From 0d323c776dc3c96677cb9b4de4923a6cc2544422 Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Wed, 12 Jul 2023 14:45:55 +0100 Subject: [PATCH] Ensure public bucket policies are allowed before trying to write one (#18) --- buckup/bucket_creator.py | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/buckup/bucket_creator.py b/buckup/bucket_creator.py index d36e226..8b7f15c 100644 --- a/buckup/bucket_creator.py +++ b/buckup/bucket_creator.py @@ -99,6 +99,19 @@ def set_bucket_policy(self, bucket, user, allow_public_acls, public_get_object_p policy_statement = [] public_access = bool(public_get_object_paths) + # NB: This API doesn't exist on a `Bucket` + self.s3_client.put_public_access_block( + Bucket=bucket.name, + PublicAccessBlockConfiguration={ + "BlockPublicAcls": not allow_public_acls, + "IgnorePublicAcls": not allow_public_acls, + "BlockPublicPolicy": not public_access, + "RestrictPublicBuckets": not public_access + } + ) + if public_access or allow_public_acls: + print('Configured public access to bucket.') + if public_access: policy_statement.append( self.get_bucket_policy_statement_for_get_object( @@ -126,20 +139,6 @@ def set_bucket_policy(self, bucket, user, allow_public_acls, public_get_object_p break print('Bucket policy set.') - # NB: This API doesn't exist on a `Bucket` - self.s3_client.put_public_access_block( - Bucket=bucket.name, - PublicAccessBlockConfiguration={ - "BlockPublicAcls": not allow_public_acls, - "IgnorePublicAcls": not allow_public_acls, - "BlockPublicPolicy": not public_access, - "RestrictPublicBuckets": not public_access - } - ) - - if public_access or allow_public_acls: - print('Configured public access to bucket.') - def create_bucket(self, name, region): """ Create bucket of name in the given region.