Project

General

Profile

Bug #21013

Updated by Abhishek Lekshmanan about 3 years ago

We seem to use GetObjectACL for both object and bucket acl and not support GetBucketACL

<pre>
import boto3
import json

from botocore.client import Config
if __name__ == "__main__":
s3 = boto3.client('s3','us-east-1', endpoint_url='http://localhost:8000',
aws_access_key_id = 'access1',
aws_secret_access_key = 'secret1',
# config = Config(signature_version='s3')
)

s3_2 = boto3.client('s3','us-east-1', endpoint_url='http://localhost:8000',
aws_access_key_id = 'access2',
aws_secret_access_key = 'secret2',
# config = Config(signature_version='s3')
)

bucket_name = 'policytest'
b = s3.create_bucket(Bucket = bucket_name)
bucket_policy = {
'Version': '2012-10-17',
'Statement': [{
'Sid': 'AddPerm',
'Effect': 'Allow',
'Principal': '*',
'Action': ['s3:GetBucketAcl'],
'Resource': "arn:aws:s3:::%s" % bucket_name,
}]
}

bucket_policy = json.dumps(bucket_policy)
s3.put_bucket_policy(Bucket=bucket_name, Policy=bucket_policy)
orig_bucket_acl = s3.get_bucket_acl(Bucket=bucket_name)
print ("original acl")
print (json.dumps(orig_bucket_acl, indent=2))
bucket_acl = s3_2.get_bucket_acl(Bucket=bucket_name)
print (json.dumps(bucket_acl, indent=2))

</pre>

This would error out currently and pass if we change the conditional to `s3:GetObjectACL` instead

Back