• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License").
5  * You may not use this file except in compliance with the License.
6  * A copy of the License is located at
7  *
8  *  http://aws.amazon.com/apache2.0
9  *
10  * or in the "license" file accompanying this file. This file is distributed
11  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12  * express or implied. See the License for the specific language governing
13  * permissions and limitations under the License.
14  */
15 package software.amazon.awssdk.services.s3control;
16 
17 import static org.assertj.core.api.Assertions.assertThat;
18 import static org.assertj.core.api.Fail.fail;
19 import static org.junit.Assert.assertNotNull;
20 import static org.junit.Assert.assertTrue;
21 
22 import org.junit.After;
23 import org.junit.Before;
24 import org.junit.Test;
25 import software.amazon.awssdk.core.interceptor.Context;
26 import software.amazon.awssdk.core.interceptor.ExecutionAttributes;
27 import software.amazon.awssdk.core.interceptor.ExecutionInterceptor;
28 import software.amazon.awssdk.http.SdkHttpFullRequest;
29 import software.amazon.awssdk.services.s3control.model.DeletePublicAccessBlockRequest;
30 import software.amazon.awssdk.services.s3control.model.GetPublicAccessBlockResponse;
31 import software.amazon.awssdk.services.s3control.model.NoSuchPublicAccessBlockConfigurationException;
32 import software.amazon.awssdk.services.s3control.model.PutPublicAccessBlockResponse;
33 import software.amazon.awssdk.services.s3control.model.S3ControlException;
34 import software.amazon.awssdk.services.sts.StsClient;
35 import software.amazon.awssdk.testutils.service.AwsIntegrationTestBase;
36 
37 public class S3ControlIntegrationTest extends AwsIntegrationTestBase {
38 
39     private String accountId;
40 
41     private static final String INVALID_ACCOUNT_ID = "1";
42 
43     private S3ControlClient client;
44 
45     @Before
setup()46     public void setup() {
47         StsClient sts = StsClient.create();
48         accountId = sts.getCallerIdentity().account();
49         client = S3ControlClient.builder()
50                                 .overrideConfiguration(o -> o.addExecutionInterceptor(new AssertPayloadIsSignedExecutionInterceptor()))
51                                 .build();
52     }
53 
54     @After
tearDown()55     public void tearDown() {
56         try {
57             client.deletePublicAccessBlock(DeletePublicAccessBlockRequest.builder().accountId(accountId).build());
58         } catch (Exception ignore) {
59 
60         }
61     }
62 
63     @Test
putGetAndDeletePublicAccessBlock_ValidAccount()64     public void putGetAndDeletePublicAccessBlock_ValidAccount() throws InterruptedException {
65         PutPublicAccessBlockResponse result =
66             client.putPublicAccessBlock(r -> r.accountId(accountId)
67                                               .publicAccessBlockConfiguration(r2 -> r2.blockPublicAcls(true)
68                                                                                       .ignorePublicAcls(true)));
69         assertNotNull(result);
70 
71         // Wait a bit for the put to take affect
72         Thread.sleep(5000);
73 
74         GetPublicAccessBlockResponse config = client.getPublicAccessBlock(r -> r.accountId(accountId));
75         assertTrue(config.publicAccessBlockConfiguration().blockPublicAcls());
76         assertTrue(config.publicAccessBlockConfiguration().ignorePublicAcls());
77 
78         assertNotNull(client.deletePublicAccessBlock(r -> r.accountId(accountId)));
79     }
80 
81     @Test
putPublicAccessBlock_NoSuchAccount()82     public void putPublicAccessBlock_NoSuchAccount() {
83         try {
84             assertNotNull(client.putPublicAccessBlock(r -> r.accountId(INVALID_ACCOUNT_ID)
85                                                             .publicAccessBlockConfiguration(r2 -> r2.restrictPublicBuckets(true))));
86             fail("Expected exception");
87         } catch (S3ControlException e) {
88             assertThat(e.awsErrorDetails().errorCode()).isEqualTo("AccessDenied");
89             assertNotNull(e.requestId());
90         }
91     }
92 
93     @Test
getPublicAccessBlock_NoSuchAccount()94     public void getPublicAccessBlock_NoSuchAccount() {
95         try {
96             client.getPublicAccessBlock(r -> r.accountId(INVALID_ACCOUNT_ID));
97             fail("Expected exception");
98         } catch (S3ControlException e) {
99             assertThat(e.awsErrorDetails().errorCode()).isEqualTo("AccessDenied");
100             assertNotNull(e.requestId());
101         }
102     }
103 
104     @Test
getPublicAccessBlock_NoSuchPublicAccessBlock()105     public void getPublicAccessBlock_NoSuchPublicAccessBlock() {
106         try {
107             client.getPublicAccessBlock(r -> r.accountId(accountId));
108             fail("Expected exception");
109         } catch (S3ControlException e) {
110             assertThat(e.awsErrorDetails().errorCode()).isEqualTo("NoSuchPublicAccessBlockConfiguration");
111             assertThat(e).isInstanceOf(NoSuchPublicAccessBlockConfigurationException.class);
112             assertNotNull(e.requestId());
113         }
114     }
115 
116     @Test
listJobs_InvalidRequest()117     public void listJobs_InvalidRequest() {
118         try {
119             client.listJobs(r -> r.accountId(accountId).jobStatusesWithStrings("test"));
120             fail("Expected exception");
121         } catch (S3ControlException e) {
122             assertThat(e.awsErrorDetails().errorCode()).isEqualTo("InvalidRequest");
123             assertNotNull(e.requestId());
124         }
125     }
126 
127     @Test
describeJob_InvalidRequest()128     public void describeJob_InvalidRequest() {
129         try {
130             client.describeJob(r -> r.accountId(accountId).jobId("someid"));
131             fail("Expected exception");
132         } catch (S3ControlException e) {
133             assertThat(e.awsErrorDetails().errorCode()).isEqualTo("InvalidRequest");
134             assertNotNull(e.requestId());
135         }
136     }
137 
138     @Test
deletePublicAccessBlock_NoSuchAccount()139     public void deletePublicAccessBlock_NoSuchAccount() {
140         try {
141             client.deletePublicAccessBlock(r -> r.accountId(INVALID_ACCOUNT_ID));
142             fail("Expected exception");
143         } catch (S3ControlException e) {
144             assertThat(e.awsErrorDetails().errorCode()).isEqualTo("AccessDenied");
145             assertNotNull(e.requestId());
146         }
147     }
148 
149     /**
150      * Request handler to assert that payload signing is enabled.
151      */
152     private static final class AssertPayloadIsSignedExecutionInterceptor implements ExecutionInterceptor {
153         @Override
afterTransmission(Context.AfterTransmission context, ExecutionAttributes executionAttributes)154         public void afterTransmission(Context.AfterTransmission context, ExecutionAttributes executionAttributes) {
155             SdkHttpFullRequest request = (SdkHttpFullRequest) context.httpRequest();
156             assertThat(context.httpRequest().headers().get("x-amz-content-sha256").get(0)).doesNotContain("UNSIGNED-PAYLOAD");
157         }
158     }
159 
160 }