in tools/infrasys/src/s3.rs [287:365]
fn populated_bucket_policy() {
let mut policy: serde_json::Value = serde_json::from_str(
r#"{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::test-bucket-name/test-prefix/*",
"Condition": {
"StringEquals": {
"aws:sourceVpce": "testvpc123"
}
}
}
]
}"#,
)
.unwrap();
let new_bucket_policy = serde_json::from_str(&format!(
r#"{{
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::{}{}/*",
"Condition": {{
"StringEquals": {{
"aws:sourceVpce": "{}"
}}
}}
}}"#,
"test-bucket-name".to_string(),
"/test-prefix".to_string(),
"testvpc123".to_string()
))
.unwrap();
policy
.get_mut("Statement")
.unwrap()
.as_array_mut()
.unwrap()
.push(new_bucket_policy);
let expected_policy: serde_json::Value = serde_json::from_str(
r#"{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::test-bucket-name/test-prefix/*",
"Condition": {
"StringEquals": {
"aws:sourceVpce": "testvpc123"
}
}
},
{
"Effect": "Deny",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::test-bucket-name/test-prefix/*",
"Condition": {
"StringEquals": {
"aws:sourceVpce": "testvpc123"
}
}
}
]
}"#,
)
.unwrap();
assert_json_include!(expected: expected_policy, actual: &policy);
}