diff --git a/s3tests_boto3/functional/__init__.py b/s3tests_boto3/functional/__init__.py index a96b45d..3b97f46 100644 --- a/s3tests_boto3/functional/__init__.py +++ b/s3tests_boto3/functional/__init__.py @@ -265,6 +265,16 @@ def get_tenant_client(client_config=None): config=client_config) return client +def get_tenant_iam_client(): + + client = boto3.client(service_name='iam', + region_name='us-east-1', + aws_access_key_id=config.tenant_access_key, + aws_secret_access_key=config.tenant_secret_key, + endpoint_url=config.default_endpoint, + use_ssl=config.default_is_secure) + return client + def get_unauthenticated_client(): client = boto3.client(service_name='s3', aws_access_key_id='', diff --git a/s3tests_boto3/functional/test_s3.py b/s3tests_boto3/functional/test_s3.py index a8b0822..ae91835 100644 --- a/s3tests_boto3/functional/test_s3.py +++ b/s3tests_boto3/functional/test_s3.py @@ -64,6 +64,8 @@ from . import ( get_alt_email, get_alt_client, get_tenant_client, + get_tenant_iam_client, + get_tenant_user_id, get_buckets_list, get_objects_list, get_main_kms_keyid, @@ -12341,3 +12343,24 @@ def test_object_read_unreadable(): status, error_code = _get_status_and_error_code(e.response) eq(status, 400) eq(e.response['Error']['Message'], 'Couldn\'t parse the specified URI.') + +@attr(resource='bucket') +@attr(method='get') +@attr(operation='Test User Policy') +@attr(assertion='succeeds') +@attr('user-policy') +def test_user_policy(): + client = get_tenant_iam_client() + + policy_document = json.dumps( + {"Version":"2012-10-17", + "Statement": { + "Effect":"Allow", + "Action":"*", + "Resource":"*"}} + ) + client.put_user_policy( + PolicyDocument= policy_document, + PolicyName='AllAccessPolicy', + UserName=get_tenant_user_id(), + )