Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

s3tests_boto3/functional/test_sts.py: clean up, fix pep warnings #586

Open
wants to merge 42 commits into
base: master
Choose a base branch
from
Open

s3tests_boto3/functional/test_sts.py: clean up, fix pep warnings #586

Changes from 1 commit
Commits
Show all changes
42 commits
Select commit Hold shift + click to select a range
ae2b416
s3tests_boto3/functional/test_sts.py: remove unused imports
rkhudov Sep 6, 2024
37aee0a
s3tests_boto3/functional/test_sts.py: create_role add whitespaces, fi…
rkhudov Sep 6, 2024
b6ab34d
s3tests_boto3/functional/test_sts.py: put_role_policy add whitespaces…
rkhudov Sep 6, 2024
2bf6880
s3tests_boto3/functional/test_sts.py: put_user_policy add whitespaces…
rkhudov Sep 6, 2024
eb09c4c
s3tests_boto3/functional/test_sts.py: get_s3_client_using_iam_creds a…
rkhudov Sep 6, 2024
613d888
s3tests_boto3/functional/test_sts.py: create_oidc_provider add whites…
rkhudov Sep 6, 2024
3cc629b
s3tests_boto3/functional/test_sts.py: get_s3_resource_using_iam_creds…
rkhudov Sep 6, 2024
31d8baa
s3tests_boto3/functional/test_sts.py: test_get_session_token add whit…
rkhudov Sep 6, 2024
fdb8b43
s3tests_boto3/functional/test_sts.py: test_get_session_token_permanen…
rkhudov Sep 6, 2024
a37a419
s3tests_boto3/functional/test_sts.py: test_assume_role_allow add whit…
rkhudov Sep 6, 2024
9c2126d
s3tests_boto3/functional/test_sts.py: test_assume_role_deny add white…
rkhudov Sep 6, 2024
a9cdc2b
s3tests_boto3/functional/test_sts.py: test_assume_role_creds_expiry a…
rkhudov Sep 6, 2024
9a6462b
s3tests_boto3/functional/test_sts.py: test_assume_role_deny_head_none…
rkhudov Sep 6, 2024
d58da9f
s3tests_boto3/functional/test_sts.py: test_assume_role_allow_head_non…
rkhudov Sep 6, 2024
c4d8795
s3tests_boto3/functional/test_sts.py: test_assume_role_with_web_ident…
rkhudov Sep 6, 2024
0bfb77d
s3tests_boto3/functional/test_sts.py: test_session_policy_check_on_di…
rkhudov Sep 6, 2024
5eb8fc8
s3tests_boto3/functional/test_sts.py: test_session_policy_check_on_sa…
rkhudov Sep 6, 2024
17d56a8
s3tests_boto3/functional/test_sts.py: test_session_policy_check_put_o…
rkhudov Sep 6, 2024
3c9a60b
s3tests_boto3/functional/test_sts.py: test_swapping_role_policy_and_s…
rkhudov Sep 6, 2024
6ab8cae
s3tests_boto3/functional/test_sts.py: test_session_policy_check_diffe…
rkhudov Sep 6, 2024
5e44960
s3tests_boto3/functional/test_sts.py: test_session_policy_check_with_…
rkhudov Sep 6, 2024
4799c91
s3tests_boto3/functional/test_sts.py: test_session_policy_check_with_…
rkhudov Sep 6, 2024
340214f
s3tests_boto3/functional/test_sts.py: test_session_policy_bucket_poli…
rkhudov Sep 6, 2024
4118b47
s3tests_boto3/functional/test_sts.py: test_session_policy_bucket_poli…
rkhudov Sep 6, 2024
f9d64df
s3tests_boto3/functional/test_sts.py: test_session_policy_copy_object…
rkhudov Sep 6, 2024
9d95a6e
s3tests_boto3/functional/test_sts.py: test_session_policy_no_bucket_r…
rkhudov Sep 6, 2024
30b976e
s3tests_boto3/functional/test_sts.py: test_session_policy_bucket_poli…
rkhudov Sep 6, 2024
7113f52
s3tests_boto3/functional/test_sts.py: test_assume_role_with_web_ident…
rkhudov Sep 8, 2024
9282f30
s3tests_boto3/functional/test_sts.py: test_assume_role_with_web_ident…
rkhudov Sep 8, 2024
84bc1ae
s3tests_boto3/functional/test_sts.py: test_assume_role_with_web_ident…
rkhudov Sep 8, 2024
e34cdf6
s3tests_boto3/functional/test_sts.py: test_assume_role_with_web_ident…
rkhudov Sep 8, 2024
8658d04
s3tests_boto3/functional/test_sts.py: test_assume_role_with_web_ident…
rkhudov Sep 8, 2024
9392283
s3tests_boto3/functional/test_sts.py: test_assume_role_with_web_ident…
rkhudov Sep 8, 2024
e667b58
s3tests_boto3/functional/test_sts.py: test_assume_role_with_web_ident…
rkhudov Sep 9, 2024
70ec15c
s3tests_boto3/functional/test_sts.py: test_assume_role_with_web_ident…
rkhudov Sep 9, 2024
86b5d3b
s3tests_boto3/functional/test_sts.py: test_assume_role_with_web_ident…
rkhudov Sep 9, 2024
c4b989f
s3tests_boto3/functional/test_sts.py: test_assume_role_with_web_ident…
rkhudov Sep 9, 2024
da3e0c1
s3tests_boto3/functional/test_sts.py: test_assume_role_with_web_ident…
rkhudov Sep 9, 2024
c5b4477
s3tests_boto3/functional/test_sts.py: test_assume_role_with_web_ident…
rkhudov Sep 9, 2024
d94bd93
s3tests_boto3/functional/test_sts.py: test_assume_role_with_web_ident…
rkhudov Sep 9, 2024
0db9bdc
s3tests_boto3/functional/test_sts.py: test_assume_role_with_web_ident…
rkhudov Sep 9, 2024
575a0ff
s3tests_boto3/functional/test_sts.py: fix pep missing warnings
rkhudov Sep 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
s3tests_boto3/functional/test_sts.py: test_session_policy_no_bucket_r… 
…ole_policy add whitespaces, use correct ident level, remove unusued variables

