add a few more tests for coverage

kddejong · kddejong · commit 81433dd33bbc · 2025-03-19T11:12:06.000-07:00
diff --git a/src/cfnlint/data/schemas/other/iam/policy_resource.json b/src/cfnlint/data/schemas/other/iam/policy_resource.json
@@ -8,7 +8,7 @@
    ],
    "items": {
     "cfnLint": [
-      "AWS::IAM::Policy/Properties/PolicyDocument/Statement/Resource"
+     "AWS::IAM::Policy/Properties/PolicyDocument/Statement/Resource"
     ],
     "type": "string"
    },
diff --git a/test/unit/rules/resources/iam/test_iam_permissions.py b/test/unit/rules/resources/iam/test_iam_permissions.py
@@ -180,7 +180,7 @@ def rule():
         (
             "valid s3 bucket action",
             "s3:getobject",
-            {"cfn_path": deque(["Resources", "AWS::IAM::ManagedPolicy", "Properties"])},
+            {"cfn_path": deque(["Resources", "AWS::S3::BucketPolicy", "Properties"])},
             [],
         ),
         (
@@ -189,6 +189,12 @@ def rule():
             {"cfn_path": deque(["Resources", "AWS::S3::BucketPolicy", "Properties"])},
             [ValidationError("'iam' is not one of ['s3']", rule=Permissions())],
         ),
+        (
+            "invalid s3 bucket action bucket short path",
+            "iam:tagrole",
+            {"cfn_path": deque(["Resources"])},
+            [],
+        ),
         (
             "invalid s3 bucket action",
             "iam:tagrole",
