Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge branch 'master' into pr-fix-db-context-cancel

pull/7184/head
Chris Lu 2 months ago
committed by GitHub
parent
6bcdd59b62 76452ab593
commit
49a9f20408
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
3 changed files with 3 additions and 56 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      k8s/charts/seaweedfs/Chart.yaml
  2. 53
      weed/iam/sts/test_utils_test.go
  3. 2
      weed/util/version/constants.go

4
k8s/charts/seaweedfs/Chart.yaml
View File

@ -1,6 +1,6 @@
apiVersion: v1
description: SeaweedFS
name: seaweedfs
appVersion: "3.96"
appVersion: "3.97"
# Dev note: Trigger a helm chart release by `git tag -a helm-<version>`
version: 4.0.396
version: 4.0.397

53
weed/iam/sts/test_utils_test.go
View File

@ -1,53 +0,0 @@
package sts
import (
"context"
"fmt"
"strings"
"github.com/seaweedfs/seaweedfs/weed/iam/providers"
)
// MockTrustPolicyValidator is a simple mock for testing STS functionality
type MockTrustPolicyValidator struct{}
// ValidateTrustPolicyForWebIdentity allows valid JWT test tokens for STS testing
func (m *MockTrustPolicyValidator) ValidateTrustPolicyForWebIdentity(ctx context.Context, roleArn string, webIdentityToken string) error {
// Reject non-existent roles for testing
if strings.Contains(roleArn, "NonExistentRole") {
return fmt.Errorf("trust policy validation failed: role does not exist")
}
// For STS unit tests, allow JWT tokens that look valid (contain dots for JWT structure)
// In real implementation, this would validate against actual trust policies
if len(webIdentityToken) > 20 && strings.Count(webIdentityToken, ".") >= 2 {
// This appears to be a JWT token - allow it for testing
return nil
}
// Legacy support for specific test tokens during migration
if webIdentityToken == "valid_test_token" || webIdentityToken == "valid-oidc-token" {
return nil
}
// Reject invalid tokens
if webIdentityToken == "invalid_token" || webIdentityToken == "expired_token" || webIdentityToken == "invalid-token" {
return fmt.Errorf("trust policy denies token")
}
return nil
}
// ValidateTrustPolicyForCredentials allows valid test identities for STS testing
func (m *MockTrustPolicyValidator) ValidateTrustPolicyForCredentials(ctx context.Context, roleArn string, identity *providers.ExternalIdentity) error {
// Reject non-existent roles for testing
if strings.Contains(roleArn, "NonExistentRole") {
return fmt.Errorf("trust policy validation failed: role does not exist")
}
// For STS unit tests, allow test identities
if identity != nil && identity.UserID != "" {
return nil
}
return fmt.Errorf("invalid identity for role assumption")
}

2
weed/util/version/constants.go
View File

@ -8,7 +8,7 @@ import (
var (
MAJOR_VERSION = int32(3)
MINOR_VERSION = int32(96)
MINOR_VERSION = int32(97)
VERSION_NUMBER = fmt.Sprintf("%d.%02d", MAJOR_VERSION, MINOR_VERSION)
VERSION = util.SizeLimit + " " + VERSION_NUMBER
COMMIT = ""

Write Preview
Loading…
Cancel
Save