set-public-policy command

[simonw]

Mainly for if you run s3-credentials create mybucket --create-bucket but forget to add --public and want to add that later.

[simonw]

Relevant code from the create command:

s3-credentials/s3_credentials/cli.py

Lines 376 to 378 in 3f7bb39

	bucket_policy = {}
	if public:
	bucket_policy = policies.bucket_policy_allow_all_get(bucket)

s3-credentials/s3_credentials/cli.py

Lines 405 to 409 in 3f7bb39

	if bucket_policy:
	s3.put_bucket_policy(
	Bucket=bucket, Policy=json.dumps(bucket_policy)
	)
	log("Attached bucket policy allowing public access")

[simonw]

Here's a prototype:

@cli.command()
@click.argument("bucket")
@common_boto3_options
def set_public_policy(bucket, **boto_options):
    """
    Set public policy for bucket

    This will allow GET requests for anonymous users.

        s3-credentials set-public-policy my-bucket
    """
    s3 = make_client("s3", **boto_options)
    if not bucket_exists(s3, bucket):
        raise click.ClickException("Bucket {} does not exists".format(bucket))
    bucket_policy = policies.bucket_policy_allow_all_get(bucket)
    try:
        s3.put_bucket_policy(Bucket=bucket, Policy=json.dumps(bucket_policy))
    except botocore.exceptions.ClientError as e:
        raise click.ClickException(e)

I built that for:

• Deploy www.calbatwg.org to Fly public-notes#9 (comment)

[simonw]

Design decision: should this be reversible? If so, what should that command be?

Should there be a way to see if a bucket has this policy or not, or a way to list the bucket policy in general?

Then it needs tests and docs.

[simonw]

Relevant docs:

https://boto3.amazonaws.com/v1/documentation/api/latest/guide/s3-example-bucket-policies.html

A bucket only gets one bucket policy at a time.

[simonw]

Should there be a way to see if a bucket has this policy or not, or a way to list the bucket policy in general?

I added that here:

• debug-bucket command #86