Signed-off-by: Rostyslav Khudov <[email protected]>
  • Loading branch information
@rkhudov
rkhudov committed Sep 9, 2024
commit 9d95a6e73be8c7cd550052efbf575b134679a5e9
58 changes: 36 additions & 22 deletions s3tests_boto3/functional/test_sts.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1463,23 +1463,31 @@ def test_session_policy_copy_object():
@pytest.mark.fails_on_dbstore
def test_session_policy_no_bucket_role_policy():
check_webidentity()
iam_client=get_iam_client()
sts_client=get_sts_client()
default_endpoint=get_config_endpoint()
role_session_name=get_parameter_name()
thumbprint=get_thumbprint()
aud=get_aud()
token=get_token()
realm=get_realm_name()
iam_client = get_iam_client()
sts_client = get_sts_client()
default_endpoint = get_config_endpoint()
role_session_name = get_parameter_name()
thumbprint = get_thumbprint()
aud = get_aud()
token = get_token()
realm = get_realm_name()

url = 'https://localhost:8080/auth/realms/{}'.format(realm)
thumbprintlist = [thumbprint]
(oidc_arn,oidc_error) = create_oidc_provider(iam_client, url, None, thumbprintlist)
oidc_arn, oidc_error = create_oidc_provider(iam_client, url, None, thumbprintlist)
if oidc_error is not None:
raise RuntimeError('Unable to create/get openid connect provider {}'.format(oidc_error))

policy_document = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Federated\":[\""+oidc_arn+"\"]},\"Action\":[\"sts:AssumeRoleWithWebIdentity\"],\"Condition\":{\"StringEquals\":{\"localhost:8080/auth/realms/"+realm+":app_id\":\""+aud+"\"}}}]}"
(role_error,role_response,general_role_name)=create_role(iam_client,'/',None,policy_document,None,None,None)
role_error, role_response, general_role_name = create_role(
iam_client,
'/',
None,
policy_document,
None,
None,
None,
)
assert role_response['Role']['Arn'] == 'arn:aws:iam:::role/'+general_role_name+''

s3client_iamcreds = get_s3_client_using_iam_creds()
Expand All @@ -1489,26 +1497,32 @@ def test_session_policy_no_bucket_role_policy():

session_policy = "{\"Version\":\"2012-10-17\",\"Statement\":{\"Effect\":\"Allow\",\"Action\":[\"s3:PutObject\",\"s3:GetObject\"],\"Resource\":[\"arn:aws:s3:::test1\",\"arn:aws:s3:::test1/*\"]}}"

resp=sts_client.assume_role_with_web_identity(RoleArn=role_response['Role']['Arn'],RoleSessionName=role_session_name,WebIdentityToken=token,Policy=session_policy)
resp = sts_client.assume_role_with_web_identity(
RoleArn=role_response['Role']['Arn'],
RoleSessionName=role_session_name,
WebIdentityToken=token,
Policy=session_policy,
)
assert resp['ResponseMetadata']['HTTPStatusCode'] == 200

s3_client = boto3.client('s3',
aws_access_key_id = resp['Credentials']['AccessKeyId'],
aws_secret_access_key = resp['Credentials']['SecretAccessKey'],
aws_session_token = resp['Credentials']['SessionToken'],
endpoint_url=default_endpoint,
region_name='',
)
s3_client = boto3.client(
's3',
aws_access_key_id = resp['Credentials']['AccessKeyId'],
aws_secret_access_key = resp['Credentials']['SecretAccessKey'],
aws_session_token = resp['Credentials']['SessionToken'],
endpoint_url=default_endpoint,
region_name='',
)
bucket_body = 'this is a test file'
s3putobj_error = 'AccessGranted'
try:
s3_put_obj = s3_client.put_object(Body=bucket_body, Bucket=bucket_name_1, Key="test-1.txt")
s3_client.put_object(Body=bucket_body, Bucket=bucket_name_1, Key="test-1.txt")
except ClientError as e:
s3putobj_error = e.response.get("Error", {}).get("Code")
assert s3putobj_error == 'AccessDenied'

oidc_remove=iam_client.delete_open_id_connect_provider(
OpenIDConnectProviderArn=oidc_arn
)
iam_client.delete_open_id_connect_provider(OpenIDConnectProviderArn=oidc_arn)


@pytest.mark.webidentity_test
@pytest.mark.session_policy
Expand Down