You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

128 lines
3.0 KiB

5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
5 years ago
  1. package s3api
  2. import (
  3. . "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
  4. "github.com/stretchr/testify/assert"
  5. "testing"
  6. "github.com/golang/protobuf/jsonpb"
  7. "github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"
  8. )
  9. func TestIdentityListFileFormat(t *testing.T) {
  10. s3ApiConfiguration := &iam_pb.S3ApiConfiguration{}
  11. identity1 := &iam_pb.Identity{
  12. Name: "some_name",
  13. Credentials: []*iam_pb.Credential{
  14. {
  15. AccessKey: "some_access_key1",
  16. SecretKey: "some_secret_key2",
  17. },
  18. },
  19. Actions: []string{
  20. ACTION_ADMIN,
  21. ACTION_READ,
  22. ACTION_WRITE,
  23. },
  24. }
  25. identity2 := &iam_pb.Identity{
  26. Name: "some_read_only_user",
  27. Credentials: []*iam_pb.Credential{
  28. {
  29. AccessKey: "some_access_key1",
  30. SecretKey: "some_secret_key1",
  31. },
  32. },
  33. Actions: []string{
  34. ACTION_READ,
  35. },
  36. }
  37. identity3 := &iam_pb.Identity{
  38. Name: "some_normal_user",
  39. Credentials: []*iam_pb.Credential{
  40. {
  41. AccessKey: "some_access_key2",
  42. SecretKey: "some_secret_key2",
  43. },
  44. },
  45. Actions: []string{
  46. ACTION_READ,
  47. ACTION_WRITE,
  48. },
  49. }
  50. s3ApiConfiguration.Identities = append(s3ApiConfiguration.Identities, identity1)
  51. s3ApiConfiguration.Identities = append(s3ApiConfiguration.Identities, identity2)
  52. s3ApiConfiguration.Identities = append(s3ApiConfiguration.Identities, identity3)
  53. m := jsonpb.Marshaler{
  54. EmitDefaults: true,
  55. Indent: " ",
  56. }
  57. text, _ := m.MarshalToString(s3ApiConfiguration)
  58. println(text)
  59. }
  60. func TestCanDo(t *testing.T) {
  61. ident1 := &Identity{
  62. Name: "anything",
  63. Actions: []Action{
  64. "Write:bucket1/a/b/c/*",
  65. "Write:bucket1/a/b/other",
  66. },
  67. }
  68. // object specific
  69. assert.Equal(t, true, ident1.canDo(ACTION_WRITE, "bucket1", "/a/b/c/d.txt"))
  70. assert.Equal(t, false, ident1.canDo(ACTION_WRITE, "bucket1", "/a/b/other/some"), "action without *")
  71. // bucket specific
  72. ident2 := &Identity{
  73. Name: "anything",
  74. Actions: []Action{
  75. "Read:bucket1",
  76. "Write:bucket1/*",
  77. },
  78. }
  79. assert.Equal(t, true, ident2.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt"))
  80. assert.Equal(t, true, ident2.canDo(ACTION_WRITE, "bucket1", "/a/b/c/d.txt"))
  81. assert.Equal(t, false, ident2.canDo(ACTION_LIST, "bucket1", "/a/b/c/d.txt"))
  82. // across buckets
  83. ident3 := &Identity{
  84. Name: "anything",
  85. Actions: []Action{
  86. "Read",
  87. "Write",
  88. },
  89. }
  90. assert.Equal(t, true, ident3.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt"))
  91. assert.Equal(t, true, ident3.canDo(ACTION_WRITE, "bucket1", "/a/b/c/d.txt"))
  92. assert.Equal(t, false, ident3.canDo(ACTION_LIST, "bucket1", "/a/b/other/some"))
  93. // partial buckets
  94. ident4 := &Identity{
  95. Name: "anything",
  96. Actions: []Action{
  97. "Read:special_*",
  98. },
  99. }
  100. assert.Equal(t, true, ident4.canDo(ACTION_READ, "special_bucket", "/a/b/c/d.txt"))
  101. assert.Equal(t, false, ident4.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt"))
  102. // admin buckets
  103. ident5 := &Identity{
  104. Name: "anything",
  105. Actions: []Action{
  106. "Admin:special_*",
  107. },
  108. }
  109. assert.Equal(t, true, ident5.canDo(ACTION_READ, "special_bucket", "/a/b/c/d.txt"))
  110. assert.Equal(t, true, ident5.canDo(ACTION_WRITE, "special_bucket", "/a/b/c/d.txt"))
  111. }