def test_check_external_policy_one(self):
'''
Test UploadCredentials _check_external_policy one statement in file
'''
from os import remove
expected_bucket_names = ['test-bucket-one']
upload_creds = UploadCredentials(
self._test_bucket,
self._test_key,
self._test_name,
self._test_profile_name,
)
for s3_transfer_allow, s3_transfer_buckets in [
(True, CREDS_DATA_PATH + '/' + 'external_bucket_list_one'),
]:
upload_creds._check_external_policy(
s3_transfer_allow=s3_transfer_allow,
s3_transfer_buckets=s3_transfer_buckets)
remove(s3_transfer_buckets + '.json')
expected_resources = {
's3:GetObject':
['arn:aws:s3:::%s/*' % item for item in expected_bucket_names],
's3:GetObjectAcl':
['arn:aws:s3:::%s/*' % item for item in expected_bucket_names],
}
result_statements = upload_creds._external_policy['Statement']
self.assertEqual(len(result_statements),
len(EXTERNAL_BUCKET_STATEMENTS))
for result_statement in result_statements:
resources = result_statement['Resource']
self.assertTrue(isinstance(resources, list))
self.assertEqual(len(resources), 1)
self.assertListEqual(
expected_resources[result_statement['Action']],
result_statement['Resource'])
def test_check_external_policy_many(self):
'''
Test UploadCredentials _check_external_policy many statements in file
'''
import os
expected_bucket_names = [
'test-bucket-one',
'test-bucket-two',
'test-bucket-three',
]
upload_creds = UploadCredentials(
self._test_bucket,
self._test_key,
self._test_name,
self._test_profile_name,
)
for s3_transfer_allow, s3_transfer_buckets in [
(True, CREDS_DATA_PATH + '/' + 'external_bucket_list_many'),
]:
upload_creds._check_external_policy(
s3_transfer_allow=s3_transfer_allow,
s3_transfer_buckets=s3_transfer_buckets
)
os.remove(s3_transfer_buckets + '.json')
expected_resources = {
's3:GetObject': [
'arn:aws:s3:::%s/*' % item for item in expected_bucket_names
],
's3:GetObjectAcl': [
'arn:aws:s3:::%s/*' % item for item in expected_bucket_names
],
}
result_statements = upload_creds._external_policy['Statement']
self.assertEqual(len(result_statements), len(EXTERNAL_BUCKET_STATEMENTS))
for result_statement in result_statements:
resources = result_statement['Resource']
self.assertTrue(isinstance(resources, list))
self.assertEqual(len(resources), 3)
self.assertListEqual(
expected_resources[result_statement['Action']],
result_statement['Resource']
)
def test_check_external_policy_zero(self):
'''
Test UploadCredentials _check_external_policy no statements in file
'''
upload_creds = UploadCredentials(
self._test_bucket,
self._test_key,
self._test_name,
self._test_profile_name,
)
for s3_transfer_allow, s3_transfer_buckets in [
(False, None),
(True, None),
(False, 'some-path'),
(True, 'bad-path'),
(True, CREDS_DATA_PATH + '/' + 'external_bucket_list_empty'),
]:
upload_creds._check_external_policy(
s3_transfer_allow=s3_transfer_allow,
s3_transfer_buckets=s3_transfer_buckets)
self.assertDictEqual(upload_creds._external_policy, {})
def test_check_external_policy_zero(self):
'''
Test UploadCredentials _check_external_policy no statements in file
'''
upload_creds = UploadCredentials(
self._test_bucket,
self._test_key,
self._test_name,
self._test_profile_name,
)
for s3_transfer_allow, s3_transfer_buckets in [
(False, None),
(True, None),
(False, 'some-path'),
(True, 'bad-path'),
(True, CREDS_DATA_PATH + '/' + 'external_bucket_list_empty'),
]:
upload_creds._check_external_policy(
s3_transfer_allow=s3_transfer_allow,
s3_transfer_buckets=s3_transfer_buckets
)
self.assertDictEqual(upload_creds._external_policy, {})