BucketPolicy: donot allow NotPrincipal with Allow Effect

Ref. https://github.com/ceph/ceph/pull/58686

Signed-off-by: Seena Fallah <seenafallah@gmail.com>

diff --git a/s3tests_boto3/functional/test_s3.py b/s3tests_boto3/functional/test_s3.py
index 98b3cddb461ce79058fcbefd7e9a4357e1fcdf96..ebdd6c403aa81624e58a0fa391367f01114b1cd1 100644 (file)
--- a/s3tests_boto3/functional/test_s3.py
+++ b/s3tests_boto3/functional/test_s3.py
@@ -12793,13 +12793,10 @@ def test_get_nonpublicpolicy_acl_bucket_policy_status():
     assert resp['PolicyStatus']['IsPublic'] == False
 
 
-def test_get_nonpublicpolicy_deny_bucket_policy_status():
+def test_bucket_policy_allow_notprincipal():
     bucket_name = get_new_bucket()
     client = get_client()
 
-    resp = client.get_bucket_policy_status(Bucket=bucket_name)
-    assert resp['PolicyStatus']['IsPublic'] == False
-
     resource1 = "arn:aws:s3:::" + bucket_name
     resource2 = "arn:aws:s3:::" + bucket_name + "/*"
     policy_document = json.dumps(
@@ -12816,9 +12813,12 @@ def test_get_nonpublicpolicy_deny_bucket_policy_status():
         }]
      })
 
-    client.put_bucket_policy(Bucket=bucket_name, Policy=policy_document)
-    resp = client.get_bucket_policy_status(Bucket=bucket_name)
-    assert resp['PolicyStatus']['IsPublic'] == True
+    e = assert_raises(ClientError,
+                      client.put_bucket_policy, Bucket=bucket_name, Policy=policy_document)
+    status, error_code = _get_status_and_error_code(e.response)
+    assert status == 400
+    assert error_code == 'InvalidArgument' or error_code == 'MalformedPolicy'
+
 
 def test_get_undefined_public_block():
     bucket_name = get_new_bucket()