Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fmt

pull/7160/head
chrislu 1 month ago
parent
e6c50f9ba9
commit
4545eb08f3
1 changed files with 33 additions and 33 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 38
      weed/iam/policy/policy_variable_matching_test.go

38
weed/iam/policy/policy_variable_matching_test.go
View File

@ -31,12 +31,12 @@ func TestPolicyVariableMatchingInActionsAndResources(t *testing.T) {
Sid: "AllowUserSpecificActions", Sid: "AllowUserSpecificActions",
Effect: "Allow", Effect: "Allow",
Action: []string{ Action: []string{
"s3:Get*", // Regular wildcard
"s3:${aws:principaltype}*", // Policy variable in action
"s3:Get*", // Regular wildcard
"s3:${aws:principaltype}*", // Policy variable in action
}, },
Resource: []string{ Resource: []string{
"arn:aws:s3:::user-${aws:username}/*", // Policy variable in resource
"arn:aws:s3:::shared/${saml:username}/*", // Different policy variable
"arn:aws:s3:::user-${aws:username}/*", // Policy variable in resource
"arn:aws:s3:::shared/${saml:username}/*", // Different policy variable
}, },
}, },
}, },
@ -46,13 +46,13 @@ func TestPolicyVariableMatchingInActionsAndResources(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
tests := []struct { tests := []struct {
name string
principal string
action string
resource string
requestContext map[string]interface{}
expectedEffect Effect
description string
name string
principal string
action string
resource string
requestContext map[string]interface{}
expectedEffect Effect
description string
}{ }{
{ {
name: "policy_variable_in_action_matches", name: "policy_variable_in_action_matches",
@ -100,10 +100,10 @@ func TestPolicyVariableMatchingInActionsAndResources(t *testing.T) {
description: "Policy variable should prevent access when username doesn't match", description: "Policy variable should prevent access when username doesn't match",
}, },
{ {
name: "missing_policy_variable_context",
principal: "dave",
action: "s3:GetObject",
resource: "arn:aws:s3:::user-dave/file.txt",
name: "missing_policy_variable_context",
principal: "dave",
action: "s3:GetObject",
resource: "arn:aws:s3:::user-dave/file.txt",
requestContext: map[string]interface{}{ requestContext: map[string]interface{}{
// Missing aws:username context // Missing aws:username context
}, },
@ -151,9 +151,9 @@ func TestActionResourceConsistencyWithStringConditions(t *testing.T) {
Version: "2012-10-17", Version: "2012-10-17",
Statement: []Statement{ Statement: []Statement{
{ {
Sid: "CaseInsensitiveMatching",
Effect: "Allow",
Action: []string{"S3:GET*"}, // Uppercase action pattern
Sid: "CaseInsensitiveMatching",
Effect: "Allow",
Action: []string{"S3:GET*"}, // Uppercase action pattern
Resource: []string{"arn:aws:s3:::TEST-BUCKET/*"}, // Uppercase resource pattern Resource: []string{"arn:aws:s3:::TEST-BUCKET/*"}, // Uppercase resource pattern
Condition: map[string]map[string]interface{}{ Condition: map[string]map[string]interface{}{
"StringLike": { "StringLike": {
@ -169,7 +169,7 @@ func TestActionResourceConsistencyWithStringConditions(t *testing.T) {
evalCtx := &EvaluationContext{ evalCtx := &EvaluationContext{
Principal: "test-user", Principal: "test-user",
Action: "s3:getobject", // lowercase action
Action: "s3:getobject", // lowercase action
Resource: "arn:aws:s3:::test-bucket/file.txt", // lowercase resource Resource: "arn:aws:s3:::test-bucket/file.txt", // lowercase resource
RequestContext: map[string]interface{}{ RequestContext: map[string]interface{}{
"s3:RequestedRegion": "us-east-1", // lowercase condition value "s3:RequestedRegion": "us-east-1", // lowercase condition value

Write Preview
Loading…
Cancel
Save