def test_revoke_group_bucket_access(iam, group, resources): bucket_arn = 'arn:aws:s3:::test-bucket' path_arns = [f'{bucket_arn}{resource}' for resource in resources] aws.grant_group_bucket_access(group.arn, bucket_arn, 'readonly', path_arns) aws.revoke_group_bucket_access(group.arn, bucket_arn) group.reload() statements = get_statements_by_sid(group.default_version.document) assert 'readonly' not in statements assert 'readwrite' not in statements assert 'list' not in statements
def revoke_bucket_access(self, bucket_arn): aws.revoke_group_bucket_access(self.arn, bucket_arn)