s3-coverage-expansion (#602)

general-kroll-4-life · web-flow · commit 16e25aa894d4 · 2025-12-25T11:49:21.000+11:00
Summary:

- Coverage of `aws.s3.bucket_abac` plus integration test.
- Added regression test `AWS S3 Bucket ABAC Works`.
- Dependent repositories will not yet be forced to use containerised mocks.
diff --git a/test/python/stackql_test_tooling/web_service_keywords.py b/test/python/stackql_test_tooling/web_service_keywords.py
@@ -345,8 +345,8 @@ def create_digitalocean_web_service(
     
     @keyword
     def start_all_webservers(self, port_dict: Optional[dict] = None) -> None:
-        # if system has docker installed, use that to run mock servers
-        if os.system('which docker >/dev/null 2>&1') == 0:
+        # if system has docker installed and also has docker compose file, use that to run mock servers
+        if os.system('which docker >/dev/null 2>&1') == 0 and os.path.exists('docker-compose-testing.yml'):
             ## inherits env vars from parent process so IS_DOCKER env var is passed along
             rv = os.system('docker compose -f docker-compose-testing.yml up -d --build --force-recreate')
             if rv != 0:
diff --git a/test/registry/src/aws/v0.1.0/services/s3.yaml b/test/registry/src/aws/v0.1.0/services/s3.yaml
@@ -4423,17 +4423,25 @@ paths:
       responses:
         '200':
           description: Success
-  /{Bucket}?abac:
+  /?abac:
+    servers:
+    - url: 'https://{Bucket}.s3-{region}.amazonaws.com'
+      variables:
+        Bucket:
+          default: stackql-trial-bucket-02
+        region:
+          default: us-east-1
     get:
       operationId: GetBucketAbac
       description: |-
         Returns the attribute-based access control (ABAC) property of the general purpose bucket. If ABAC is enabled on your bucket, you can use tags on the bucket for access control. For more information, see [Enabling ABAC in general purpose buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging-enable-abac.html).
       parameters:
-      - name: Bucket
-        in: path
-        required: true
+      - name: x-amz-content-sha256
+        in: header
+        required: false
         schema:
-          $ref: '#/components/schemas/BucketName'
+          type: string
+          default: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
       - name: x-amz-expected-bucket-owner
         in: header
         required: false
@@ -4451,11 +4459,6 @@ paths:
       description: |-
         Sets the attribute-based access control (ABAC) property of the general purpose bucket. You must have `s3:PutBucketABAC` permission to perform this action. When you enable ABAC, you can use tags for access control on your buckets. Additionally, when ABAC is enabled, you must use the [TagResource](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_TagResource.html) and [UntagResource](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UntagResource.html) actions to manage tags on your buckets. You can nolonger use the [PutBucketTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutBucketTagging.html) and [DeleteBucketTagging](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketTagging.html) actions to tag your bucket. For more information, see [Enabling ABAC in general purpose buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/buckets-tagging-enable-abac.html).
       parameters:
-      - name: Bucket
-        in: path
-        required: true
-        schema:
-          $ref: '#/components/schemas/BucketName'
       - name: Content-MD5
         in: header
         required: false
@@ -22116,13 +22119,13 @@ components:
       methods:
         get_bucket_abac:
           operation:
-            $ref: '#/paths/~1{Bucket}?abac/get'
+            $ref: '#/paths/~1?abac/get'
           response:
             mediaType: text/xml
             openAPIDocKey: '200'
         put_bucket_abac:
           operation:
-            $ref: '#/paths/~1{Bucket}?abac/put'
+            $ref: '#/paths/~1?abac/put'
           response:
             mediaType: application/json
             openAPIDocKey: '200'
diff --git a/test/robot/integration-traffic-lights/stackql_traffic_light_integration_from_cmd_line.robot b/test/robot/integration-traffic-lights/stackql_traffic_light_integration_from_cmd_line.robot
@@ -57,3 +57,19 @@ AWS S3 Bucket Objects List
     ...    stderr=${CURDIR}/tmp/AWS-S3-Bucket-Objects-List-stderr.tmp
     Should Be Equal As Integers    ${result.rc}           0
     Should Contain                 ${result.stdout}       docs/advanced
+
+AWS S3 Bucket ABAC Works
+    Sleep    2s
+    ${bucketObjectsListQuery} =    Catenate
+    ...    select * from aws.s3.bucket_abac where Bucket = 'stackql-trial-bucket-02' and region = 'ap-southeast-2';
+    ${result} =    Run Process
+    ...    ${STACKQL_EXE}
+    ...    \-\-registry
+    ...    { "url": "file://${REPOSITORY_ROOT}/test/registry", "localDocRoot": "${REPOSITORY_ROOT}/test/registry", "verifyConfig": { "nopVerify": true } }
+    ...    exec
+    ...    ${bucketObjectsListQuery}
+    ...    cwd=${REPOSITORY_ROOT}
+    ...    stdout=${CURDIR}/tmp/AWS-S3-Bucket-Objects-List.tmp
+    ...    stderr=${CURDIR}/tmp/AWS-S3-Bucket-Objects-List-stderr.tmp
+    Should Be Equal As Integers    ${result.rc}           0
+    Should Contain                 ${result.stdout}       stackql\-trial\-bucket\-02
