Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11244 Commits
32 Branches
298 Tags
167 MiB
Tree: aa299462f2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'aa299462f2'
${ noResults }
seaweedfs/weed/iamapi/iamapi_test.go

264 lines
8.5 KiB
Raw Normal View History

add tests
4 years ago
add test function
3 years ago
remove redundant logs & add unit test
3 years ago
improve iam error handling (#6446) * improve iam error handling * Delete docker/test.py
6 days ago
add test function
3 years ago
add tests
4 years ago
GetUserPolicy
4 years ago
move to https://github.com/seaweedfs/seaweedfs
3 years ago
add tests
4 years ago
GetUserPolicy
4 years ago
add tests
4 years ago
GetUserPolicy
4 years ago
add tests
4 years ago
GetUserPolicy
4 years ago
add tests
4 years ago
GetUserPolicy
4 years ago
add tests
4 years ago
GetUserPolicy
4 years ago
add tests
4 years ago
improve iam error handling (#6446) * improve iam error handling * Delete docker/test.py
6 days ago
GetUserPolicy
4 years ago
add test function
3 years ago
GetUserPolicy
4 years ago
add test function
3 years ago
GetUserPolicy
4 years ago
add tests
4 years ago
refactor all methods strings to const (#5726)
7 months ago
add tests
4 years ago
remove redundant logs & add unit test
3 years ago
  1. package iamapi
  3. import (
  4. "encoding/xml"
  5. "net/http"
  6. "net/http/httptest"
  7. "net/url"
  8. "regexp"
  9. "testing"
  11. "github.com/aws/aws-sdk-go/aws"
  12. "github.com/aws/aws-sdk-go/aws/session"
  13. "github.com/aws/aws-sdk-go/service/iam"
  14. "github.com/gorilla/mux"
  15. "github.com/jinzhu/copier"
  16. "github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"
  17. "github.com/stretchr/testify/assert"
  18. )
  20. var GetS3ApiConfiguration func(s3cfg *iam_pb.S3ApiConfiguration) (err error)
  21. var PutS3ApiConfiguration func(s3cfg *iam_pb.S3ApiConfiguration) (err error)
  22. var GetPolicies func(policies *Policies) (err error)
  23. var PutPolicies func(policies *Policies) (err error)
  25. var s3config = iam_pb.S3ApiConfiguration{}
  26. var policiesFile = Policies{Policies: make(map[string]PolicyDocument)}
  27. var ias = IamApiServer{s3ApiConfig: iamS3ApiConfigureMock{}}
  29. type iamS3ApiConfigureMock struct{}
  31. func (iam iamS3ApiConfigureMock) GetS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error) {
  32. _ = copier.Copy(&s3cfg.Identities, &s3config.Identities)
  33. return nil
  34. }
  36. func (iam iamS3ApiConfigureMock) PutS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error) {
  37. _ = copier.Copy(&s3config.Identities, &s3cfg.Identities)
  38. return nil
  39. }
  41. func (iam iamS3ApiConfigureMock) GetPolicies(policies *Policies) (err error) {
  42. _ = copier.Copy(&policies, &policiesFile)
  43. return nil
  44. }
  46. func (iam iamS3ApiConfigureMock) PutPolicies(policies *Policies) (err error) {
  47. _ = copier.Copy(&policiesFile, &policies)
  48. return nil
  49. }
  51. func TestCreateUser(t *testing.T) {
  52. userName := aws.String("Test")
  53. params := &iam.CreateUserInput{UserName: userName}
  54. req, _ := iam.New(session.New()).CreateUserRequest(params)
  55. _ = req.Build()
  56. out := CreateUserResponse{}
  57. response, err := executeRequest(req.HTTPRequest, out)
  58. assert.Equal(t, nil, err)
  59. assert.Equal(t, http.StatusOK, response.Code)
  60. //assert.Equal(t, out.XMLName, "lol")
  61. }
  63. func TestListUsers(t *testing.T) {
  64. params := &iam.ListUsersInput{}
  65. req, _ := iam.New(session.New()).ListUsersRequest(params)
  66. _ = req.Build()
  67. out := ListUsersResponse{}
  68. response, err := executeRequest(req.HTTPRequest, out)
  69. assert.Equal(t, nil, err)
