From 93a3b6c704cfeb2a59d91f3eda634e9046e16585 Mon Sep 17 00:00:00 2001
From: Seena Fallah <seenafallah@gmail.com>
Date: Fri, 19 Jul 2024 20:50:26 +0200
Subject: [PATCH] PolicyStatus: add test for policy with Principal

Ref. https://github.com/ceph/ceph/pull/58686

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
---
 s3tests_boto3/functional/test_s3.py | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/s3tests_boto3/functional/test_s3.py b/s3tests_boto3/functional/test_s3.py
index ebdd6c4..39da62e 100644
--- a/s3tests_boto3/functional/test_s3.py
+++ b/s3tests_boto3/functional/test_s3.py
@@ -12793,6 +12793,31 @@ def test_get_nonpublicpolicy_acl_bucket_policy_status():
     assert resp['PolicyStatus']['IsPublic'] == False
 
 
+def test_get_nonpublicpolicy_principal_bucket_policy_status():
+    bucket_name = get_new_bucket()
+    client = get_client()
+
+    resource1 = "arn:aws:s3:::" + bucket_name
+    resource2 = "arn:aws:s3:::" + bucket_name + "/*"
+    policy_document = json.dumps(
+    {
+        "Version": "2012-10-17",
+        "Statement": [{
+        "Effect": "Allow",
+        "Principal": {"AWS": "arn:aws:iam::s3tenant1:root"},
+        "Action": "s3:ListBucket",
+        "Resource": [
+            "{}".format(resource1),
+            "{}".format(resource2)
+            ],
+        }]
+    })
+    
+    client.put_bucket_policy(Bucket=bucket_name, Policy=policy_document)
+    resp = client.get_bucket_policy_status(Bucket=bucket_name)
+    assert resp['PolicyStatus']['IsPublic'] == False
+
+
 def test_bucket_policy_allow_notprincipal():
     bucket_name = get_new_bucket()
     client = get_client()