Skip to content

Commit 61340e9

Browse files
cbodleycbodley
committed
iam: use config account_id instead of parsing ARNs
Signed-off-by: Casey Bodley <[email protected]>
1 parent 6632f3e commit 61340e9

File tree

1 file changed

+11
-10
lines changed

1 file changed

+11
-10
lines changed

s3tests_boto3/functional/test_iam.py

Lines changed: 11 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -13,9 +13,11 @@
1313
get_alt_client,
1414
get_iam_client,
1515
get_iam_root_client,
16+
get_iam_root_account_id,
1617
get_iam_alt_root_client,
1718
get_iam_alt_root_user_id,
1819
get_iam_alt_root_email,
20+
get_iam_alt_root_account_id,
1921
make_iam_name,
2022
get_iam_path_prefix,
2123
get_new_bucket,
@@ -2342,8 +2344,7 @@ def test_account_role_policy_allow_create_bucket(iam_root, iam_alt_root):
23422344
s3_main = get_iam_root_client(service_name='s3')
23432345
response = s3_main.get_bucket_acl(Bucket=bucket_name)
23442346

2345-
main_arn = iam_root.get_user()['User']['Arn']
2346-
account_id = main_arn.removeprefix('arn:aws:iam::').removesuffix(':root')
2347+
account_id = get_iam_root_account_id()
23472348
assert response['Owner']['ID'] == account_id
23482349
assert response['Grants'][0]['Grantee']['ID'] == account_id
23492350

@@ -2736,9 +2737,9 @@ def test_cross_account_user_bucket_policy_allow_account_id(iam_root, iam_alt_roo
27362737
roots3 = get_iam_root_client(service_name='s3')
27372738
path = get_iam_path_prefix()
27382739
user_name = make_iam_name('AltUser')
2739-
response = iam_alt_root.create_user(UserName=user_name, Path=path)
2740-
user_arn = response['User']['Arn']
2741-
account_id = user_arn.removeprefix('arn:aws:iam::').removesuffix(f':user{path}{user_name}')
2740+
iam_alt_root.create_user(UserName=user_name, Path=path)
2741+
2742+
account_id = get_iam_alt_root_account_id()
27422743
_test_cross_account_user_bucket_policy(roots3, iam_alt_root, user_name, account_id)
27432744

27442745
@pytest.mark.iam_account
@@ -2747,9 +2748,9 @@ def test_cross_account_bucket_user_policy_allow_account_id(iam_root, iam_alt_roo
27472748
roots3 = get_iam_root_client(service_name='s3')
27482749
path = get_iam_path_prefix()
27492750
user_name = make_iam_name('AltUser')
2750-
response = iam_alt_root.create_user(UserName=user_name, Path=path)
2751-
user_arn = response['User']['Arn']
2752-
account_id = user_arn.removeprefix('arn:aws:iam::').removesuffix(f':user{path}{user_name}')
2751+
iam_alt_root.create_user(UserName=user_name, Path=path)
2752+
2753+
account_id = get_iam_alt_root_account_id()
27532754
_test_cross_account_bucket_user_policy(roots3, iam_alt_root, user_name, account_id)
27542755

27552756

@@ -2923,8 +2924,8 @@ def test_cross_account_root_bucket_policy_allow_account_arn(iam_root, iam_alt_ro
29232924
def test_cross_account_root_bucket_policy_allow_account_id(iam_root, iam_alt_root):
29242925
roots3 = get_iam_root_client(service_name='s3')
29252926
alts3 = get_iam_alt_root_client(service_name='s3')
2926-
alt_arn = iam_alt_root.get_user()['User']['Arn']
2927-
account_id = alt_arn.removeprefix('arn:aws:iam::').removesuffix(':root')
2927+
2928+
account_id = get_iam_alt_root_account_id()
29282929
_test_cross_account_root_bucket_policy(roots3, alts3, account_id)
29292930

29302931
# test root cross-account access with bucket acls

0 commit comments

Comments
 (0)