docs.aws.amazon.com/AmazonS3/latest/dev/using-with-s3-actions.html
    * limit principals to specific IAMs
      http://docs.aws.amazon.com/AmazonS3/latest/dev/s3-bucket-user-policy-specifying-principal-intro.html
    * add conditions http://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html
    """
    if not s3_bucket_policy:
        pytest.skip(
            "Bucket has no policy, which means it defaults to private.")
        # https://docs.aws.amazon.com/config/latest/developerguide/s3-bucket-policy.html

Esempio n. 7

Mostra file

from aws.s3.resources import s3_buckets, s3_buckets_acls


AWS_PREDEFINED_GROUPS = [
    # allow any AWS account to access the resource with a signed/authed request
    "http://acs.amazonaws.com/groups/global/AuthenticatedUsers",
    # allows anyone in the world access to the resource
    "http://acs.amazonaws.com/groups/global/AllUsers",
]


@pytest.mark.s3
@pytest.mark.parametrize(
    ["s3_bucket", "s3_bucket_acl"],
    zip(s3_buckets(), s3_buckets_acls()),
    ids=lambda bucket: bucket["Name"],
)
def test_s3_bucket_no_world_acl(s3_bucket, s3_bucket_acl):
    """
    Check S3 bucket does not allow global predefined AWS groups access.

    http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
    """
    for grant in s3_bucket_acl["Grants"]:
        grantee = grant["Grantee"]
        if "URI" not in grantee:
            pytest.skip("S3 Bucket ACL does not use URI.")

        grantee_uri = grantee["URI"]
        assert not any(grantee_uri.startswith(group) for group in AWS_PREDEFINED_GROUPS)