From 48be90a64eca62496d4b6b464a6c77cee1a8558d Mon Sep 17 00:00:00 2001
From: Abhishek Lekshmanan <abhishek@suse.com>
Date: Thu, 24 Oct 2019 17:18:38 +0200
Subject: [PATCH 1/2] iam: add a very basic user policy smoke test

Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
---
 s3tests_boto3/functional/__init__.py |  9 +++++++++
 s3tests_boto3/functional/test_s3.py  | 23 +++++++++++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/s3tests_boto3/functional/__init__.py b/s3tests_boto3/functional/__init__.py
index a96b45d..5c229fa 100644
--- a/s3tests_boto3/functional/__init__.py
+++ b/s3tests_boto3/functional/__init__.py
@@ -265,6 +265,15 @@ def get_tenant_client(client_config=None):
                         config=client_config)
     return client
 
+def get_tenant_iam_client():
+
+    client = boto3.client(service_name='iam',
+                          aws_access_key_id=config.tenant_access_key,
+                          aws_secret_access_key=config.tenant_secret_key,
+                          endpoint_url=config.default_endpoint,
+                          use_ssl=config.default_is_secure)
+    return client
+
 def get_unauthenticated_client():
     client = boto3.client(service_name='s3',
                         aws_access_key_id='',
diff --git a/s3tests_boto3/functional/test_s3.py b/s3tests_boto3/functional/test_s3.py
index 011d1dd..dc13740 100644
--- a/s3tests_boto3/functional/test_s3.py
+++ b/s3tests_boto3/functional/test_s3.py
@@ -64,6 +64,8 @@ from . import (
     get_alt_email,
     get_alt_client,
     get_tenant_client,
+    get_tenant_iam_client,
+    get_tenant_user_id,
     get_buckets_list,
     get_objects_list,
     get_main_kms_keyid,
@@ -12303,3 +12305,24 @@ def test_object_read_unreadable():
     status, error_code = _get_status_and_error_code(e.response)
     eq(status, 400)
     eq(e.response['Error']['Message'], 'Couldn\'t parse the specified URI.')
+
+@attr(resource='bucket')
+@attr(method='get')
+@attr(operation='Test User Policy')
+@attr(assertion='succeeds')
+@attr('user-policy')
+def test_user_policy():
+    client = get_tenant_iam_client()
+
+    policy_document = json.dumps(
+    {"Version":"2012-10-17",
+     "Statement": {
+         "Effect":"Allow",
+         "Action":"*",
+         "Resource":"*"}}
+    )
+    client.put_user_policy(
+        PolicyDocument= policy_document,
+        PolicyName='AllAccessPolicy',
+        UserName=get_tenant_user_id(),
+    )

From 045ad2f46e9267254ce9b27efbdd2be6ec563a33 Mon Sep 17 00:00:00 2001
From: Abhishek Lekshmanan <abhishek@suse.com>
Date: Fri, 6 Dec 2019 17:00:13 +0100
Subject: [PATCH 2/2] iam: explicitly set a region for the iam client

Avoids region not defined errors

Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
---
 s3tests_boto3/functional/__init__.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/s3tests_boto3/functional/__init__.py b/s3tests_boto3/functional/__init__.py
index 5c229fa..3b97f46 100644
--- a/s3tests_boto3/functional/__init__.py
+++ b/s3tests_boto3/functional/__init__.py
@@ -268,6 +268,7 @@ def get_tenant_client(client_config=None):
 def get_tenant_iam_client():
 
     client = boto3.client(service_name='iam',
+                          region_name='us-east-1',
                           aws_access_key_id=config.tenant_access_key,
                           aws_secret_access_key=config.tenant_secret_key,
                           endpoint_url=config.default_endpoint,