Ensure public bucket policies are allowed before trying to write one (#…

…18)
torchbox · Jul 12, 2023 · 0d323c7 · 0d323c7
1 parent efea390
commit 0d323c7
Showing 1 changed file with 13 additions and 14 deletions.
diff --git a/buckup/bucket_creator.py b/buckup/bucket_creator.py
@@ -99,6 +99,19 @@ def set_bucket_policy(self, bucket, user, allow_public_acls, public_get_object_p
         policy_statement = []
         public_access = bool(public_get_object_paths)
 
+        # NB: This API doesn't exist on a `Bucket`
+        self.s3_client.put_public_access_block(
+            Bucket=bucket.name,
+            PublicAccessBlockConfiguration={
+                "BlockPublicAcls": not allow_public_acls,
+                "IgnorePublicAcls": not allow_public_acls,
+                "BlockPublicPolicy": not public_access,
+                "RestrictPublicBuckets": not public_access
+            }
+        )
+        if public_access or allow_public_acls:
+            print('Configured public access to bucket.')
+
         if public_access:
             policy_statement.append(
                 self.get_bucket_policy_statement_for_get_object(
@@ -126,20 +139,6 @@ def set_bucket_policy(self, bucket, user, allow_public_acls, public_get_object_p
                 break
         print('Bucket policy set.')
 
-        # NB: This API doesn't exist on a `Bucket`
-        self.s3_client.put_public_access_block(
-            Bucket=bucket.name,
-            PublicAccessBlockConfiguration={
-                "BlockPublicAcls": not allow_public_acls,
-                "IgnorePublicAcls": not allow_public_acls,
-                "BlockPublicPolicy": not public_access,
-                "RestrictPublicBuckets": not public_access
-            }
-        )
-
-        if public_access or allow_public_acls:
-            print('Configured public access to bucket.')
-
     def create_bucket(self, name, region):
         """
         Create bucket of name in the given region.