Added a check when forbidden is returned from S3 bucket#282
Conversation
…sts in a S3 Bucket.
Codecov Report
@@ Coverage Diff @@
## main #282 +/- ##
===================================
- Coverage 85% 85% -1%
===================================
Files 75 75
Lines 2045 2047 +2
Branches 298 299 +1
===================================
- Hits 1744 1741 -3
- Misses 217 221 +4
- Partials 84 85 +1
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
|
Thanks for this. Is there any way we can test it? |
Yea! If the app is only using those permissions over the S3 bucket : I figured it didn't really need to list the content of the bucket. |
|
Ah, I meant in our unit tests. If not I'll just trust you. I have no way to test and little experience with S3. |
|
Ahh I'm sorry, I didn't think it was possible with the current setup. I have just validated it and I'm getting this error : If you want to test the PR, it would be outside the CI, with a real bucket. I can make you some terraform files for a repro env if you want, but you would need a working AWS Account. |
|
No worries. Looks like you've covered everything. Unfortunately the test strategy for AWS isn't fully comprehensive. |
…sts in a S3 Bucket.
Prerequisites
Description
We don't need the
ListBucketpermission when accessing the S3 bucket. We will always know the key we want to access, but the side effect is we are getting a Forbidden from the S3 bucket, probably to prevent bucket enumeration. I think it's safe to assume that the Key doesn't exist.