def test_revoke_group_bucket_access(iam, group, resources):
bucket_arn = 'arn:aws:s3:::test-bucket'
path_arns = [f'{bucket_arn}{resource}' for resource in resources]
aws.grant_group_bucket_access(group.arn, bucket_arn, 'readonly', path_arns)
aws.revoke_group_bucket_access(group.arn, bucket_arn)
group.reload()
statements = get_statements_by_sid(group.default_version.document)
assert 'readonly' not in statements
assert 'readwrite' not in statements
assert 'list' not in statements
def revoke_bucket_access(self, bucket_arn):
aws.revoke_group_bucket_access(self.arn, bucket_arn)