def gen_statement(entries):
''' Generates S3 bucket policy statments '''
statements = []
data = {}
for entry in entries:
(effect, action, user,
user_acct, path, condition) = split_parameter(entry)
statements.append(statement.make_statement(user_acct, user,
path, action,
effect, condition))
data['Statement'] = statements
return data
def test_jgp_make_statement():
''' Test make_statement in c3.utils.jgp.statement '''
statement = c3statement.make_statement(
'086441151436', 'root', 'cgm-cloudtrail/*',
's3:GetBucketAcl','Allow', 'empty')
assert statement == {
'Action': ['s3:GetBucketAcl'],
'Resource': ['arn:aws:s3:::cgm-cloudtrail/*'],
'Effect': 'Allow',
'Principal': {'AWS': ['arn:aws:iam::086441151436:root']}}
statement = c3statement.make_statement(
'086441151436','root',
'cgm-cloudtrail/AWSLogs/150620942615/*',
's3:PutObject','Allow',
'StringEquals,s3:x-amz-acl,bucket-owner-full-control')
assert statement == {
'Action': ['s3:PutObject'],
'Resource': ['arn:aws:s3:::cgm-cloudtrail/AWSLogs/150620942615/*'],
'Effect': 'Allow',
'Condition': {
'StringEquals': {'s3:x-amz-acl': 'bucket-owner-full-control'}},
'Principal': {'AWS': ['arn:aws:iam::086441151436:root']}}
