add account_id field to config sections

s3tests.conf.SAMPLE

@@ -147,13 +147,15 @@ display_name = youruseridhere
 [iam root]
 access_key = AAAAAAAAAAAAAAAAAAaa
 secret_key = aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
+account_id = RGW11111111111111111
 user_id = RGW11111111111111111
 email = [email protected]
 
 # iam account root user in a different account than [iam root]
 [iam alt root]
 access_key = BBBBBBBBBBBBBBBBBBbb
 secret_key = bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
+account_id = RGW22222222222222222
 user_id = RGW22222222222222222
 email = [email protected]
 

s3tests_boto3/functional/__init__.py

@@ -221,6 +221,7 @@ def configure():
     config.main_display_name = cfg.get('s3 main',"display_name")
     config.main_user_id = cfg.get('s3 main',"user_id")
     config.main_email = cfg.get('s3 main',"email")
+    config.main_account_id = cfg.get('s3 main', 'account_id', fallback=None)
     try:
         config.main_kms_keyid = cfg.get('s3 main',"kms_keyid")
     except (configparser.NoSectionError, configparser.NoOptionError):
@@ -258,12 +259,14 @@ def configure():
     config.alt_display_name = cfg.get('s3 alt',"display_name")
     config.alt_user_id = cfg.get('s3 alt',"user_id")
     config.alt_email = cfg.get('s3 alt',"email")
+    config.alt_account_id = cfg.get('s3 alt', 'account_id', fallback=None)
 
     config.tenant_access_key = cfg.get('s3 tenant',"access_key")
     config.tenant_secret_key = cfg.get('s3 tenant',"secret_key")
     config.tenant_display_name = cfg.get('s3 tenant',"display_name")
     config.tenant_user_id = cfg.get('s3 tenant',"user_id")
     config.tenant_email = cfg.get('s3 tenant',"email")
+    config.tenant_account_id = cfg.get('s3 tenant', 'account_id', fallback=None)
     config.tenant_name = cfg.get('s3 tenant',"tenant")
 
     config.iam_access_key = cfg.get('iam',"access_key")
@@ -276,11 +279,13 @@ def configure():
     config.iam_root_secret_key = cfg.get('iam root',"secret_key")
     config.iam_root_user_id = cfg.get('iam root',"user_id")
     config.iam_root_email = cfg.get('iam root',"email")
+    config.iam_root_account_id = cfg.get('iam root', 'account_id', fallback=None)
 
     config.iam_alt_root_access_key = cfg.get('iam alt root',"access_key")
     config.iam_alt_root_secret_key = cfg.get('iam alt root',"secret_key")
     config.iam_alt_root_user_id = cfg.get('iam alt root',"user_id")
     config.iam_alt_root_email = cfg.get('iam alt root',"email")
+    config.iam_alt_root_account_id = cfg.get('iam alt root', 'account_id', fallback=None)
 
     # vars from the fixtures section
     template = cfg.get('fixtures', "bucket prefix", fallback='test-{random}-')
@@ -700,6 +705,9 @@ def get_main_user_id():
 def get_main_email():
     return config.main_email
 
+def get_main_account_id():
+    return config.main_account_id
+
 def get_main_api_name():
     return config.main_api_name
 
@@ -721,6 +729,9 @@ def get_alt_display_name():
 def get_alt_user_id():
     return config.alt_user_id
 
+def get_alt_account_id():
+    return config.alt_account_id
+
 def get_alt_email():
     return config.alt_email
 
@@ -733,6 +744,9 @@ def get_tenant_aws_secret_key():
 def get_tenant_display_name():
     return config.tenant_display_name
 
+def get_tenant_account_id():
+    return config.tenant_account_id
+
 def get_tenant_name():
     return config.tenant_name
 
@@ -781,12 +795,18 @@ def get_iam_root_user_id():
 def get_iam_root_email():
     return config.iam_root_email
 
+def get_iam_root_account_id():
+    return config.iam_root_account_id
+
 def get_iam_alt_root_user_id():
     return config.iam_alt_root_user_id
 
 def get_iam_alt_root_email():
     return config.iam_alt_root_email
 
+def get_iam_alt_root_account_id():
+    return config.iam_alt_root_account_id
+
 def get_user_token():
     return config.webidentity_user_token
 

s3tests_boto3/functional/test_iam.py

@@ -13,9 +13,11 @@
     get_alt_client,
     get_iam_client,
     get_iam_root_client,
+    get_iam_root_account_id,
     get_iam_alt_root_client,
     get_iam_alt_root_user_id,
     get_iam_alt_root_email,
+    get_iam_alt_root_account_id,
     make_iam_name,
     get_iam_path_prefix,
     get_new_bucket,
@@ -2342,8 +2344,7 @@ def test_account_role_policy_allow_create_bucket(iam_root, iam_alt_root):
     s3_main = get_iam_root_client(service_name='s3')
     response = s3_main.get_bucket_acl(Bucket=bucket_name)
 
-    main_arn = iam_root.get_user()['User']['Arn']
-    account_id = main_arn.removeprefix('arn:aws:iam::').removesuffix(':root')
+    account_id = get_iam_root_account_id()
     assert response['Owner']['ID'] == account_id
     assert response['Grants'][0]['Grantee']['ID'] == account_id
 
@@ -2736,9 +2737,9 @@ def test_cross_account_user_bucket_policy_allow_account_id(iam_root, iam_alt_roo
     roots3 = get_iam_root_client(service_name='s3')
     path = get_iam_path_prefix()
     user_name = make_iam_name('AltUser')
-    response = iam_alt_root.create_user(UserName=user_name, Path=path)
-    user_arn = response['User']['Arn']
-    account_id = user_arn.removeprefix('arn:aws:iam::').removesuffix(f':user{path}{user_name}')
+    iam_alt_root.create_user(UserName=user_name, Path=path)
+
+    account_id = get_iam_alt_root_account_id()
     _test_cross_account_user_bucket_policy(roots3, iam_alt_root, user_name, account_id)
 
 @pytest.mark.iam_account
@@ -2747,9 +2748,9 @@ def test_cross_account_bucket_user_policy_allow_account_id(iam_root, iam_alt_roo
     roots3 = get_iam_root_client(service_name='s3')
     path = get_iam_path_prefix()
     user_name = make_iam_name('AltUser')
-    response = iam_alt_root.create_user(UserName=user_name, Path=path)
-    user_arn = response['User']['Arn']
-    account_id = user_arn.removeprefix('arn:aws:iam::').removesuffix(f':user{path}{user_name}')
+    iam_alt_root.create_user(UserName=user_name, Path=path)
+
+    account_id = get_iam_alt_root_account_id()
     _test_cross_account_bucket_user_policy(roots3, iam_alt_root, user_name, account_id)
 
 
@@ -2923,8 +2924,8 @@ def test_cross_account_root_bucket_policy_allow_account_arn(iam_root, iam_alt_ro
 def test_cross_account_root_bucket_policy_allow_account_id(iam_root, iam_alt_root):
     roots3 = get_iam_root_client(service_name='s3')
     alts3 = get_iam_alt_root_client(service_name='s3')
-    alt_arn = iam_alt_root.get_user()['User']['Arn']
-    account_id = alt_arn.removeprefix('arn:aws:iam::').removesuffix(':root')
+
+    account_id = get_iam_alt_root_account_id()
     _test_cross_account_root_bucket_policy(roots3, alts3, account_id)
 
 # test root cross-account access with bucket acls