Skip to content

Add S3TablesPutTableBucketPolicyOperator #66720

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
vincbeck merged 1 commit into from
May 12, 2026
+90 −0
Merged

Add S3TablesPutTableBucketPolicyOperator #66720

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions providers/amazon/docs/operators/s3_tables.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,21 @@ To rename a table in an Amazon S3 Tables namespace, use
:start-after: [START howto_operator_s3tables_rename_table]
:end-before: [END howto_operator_s3tables_rename_table]


.. _howto/operator:S3TablesPutTableBucketPolicyOperator:

Put a Table Bucket Policy
-------------------------

To set a resource policy on an Amazon S3 Tables table bucket, use
:class:`~airflow.providers.amazon.aws.operators.s3_tables.S3TablesPutTableBucketPolicyOperator`.

.. exampleinclude:: /../../amazon/tests/system/amazon/aws/example_s3_tables.py
:language: python
:dedent: 4
:start-after: [START howto_operator_s3tables_put_table_bucket_policy]
:end-before: [END howto_operator_s3tables_put_table_bucket_policy]

Reference
---------

Expand Down
36 changes: 36 additions & 0 deletions providers/amazon/src/airflow/providers/amazon/aws/operators/s3_tables.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -383,3 +383,39 @@ def execute(self, context: Context) -> None:
)
self.hook.conn.rename_table(**kwargs)
self.log.info("Renamed table %s to %s", self.table_name, self.new_name)


class S3TablesPutTableBucketPolicyOperator(AwsBaseOperator[S3TablesHook]):
"""
Set a resource policy on an Amazon S3 Tables table bucket.

.. seealso::
For more information on how to use this operator, take a look at the guide:
:ref:`howto/operator:S3TablesPutTableBucketPolicyOperator`

:param table_bucket_arn: The ARN of the table bucket. (templated)
:param resource_policy: The JSON resource policy string. (templated)
"""

aws_hook_class = S3TablesHook
template_fields: Sequence[str] = aws_template_fields("table_bucket_arn", "resource_policy")
template_fields_renderers = {"resource_policy": "json"}

def __init__(
self,
*,
table_bucket_arn: str,
resource_policy: str,
**kwargs,
) -> None:
super().__init__(**kwargs)
self.table_bucket_arn = table_bucket_arn
self.resource_policy = resource_policy

def execute(self, context: Context) -> None:
self.log.info("Setting policy on table bucket %s", self.table_bucket_arn)
self.hook.conn.put_table_bucket_policy(
tableBucketARN=self.table_bucket_arn,
resourcePolicy=self.resource_policy,
)
self.log.info("Policy set on table bucket %s", self.table_bucket_arn)
11 changes: 11 additions & 0 deletions providers/amazon/tests/system/amazon/aws/example_s3_tables.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@
S3TablesDeleteNamespaceOperator,
S3TablesDeleteTableBucketOperator,
S3TablesDeleteTableOperator,
S3TablesPutTableBucketPolicyOperator,
S3TablesRenameTableOperator,
)
from airflow.providers.common.compat.sdk import DAG, chain
Expand Down Expand Up @@ -81,6 +82,15 @@ def create_namespace(table_bucket_arn: str, namespace: str):
table_bucket_name=bucket_name,
)
# [END howto_operator_s3tables_create_table_bucket]

# [START howto_operator_s3tables_put_table_bucket_policy]
put_policy = S3TablesPutTableBucketPolicyOperator(
task_id="put_table_bucket_policy",
table_bucket_arn=create_table_bucket.output,
resource_policy='{"Version":"2012-10-17","Statement":[]}',
)
# [END howto_operator_s3tables_put_table_bucket_policy]

# [START howto_operator_s3tables_create_namespace]
setup_namespace = S3TablesCreateNamespaceOperator(
task_id="create_namespace",
Expand Down Expand Up @@ -140,6 +150,7 @@ def create_namespace(table_bucket_arn: str, namespace: str):
# TEST SETUP
test_context,
create_table_bucket,
put_policy,
setup_namespace,
# TEST BODY
create_table,
Expand Down
28 changes: 28 additions & 0 deletions providers/amazon/tests/unit/amazon/aws/operators/test_s3_tables.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
S3TablesDeleteNamespaceOperator,
S3TablesDeleteTableBucketOperator,
S3TablesDeleteTableOperator,
S3TablesPutTableBucketPolicyOperator,
S3TablesRenameTableOperator,
)

Expand Down Expand Up @@ -392,3 +393,30 @@ def test_execute_with_optional_args(self, mock_conn):

def test_template_fields(self):
validate_template_fields(self.operator)


POLICY = '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":"*","Action":"s3tables:*","Resource":"*"}]}'


class TestS3TablesPutTableBucketPolicyOperator:
def setup_method(self):
self.operator = S3TablesPutTableBucketPolicyOperator(
task_id="put_policy",
table_bucket_arn=TABLE_BUCKET_ARN,
resource_policy=POLICY,
)

@mock.patch.object(S3TablesHook, "conn", new_callable=mock.PropertyMock)
def test_execute(self, mock_conn):
mock_client = mock.MagicMock()
mock_conn.return_value = mock_client

self.operator.execute({})

mock_client.put_table_bucket_policy.assert_called_once_with(
tableBucketARN=TABLE_BUCKET_ARN,
resourcePolicy=POLICY,
)

def test_template_fields(self):
validate_template_fields(self.operator)
Loading