  70. assert.Equal(t, http.StatusOK, response.Code)
  71. }
  73. func TestListAccessKeys(t *testing.T) {
  74. svc := iam.New(session.New())
  75. params := &iam.ListAccessKeysInput{}
  76. req, _ := svc.ListAccessKeysRequest(params)
  77. _ = req.Build()
  78. out := ListAccessKeysResponse{}
  79. response, err := executeRequest(req.HTTPRequest, out)
  80. assert.Equal(t, nil, err)
  81. assert.Equal(t, http.StatusOK, response.Code)
  82. }
  84. func TestGetUser(t *testing.T) {
  85. userName := aws.String("Test")
  86. params := &iam.GetUserInput{UserName: userName}
  87. req, _ := iam.New(session.New()).GetUserRequest(params)
  88. _ = req.Build()
  89. out := GetUserResponse{}
  90. response, err := executeRequest(req.HTTPRequest, out)
  91. assert.Equal(t, nil, err)
  92. assert.Equal(t, http.StatusOK, response.Code)
  93. }
  95. // Todo flat statement
  96. func TestCreatePolicy(t *testing.T) {
  97. params := &iam.CreatePolicyInput{
  98. PolicyName: aws.String("S3-read-only-example-bucket"),
  99. PolicyDocument: aws.String(`
  100. {
  101. "Version": "2012-10-17",
  102. "Statement": [
  103. {
  104. "Effect": "Allow",
  105. "Action": [
  106. "s3:Get*",
  107. "s3:List*"
  108. ],
  109. "Resource": [
  110. "arn:aws:s3:::EXAMPLE-BUCKET",
  111. "arn:aws:s3:::EXAMPLE-BUCKET/*"
  112. ]
  113. }
  114. ]
  115. }`),
  116. }
  117. req, _ := iam.New(session.New()).CreatePolicyRequest(params)
  118. _ = req.Build()
  119. out := CreatePolicyResponse{}
  120. response, err := executeRequest(req.HTTPRequest, out)
  121. assert.Equal(t, nil, err)
  122. assert.Equal(t, http.StatusOK, response.Code)
  123. }
  125. func TestPutUserPolicy(t *testing.T) {
  126. userName := aws.String("Test")
  127. params := &iam.PutUserPolicyInput{
  128. UserName: userName,
  129. PolicyName: aws.String("S3-read-only-example-bucket"),
  130. PolicyDocument: aws.String(
  131. `{
  132. "Version": "2012-10-17",
  133. "Statement": [
  134. {
  135. "Effect": "Allow",
  136. "Action": [
  137. "s3:Get*",
  138. "s3:List*"
  139. ],
  140. "Resource": [
  141. "arn:aws:s3:::EXAMPLE-BUCKET",
  142. "arn:aws:s3:::EXAMPLE-BUCKET/*"
  143. ]
  144. }
  145. ]
  146. }`),
  147. }
  148. req, _ := iam.New(session.New()).PutUserPolicyRequest(params)
  149. _ = req.Build()
  150. out := PutUserPolicyResponse{}
  151. response, err := executeRequest(req.HTTPRequest, out)
  152. assert.Equal(t, nil, err)
  153. assert.Equal(t, http.StatusOK, response.Code)
  154. }
  156. func TestPutUserPolicyError(t *testing.T) {
  157. userName := aws.String("InvalidUser")
  158. params := &iam.PutUserPolicyInput{
  159. UserName: userName,
  160. PolicyName: aws.String("S3-read-only-example-bucket"),
  161. PolicyDocument: aws.String(
  162. `{
  163. "Version": "2012-10-17",
  164. "Statement": [
  165. {
  166. "Effect": "Allow",
  167. "Action": [
  168. "s3:Get*",
  169. "s3:List*"
  170. ],
  171. "Resource": [
  172. "arn:aws:s3:::EXAMPLE-BUCKET",
  173. "arn:aws:s3:::EXAMPLE-BUCKET/*"
  174. ]
  175. }
  176. ]
  177. }`),
  178. }
  179. req, _ := iam.New(session.New()).PutUserPolicyRequest(params)
  180. _ = req.Build()
  181. response, err := executeRequest(req.HTTPRequest, nil)
  182. assert.Equal(t, nil, err)
  183. assert.Equal(t, http.StatusNotFound, response.Code)
  185. expectedMessage := "the user with name InvalidUser cannot be found"
  186. expectedCode := "NoSuchEntity"
  188. code, message := extractErrorCodeAndMessage(response)
  190. assert.Equal(t, expectedMessage, message)
  191. assert.Equal(t, expectedCode, code)
  192. }
  194. func extractErrorCodeAndMessage(response *httptest.ResponseRecorder) (string, string) {
