'''
Script to set bucket policy on CreoDIAS bucket
'''
# Change the access key, secret_key and bucket_name 

from pprint import pprint
import boto3
import json

access_key = '<access key here>' # OpenStack access key
secret_key = '<secret key here>' # OpenStack secret key
bucket_name = '<bucket name>' # bucket name
host = 'https://s3.waw2-1.cloudferro.com/'


s3 = boto3.client('s3', aws_access_key_id=access_key,
                  aws_secret_access_key=secret_key, endpoint_url=host,)

# share a bucket
share_to = 'b96188fd342e4f59821340ffc8cef9f5'

bucket_policy = {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Sentinel Hub permissions",
            "Effect": "Allow",
            "Principal": {
                "AWS": f"arn:aws:iam::{share_to}:root"
            },
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                f"arn:aws:s3:::{bucket_name}",
                f"arn:aws:s3:::{bucket_name}/*"
            ]
        }
    ]
}

# Convert the policy from JSON dict to string
bucket_policy = json.dumps(bucket_policy)

# Set the new policy
s3.put_bucket_policy(Bucket=bucket_name, Policy=bucket_policy)

result = s3.get_bucket_policy(Bucket=bucket_name)
pprint(result['Policy'])