New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
S3: Implement cross-account access #8395
Conversation
contingent to Moto PR being merged
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! I've read the change in moto, and it's not only GetObject
, PutObject
and ListObjects
anymore, right, but it's effectively every single S3 operation that is now cross-account enabled?
This might actually fix #7084!
This is very cool, I'm not sure how ACL are enforced on the moto
side, but it should be okay. Awesome, thanks a lot for tackling this!
Bucket="foo", | ||
CreateBucketConfiguration={"LocationConstraint": SECONDARY_TEST_AWS_REGION_NAME}, | ||
) | ||
exc.match("BucketAlreadyExists") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: I've tested against AWS and its missing a dot at the end of the exception message. Shouldn't be so bad, but we know some IaC/SDK are very picky about this message. I guess we should fix it in moto?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, this should be fixed in Moto. I'll try to remember to sneak a fix for this in my next moto PR
It may, but this definitely needs further testing before we can claim so! |
This PR adds tests for cross-account support to S3 for following operations:
The actual implementation was done in Moto in below linked PRs. This also introduces a shared namespace for buckets.
Depends on:
cc: @dfangl