add test for block public policy

author Abhishek Lekshmanan <abhishek@suse.com>

Tue, 8 Oct 2019 13:22:19 +0000 (15:22 +0200)

committer Abhishek Lekshmanan <abhishek@suse.com>

Wed, 22 Jan 2020 16:03:21 +0000 (17:03 +0100)
author Abhishek Lekshmanan <abhishek@suse.com>
Tue, 8 Oct 2019 13:22:19 +0000 (15:22 +0200)
committer Abhishek Lekshmanan <abhishek@suse.com>
Wed, 22 Jan 2020 16:03:21 +0000 (17:03 +0100)
diff --git a/s3tests_boto3/functional/test_s3.py b/s3tests_boto3/functional/test_s3.py

index fef2fa59e91371d482ad122da4cf32feab9fb472..d619cbeeda87afe802d6fb2f3eb595c05682290f 100644 (file)
--- a/s3tests_boto3/functional/test_s3.py
+++ b/s3tests_boto3/functional/test_s3.py
@@ -12649,3 +12649,25 @@ def test_block_public_object_canned_acls():
      eq(status, 403)
  
  
+@attr(resource='bucket')
+@attr(method='put')
+@attr(operation='block public acls on canned acls')
+@attr(assertion='succeeds')
+@attr('policy_status')
+def test_block_public_policy():
+    bucket_name = get_new_bucket()
+    client = get_client()
+
+    access_conf = {'BlockPublicAcls': False,
+                   'IgnorePublicAcls': False,
+                   'BlockPublicPolicy': True,
+                   'RestrictPublicBuckets': False}
+
+    client.put_public_access_block(Bucket=bucket_name, PublicAccessBlockConfiguration=access_conf)
+    resource = _make_arn_resource("{}/{}".format(bucket_name, "*"))
+    policy_document = make_json_policy("s3:GetObject",
+                                       resource)
+
+    check_access_denied(client.put_bucket_policy, Bucket=bucket_name, Policy=policy_document)
+
+
author	Abhishek Lekshmanan <abhishek@suse.com>
	Tue, 8 Oct 2019 13:22:19 +0000 (15:22 +0200)
committer	Abhishek Lekshmanan <abhishek@suse.com>
	Wed, 22 Jan 2020 16:03:21 +0000 (17:03 +0100)