Skip to content

Commit e0e584e

Browse files
cbodleycbodley
committed
squash! sts: test get_object() before put_object() so there are no ACLs
1 parent ebf727c commit e0e584e

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

s3tests/functional/test_sts.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1135,15 +1135,15 @@ def test_session_policy_bucket_policy_session_arn():
11351135
"Statement": [{
11361136
"Effect": "Allow",
11371137
"Principal": {"AWS": "{}".format(rolesessionarn)},
1138-
"Action": ["s3:GetObject","s3:PutObject"],
1138+
"Action": ["s3:GetObject","s3:PutObject","s3:ListBucket"],
11391139
"Resource": [
11401140
"{}".format(resource1),
11411141
"{}".format(resource2)
11421142
]
11431143
}]
11441144
})
11451145
s3client_iamcreds.put_bucket_policy(Bucket=bucket_name_1, Policy=bucket_policy)
1146-
session_policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":[\"s3:PutObject\"],\"Resource\":[\"arn:aws:s3:::test1\",\"arn:aws:s3:::test1/*\"]}}"
1146+
session_policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":[\"s3:PutObject\",\"s3:ListBucket\"],\"Resource\":[\"arn:aws:s3:::test1\",\"arn:aws:s3:::test1/*\"]}}"
11471147

11481148
resp=sts_client.assume_role_with_web_identity(RoleArn=role_response['Role']['Arn'],RoleSessionName=role_session_name,WebIdentityToken=token,Policy=session_policy)
11491149
assert resp['ResponseMetadata']['HTTPStatusCode'] == 200

0 commit comments

Comments
 (0)