Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fix tests

pull/8388/head
Chris Lu 2 days ago
parent
96b59b4c1f
commit
380ae3cb54
2 changed files with 53 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 39
      weed/s3api/identity_reflection_test.go
  2. 17
      weed/s3api/s3tables/handler_bucket_create.go

39
weed/s3api/identity_reflection_test.go
View File

@ -0,0 +1,39 @@
package s3api
import (
"reflect"
"testing"
)
// TestIdentityFieldsForS3TablesReflection ensures the identity struct keeps the
// fields relied on by s3tables.getIdentityPrincipalArn, getIdentityPolicyNames,
// and getIdentityClaims via reflection.
func TestIdentityFieldsForS3TablesReflection(t *testing.T) {
typ := reflect.TypeOf(Identity{})
checkField(t, typ, "PrincipalArn", reflect.String)
field, ok := typ.FieldByName("PolicyNames")
if !ok {
t.Fatalf("Identity.PolicyNames missing")
}
if field.Type.Kind() != reflect.Slice {
t.Fatalf("Identity.PolicyNames must be a slice, got %s", field.Type.Kind())
}
field, ok = typ.FieldByName("Claims")
if !ok {
t.Fatalf("Identity.Claims missing")
}
if field.Type.Kind() != reflect.Map || field.Type.Key().Kind() != reflect.String {
t.Fatalf("Identity.Claims must be map[string]..., got %s/%s", field.Type.Kind(), field.Type.Key().Kind())
}
}
func checkField(t *testing.T, typ reflect.Type, name string, kind reflect.Kind) {
t.Helper()
field, ok := typ.FieldByName(name)
if !ok {
t.Fatalf("Identity.%s missing", name)
}
if field.Type.Kind() != kind {
t.Fatalf("Identity.%s must be %s, got %s", name, kind, field.Type.Kind())
}
}

17
weed/s3api/s3tables/handler_bucket_create.go
View File

@ -29,13 +29,24 @@ func (h *S3TablesHandler) handleCreateTableBucket(w http.ResponseWriter, r *http
principal := h.getAccountID(r) principal := h.getAccountID(r)
identityActions := getIdentityActions(r) identityActions := getIdentityActions(r)
identityPolicyNames := getIdentityPolicyNames(r) identityPolicyNames := getIdentityPolicyNames(r)
if h.shouldUseIAM(r, identityActions, identityPolicyNames) {
useIAM := h.shouldUseIAM(r, identityActions, identityPolicyNames)
useLegacy := !useIAM
if useIAM {
allowed, err := h.authorizeIAMAction(r, identityPolicyNames, "CreateTableBucket", h.generateTableBucketARN(principal, req.Name), fmt.Sprintf("arn:aws:s3:::%s", req.Name)) allowed, err := h.authorizeIAMAction(r, identityPolicyNames, "CreateTableBucket", h.generateTableBucketARN(principal, req.Name), fmt.Sprintf("arn:aws:s3:::%s", req.Name))
if err != nil || !allowed {
if err != nil {
h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to create table buckets") h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to create table buckets")
return NewAuthError("CreateTableBucket", principal, "not authorized to create table buckets") return NewAuthError("CreateTableBucket", principal, "not authorized to create table buckets")
} }
} else {
if !allowed {
if h.defaultAllow && len(identityActions) == 0 && len(identityPolicyNames) == 0 {
useLegacy = true
} else {
h.writeError(w, http.StatusForbidden, ErrCodeAccessDenied, "not authorized to create table buckets")
return NewAuthError("CreateTableBucket", principal, "not authorized to create table buckets")
}
}
}
if useLegacy {
owner := h.accountID owner := h.accountID
if owner == "" { if owner == "" {
owner = DefaultAccountID owner = DefaultAccountID

Write Preview
Loading…
Cancel
Save