You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

181 lines
5.2 KiB

4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
  1. package iamapi
  2. import (
  3. "encoding/xml"
  4. "github.com/aws/aws-sdk-go/aws"
  5. "github.com/aws/aws-sdk-go/aws/session"
  6. "github.com/aws/aws-sdk-go/service/iam"
  7. "github.com/chrislusf/seaweedfs/weed/pb/iam_pb"
  8. "github.com/gorilla/mux"
  9. "github.com/jinzhu/copier"
  10. "github.com/stretchr/testify/assert"
  11. "net/http"
  12. "net/http/httptest"
  13. "testing"
  14. )
  15. var GetS3ApiConfiguration func(s3cfg *iam_pb.S3ApiConfiguration) (err error)
  16. var PutS3ApiConfiguration func(s3cfg *iam_pb.S3ApiConfiguration) (err error)
  17. var GetPolicies func(policies *Policies) (err error)
  18. var PutPolicies func(policies *Policies) (err error)
  19. var s3config = iam_pb.S3ApiConfiguration{}
  20. var policiesFile = Policies{Policies: make(map[string]PolicyDocument)}
  21. var ias = IamApiServer{s3ApiConfig: iamS3ApiConfigureMock{}}
  22. type iamS3ApiConfigureMock struct{}
  23. func (iam iamS3ApiConfigureMock) GetS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error) {
  24. _ = copier.Copy(&s3cfg.Identities, &s3config.Identities)
  25. return nil
  26. }
  27. func (iam iamS3ApiConfigureMock) PutS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error) {
  28. _ = copier.Copy(&s3config.Identities, &s3cfg.Identities)
  29. return nil
  30. }
  31. func (iam iamS3ApiConfigureMock) GetPolicies(policies *Policies) (err error) {
  32. _ = copier.Copy(&policies, &policiesFile)
  33. return nil
  34. }
  35. func (iam iamS3ApiConfigureMock) PutPolicies(policies *Policies) (err error) {
  36. _ = copier.Copy(&policiesFile, &policies)
  37. return nil
  38. }
  39. func TestCreateUser(t *testing.T) {
  40. userName := aws.String("Test")
  41. params := &iam.CreateUserInput{UserName: userName}
  42. req, _ := iam.New(session.New()).CreateUserRequest(params)
  43. _ = req.Build()
  44. out := CreateUserResponse{}
  45. response, err := executeRequest(req.HTTPRequest, out)
  46. assert.Equal(t, nil, err)
  47. assert.Equal(t, http.StatusOK, response.Code)
  48. //assert.Equal(t, out.XMLName, "lol")
  49. }
  50. func TestListUsers(t *testing.T) {
  51. params := &iam.ListUsersInput{}
  52. req, _ := iam.New(session.New()).ListUsersRequest(params)
  53. _ = req.Build()
  54. out := ListUsersResponse{}
  55. response, err := executeRequest(req.HTTPRequest, out)
  56. assert.Equal(t, nil, err)
  57. assert.Equal(t, http.StatusOK, response.Code)
  58. }
  59. func TestListAccessKeys(t *testing.T) {
  60. svc := iam.New(session.New())
  61. params := &iam.ListAccessKeysInput{}
  62. req, _ := svc.ListAccessKeysRequest(params)
  63. _ = req.Build()
  64. out := ListAccessKeysResponse{}
  65. response, err := executeRequest(req.HTTPRequest, out)
  66. assert.Equal(t, nil, err)
  67. assert.Equal(t, http.StatusOK, response.Code)
  68. }
  69. func TestGetUser(t *testing.T) {
  70. userName := aws.String("Test")
  71. params := &iam.GetUserInput{UserName: userName}
  72. req, _ := iam.New(session.New()).GetUserRequest(params)