  195. pattern := `<Error><Code>(.*)</Code><Message>(.*)</Message><Type>(.*)</Type></Error>`
  196. re := regexp.MustCompile(pattern)
  198. code := re.FindStringSubmatch(response.Body.String())[1]
  199. message := re.FindStringSubmatch(response.Body.String())[2]
  200. return code, message
  201. }
  203. func TestGetUserPolicy(t *testing.T) {
  204. userName := aws.String("Test")
  205. params := &iam.GetUserPolicyInput{UserName: userName, PolicyName: aws.String("S3-read-only-example-bucket")}
  206. req, _ := iam.New(session.New()).GetUserPolicyRequest(params)
  207. _ = req.Build()
  208. out := GetUserPolicyResponse{}
  209. response, err := executeRequest(req.HTTPRequest, out)
  210. assert.Equal(t, nil, err)
  211. assert.Equal(t, http.StatusOK, response.Code)
  212. }
  214. func TestUpdateUser(t *testing.T) {
  215. userName := aws.String("Test")
  216. newUserName := aws.String("Test-New")
  217. params := &iam.UpdateUserInput{NewUserName: newUserName, UserName: userName}
  218. req, _ := iam.New(session.New()).UpdateUserRequest(params)
  219. _ = req.Build()
  220. out := UpdateUserResponse{}
  221. response, err := executeRequest(req.HTTPRequest, out)
  222. assert.Equal(t, nil, err)
  223. assert.Equal(t, http.StatusOK, response.Code)
  224. }
  226. func TestDeleteUser(t *testing.T) {
  227. userName := aws.String("Test-New")
  228. params := &iam.DeleteUserInput{UserName: userName}
  229. req, _ := iam.New(session.New()).DeleteUserRequest(params)
  230. _ = req.Build()
  231. out := DeleteUserResponse{}
  232. response, err := executeRequest(req.HTTPRequest, out)
  233. assert.Equal(t, nil, err)
  234. assert.Equal(t, http.StatusOK, response.Code)
  235. }
  237. func executeRequest(req *http.Request, v interface{}) (*httptest.ResponseRecorder, error) {
  238. rr := httptest.NewRecorder()
  239. apiRouter := mux.NewRouter().SkipClean(true)
  240. apiRouter.Path("/").Methods(http.MethodPost).HandlerFunc(ias.DoActions)
  241. apiRouter.ServeHTTP(rr, req)
  242. return rr, xml.Unmarshal(rr.Body.Bytes(), &v)
  243. }
  245. func TestHandleImplicitUsername(t *testing.T) {
  246. var tests = []struct {
  247. r *http.Request
  248. values url.Values
  249. userName string
  250. }{
  251. {&http.Request{}, url.Values{}, ""},
  252. {&http.Request{Header: http.Header{"Authorization": []string{"AWS4-HMAC-SHA256 Credential=197FSAQ7HHTA48X64O3A/20220420/test1/iam/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=6757dc6b3d7534d67e17842760310e99ee695408497f6edc4fdb84770c252dc8"}}}, url.Values{}, "test1"},
  253. {&http.Request{Header: http.Header{"Authorization": []string{"AWS4-HMAC-SHA256 =197FSAQ7HHTA48X64O3A/20220420/test1/iam/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=6757dc6b3d7534d67e17842760310e99ee695408497f6edc4fdb84770c252dc8"}}}, url.Values{}, ""},
  254. {&http.Request{Header: http.Header{"Authorization": []string{"AWS4-HMAC-SHA256 Credential=197FSAQ7HHTA48X64O3A/20220420/test1/iam/aws4_request SignedHeaders=content-type;host;x-amz-date Signature=6757dc6b3d7534d67e17842760310e99ee695408497f6edc4fdb84770c252dc8"}}}, url.Values{}, ""},
  255. {&http.Request{Header: http.Header{"Authorization": []string{"AWS4-HMAC-SHA256 Credential=197FSAQ7HHTA48X64O3A/20220420/test1/iam, SignedHeaders=content-type;host;x-amz-date, Signature=6757dc6b3d7534d67e17842760310e99ee695408497f6edc4fdb84770c252dc8"}}}, url.Values{}, ""},
  256. }
  258. for i, test := range tests {
  259. handleImplicitUsername(test.r, test.values)
  260. if un := test.values.Get("UserName"); un != test.userName {
  261. t.Errorf("No.%d: Got: %v, Expected: %v", i, un, test.userName)
  262. }
  263. }
  264. }