From fbf318a3ba96fe2a7322706f1d42423357d67614 Mon Sep 17 00:00:00 2001
From: Chris Lu <chris.lu@gmail.com>
Date: Mon, 12 Jan 2026 01:41:27 -0800
Subject: [PATCH] test(s3api): implement ValidateTrustPolicyForPrincipal in
 MockIAMIntegration

---
 weed/s3api/auth_signature_v4_sts_test.go | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/weed/s3api/auth_signature_v4_sts_test.go b/weed/s3api/auth_signature_v4_sts_test.go
index 91051440d..6cca0cdd6 100644
--- a/weed/s3api/auth_signature_v4_sts_test.go
+++ b/weed/s3api/auth_signature_v4_sts_test.go
@@ -16,8 +16,9 @@ import (
 
 // MockIAMIntegration is a mock implementation of IAM integration for testing
 type MockIAMIntegration struct {
-	authorizeFunc func(ctx context.Context, identity *IAMIdentity, action Action, bucket, object string, r *http.Request) s3err.ErrorCode
-	authCalled    bool
+	authorizeFunc           func(ctx context.Context, identity *IAMIdentity, action Action, bucket, object string, r *http.Request) s3err.ErrorCode
+	validateTrustPolicyFunc func(ctx context.Context, roleArn, principalArn string) error
+	authCalled              bool
 }
 
 func (m *MockIAMIntegration) AuthorizeAction(ctx context.Context, identity *IAMIdentity, action Action, bucket, object string, r *http.Request) s3err.ErrorCode {
@@ -36,6 +37,13 @@ func (m *MockIAMIntegration) ValidateSessionToken(ctx context.Context, token str
 	return nil, nil // Not needed for these tests
 }
 
+func (m *MockIAMIntegration) ValidateTrustPolicyForPrincipal(ctx context.Context, roleArn, principalArn string) error {
+	if m.validateTrustPolicyFunc != nil {
+		return m.validateTrustPolicyFunc(ctx, roleArn, principalArn)
+	}
+	return nil
+}
+
 // TestVerifyV4SignatureWithSTSIdentity tests that verifyV4Signature properly handles STS identities
 // by falling back to IAM authorization when shouldCheckPermissions is true
 func TestVerifyV4SignatureWithSTSIdentity(t *testing.T) {