  73. _ = req.Build()
  74. out := GetUserResponse{}
  75. response, err := executeRequest(req.HTTPRequest, out)
  76. assert.Equal(t, nil, err)
  77. assert.Equal(t, http.StatusOK, response.Code)
  78. }
  79. // Todo flat statement
  80. func TestCreatePolicy(t *testing.T) {
  81. params := &iam.CreatePolicyInput{
  82. PolicyName: aws.String("S3-read-only-example-bucket"),
  83. PolicyDocument: aws.String(`
  84. {
  85. "Version": "2012-10-17",
  86. "Statement": [
  87. {
  88. "Effect": "Allow",
  89. "Action": [
  90. "s3:Get*",
  91. "s3:List*"
  92. ],
  93. "Resource": [
  94. "arn:aws:s3:::EXAMPLE-BUCKET",
  95. "arn:aws:s3:::EXAMPLE-BUCKET/*"
  96. ]
  97. }
  98. ]
  99. }`),
  100. }
  101. req, _ := iam.New(session.New()).CreatePolicyRequest(params)
  102. _ = req.Build()
  103. out := CreatePolicyResponse{}
  104. response, err := executeRequest(req.HTTPRequest, out)
  105. assert.Equal(t, nil, err)
  106. assert.Equal(t, http.StatusOK, response.Code)
  107. }
  108. func TestPutUserPolicy(t *testing.T) {
  109. userName := aws.String("Test")
  110. params := &iam.PutUserPolicyInput{
  111. UserName: userName,
  112. PolicyName: aws.String("S3-read-only-example-bucket"),
  113. PolicyDocument: aws.String(
  114. `{
  115. "Version": "2012-10-17",
  116. "Statement": [
  117. {
  118. "Effect": "Allow",
  119. "Action": [
  120. "s3:Get*",
  121. "s3:List*"
  122. ],
  123. "Resource": [
  124. "arn:aws:s3:::EXAMPLE-BUCKET",
  125. "arn:aws:s3:::EXAMPLE-BUCKET/*"
  126. ]
  127. }
  128. ]
  129. }`),
  130. }
  131. req, _ := iam.New(session.New()).PutUserPolicyRequest(params)
  132. _ = req.Build()
  133. out := PutUserPolicyResponse{}
  134. response, err := executeRequest(req.HTTPRequest, out)
  135. assert.Equal(t, nil, err)
  136. assert.Equal(t, http.StatusOK, response.Code)
  137. }
  138. func TestGetUserPolicy(t *testing.T) {
  139. userName := aws.String("Test")
  140. params := &iam.GetUserPolicyInput{UserName: userName, PolicyName: aws.String("S3-read-only-example-bucket")}
  141. req, _ := iam.New(session.New()).GetUserPolicyRequest(params)
  142. _ = req.Build()
  143. out := GetUserPolicyResponse{}
  144. response, err := executeRequest(req.HTTPRequest, out)
  145. assert.Equal(t, nil, err)
  146. assert.Equal(t, http.StatusOK, response.Code)
  147. }
  148. func TestDeleteUser(t *testing.T) {
  149. userName := aws.String("Test")
  150. params := &iam.DeleteUserInput{UserName: userName}
  151. req, _ := iam.New(session.New()).DeleteUserRequest(params)
  152. _ = req.Build()
  153. out := DeleteUserResponse{}
  154. response, err := executeRequest(req.HTTPRequest, out)
  155. assert.Equal(t, nil, err)
  156. assert.Equal(t, http.StatusOK, response.Code)
  157. }
  158. func executeRequest(req *http.Request, v interface{}) (*httptest.ResponseRecorder, error) {
  159. rr := httptest.NewRecorder()
  160. apiRouter := mux.NewRouter().SkipClean(true)
  161. apiRouter.Path("/").Methods("POST").HandlerFunc(ias.DoActions)
  162. apiRouter.ServeHTTP(rr, req)
  163. return rr, xml.Unmarshal(rr.Body.Bytes(), &v)
  164. }