|
|
package s3api
import ( . "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants" "github.com/stretchr/testify/assert" "testing"
"google.golang.org/protobuf/jsonpb"
"github.com/seaweedfs/seaweedfs/weed/pb/iam_pb" )
func TestIdentityListFileFormat(t *testing.T) {
s3ApiConfiguration := &iam_pb.S3ApiConfiguration{}
identity1 := &iam_pb.Identity{ Name: "some_name", Credentials: []*iam_pb.Credential{ { AccessKey: "some_access_key1", SecretKey: "some_secret_key2", }, }, Actions: []string{ ACTION_ADMIN, ACTION_READ, ACTION_WRITE, }, } identity2 := &iam_pb.Identity{ Name: "some_read_only_user", Credentials: []*iam_pb.Credential{ { AccessKey: "some_access_key1", SecretKey: "some_secret_key1", }, }, Actions: []string{ ACTION_READ, }, } identity3 := &iam_pb.Identity{ Name: "some_normal_user", Credentials: []*iam_pb.Credential{ { AccessKey: "some_access_key2", SecretKey: "some_secret_key2", }, }, Actions: []string{ ACTION_READ, ACTION_WRITE, }, }
s3ApiConfiguration.Identities = append(s3ApiConfiguration.Identities, identity1) s3ApiConfiguration.Identities = append(s3ApiConfiguration.Identities, identity2) s3ApiConfiguration.Identities = append(s3ApiConfiguration.Identities, identity3)
m := jsonpb.Marshaler{ EmitDefaults: true, Indent: " ", }
text, _ := m.MarshalToString(s3ApiConfiguration)
println(text)
}
func TestCanDo(t *testing.T) { ident1 := &Identity{ Name: "anything", Actions: []Action{ "Write:bucket1/a/b/c/*", "Write:bucket1/a/b/other", }, } // object specific
assert.Equal(t, true, ident1.canDo(ACTION_WRITE, "bucket1", "/a/b/c/d.txt")) assert.Equal(t, false, ident1.canDo(ACTION_WRITE, "bucket1", "/a/b/other/some"), "action without *")
// bucket specific
ident2 := &Identity{ Name: "anything", Actions: []Action{ "Read:bucket1", "Write:bucket1/*", }, } assert.Equal(t, true, ident2.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt")) assert.Equal(t, true, ident2.canDo(ACTION_WRITE, "bucket1", "/a/b/c/d.txt")) assert.Equal(t, false, ident2.canDo(ACTION_LIST, "bucket1", "/a/b/c/d.txt"))
// across buckets
ident3 := &Identity{ Name: "anything", Actions: []Action{ "Read", "Write", }, } assert.Equal(t, true, ident3.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt")) assert.Equal(t, true, ident3.canDo(ACTION_WRITE, "bucket1", "/a/b/c/d.txt")) assert.Equal(t, false, ident3.canDo(ACTION_LIST, "bucket1", "/a/b/other/some"))
// partial buckets
ident4 := &Identity{ Name: "anything", Actions: []Action{ "Read:special_*", }, } assert.Equal(t, true, ident4.canDo(ACTION_READ, "special_bucket", "/a/b/c/d.txt")) assert.Equal(t, false, ident4.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt"))
// admin buckets
ident5 := &Identity{ Name: "anything", Actions: []Action{ "Admin:special_*", }, } assert.Equal(t, true, ident5.canDo(ACTION_READ, "special_bucket", "/a/b/c/d.txt")) assert.Equal(t, true, ident5.canDo(ACTION_WRITE, "special_bucket", "/a/b/c/d.txt"))
}
|