diff --git a/weed/iam/sts/cross_instance_token_test.go b/weed/iam/sts/cross_instance_token_test.go index c628d5e0d..22da56aa1 100644 --- a/weed/iam/sts/cross_instance_token_test.go +++ b/weed/iam/sts/cross_instance_token_test.go @@ -127,16 +127,16 @@ func TestCrossInstanceTokenUsage(t *testing.T) { sessionId := TestSessionID expiresAt := time.Now().Add(time.Hour) - tokenFromA, err := instanceA.tokenGenerator.GenerateSessionToken(sessionId, expiresAt) + tokenFromA, err := instanceA.TokenGenerator.GenerateSessionToken(sessionId, expiresAt) require.NoError(t, err, "Instance A should generate token") // Validate token on Instance B - claimsFromB, err := instanceB.tokenGenerator.ValidateSessionToken(tokenFromA) + claimsFromB, err := instanceB.TokenGenerator.ValidateSessionToken(tokenFromA) require.NoError(t, err, "Instance B should validate token from Instance A") assert.Equal(t, sessionId, claimsFromB.SessionId, "Session ID should match") // Validate same token on Instance C - claimsFromC, err := instanceC.tokenGenerator.ValidateSessionToken(tokenFromA) + claimsFromC, err := instanceC.TokenGenerator.ValidateSessionToken(tokenFromA) require.NoError(t, err, "Instance C should validate token from Instance A") assert.Equal(t, sessionId, claimsFromC.SessionId, "Session ID should match") @@ -295,15 +295,15 @@ func TestSTSDistributedConfigurationRequirements(t *testing.T) { // Generate token on Instance A sessionId := "test-session" expiresAt := time.Now().Add(time.Hour) - tokenFromA, err := instanceA.tokenGenerator.GenerateSessionToken(sessionId, expiresAt) + tokenFromA, err := instanceA.TokenGenerator.GenerateSessionToken(sessionId, expiresAt) require.NoError(t, err) // Instance A should validate its own token - _, err = instanceA.tokenGenerator.ValidateSessionToken(tokenFromA) + _, err = instanceA.TokenGenerator.ValidateSessionToken(tokenFromA) assert.NoError(t, err, "Instance A should validate own token") // Instance B should REJECT token due to different signing key - _, err = instanceB.tokenGenerator.ValidateSessionToken(tokenFromA) + _, err = instanceB.TokenGenerator.ValidateSessionToken(tokenFromA) assert.Error(t, err, "Instance B should reject token with different signing key") assert.Contains(t, err.Error(), "invalid token", "Should be signature validation error") }) @@ -339,11 +339,11 @@ func TestSTSDistributedConfigurationRequirements(t *testing.T) { // Generate token on Instance A sessionId := "test-session" expiresAt := time.Now().Add(time.Hour) - tokenFromA, err := instanceA.tokenGenerator.GenerateSessionToken(sessionId, expiresAt) + tokenFromA, err := instanceA.TokenGenerator.GenerateSessionToken(sessionId, expiresAt) require.NoError(t, err) // Instance B should REJECT token due to different issuer - _, err = instanceB.tokenGenerator.ValidateSessionToken(tokenFromA) + _, err = instanceB.TokenGenerator.ValidateSessionToken(tokenFromA) assert.Error(t, err, "Instance B should reject token with different issuer") assert.Contains(t, err.Error(), "invalid issuer", "Should be issuer validation error") }) @@ -368,12 +368,12 @@ func TestSTSDistributedConfigurationRequirements(t *testing.T) { // Generate token on Instance 0 sessionId := "multi-instance-test" expiresAt := time.Now().Add(time.Hour) - token, err := instances[0].tokenGenerator.GenerateSessionToken(sessionId, expiresAt) + token, err := instances[0].TokenGenerator.GenerateSessionToken(sessionId, expiresAt) require.NoError(t, err) // All other instances should validate the token for i := 1; i < 5; i++ { - claims, err := instances[i].tokenGenerator.ValidateSessionToken(token) + claims, err := instances[i].TokenGenerator.ValidateSessionToken(token) require.NoError(t, err, "Instance %d should validate token", i) assert.Equal(t, sessionId, claims.SessionId, "Instance %d should extract correct session ID", i) } @@ -486,10 +486,10 @@ func TestSTSRealWorldDistributedScenarios(t *testing.T) { assert.True(t, sessionInfo3.ExpiresAt.After(time.Now()), "Session should not be expired") // Step 5: Token should be identical when parsed - claims2, err := gateway2.tokenGenerator.ValidateSessionToken(sessionToken) + claims2, err := gateway2.TokenGenerator.ValidateSessionToken(sessionToken) require.NoError(t, err) - claims3, err := gateway3.tokenGenerator.ValidateSessionToken(sessionToken) + claims3, err := gateway3.TokenGenerator.ValidateSessionToken(sessionToken) require.NoError(t, err) assert.Equal(t, claims2.SessionId, claims3.SessionId, "Session IDs should match") diff --git a/weed/iam/sts/distributed_sts_test.go b/weed/iam/sts/distributed_sts_test.go index 133f3a669..200583aaa 100644 --- a/weed/iam/sts/distributed_sts_test.go +++ b/weed/iam/sts/distributed_sts_test.go @@ -109,9 +109,9 @@ func TestDistributedSTSService(t *testing.T) { expiresAt := time.Now().Add(time.Hour) // Generate tokens from different instances - token1, err1 := instance1.tokenGenerator.GenerateSessionToken(sessionId, expiresAt) - token2, err2 := instance2.tokenGenerator.GenerateSessionToken(sessionId, expiresAt) - token3, err3 := instance3.tokenGenerator.GenerateSessionToken(sessionId, expiresAt) + token1, err1 := instance1.TokenGenerator.GenerateSessionToken(sessionId, expiresAt) + token2, err2 := instance2.TokenGenerator.GenerateSessionToken(sessionId, expiresAt) + token3, err3 := instance3.TokenGenerator.GenerateSessionToken(sessionId, expiresAt) require.NoError(t, err1, "Instance 1 token generation should succeed") require.NoError(t, err2, "Instance 2 token generation should succeed") @@ -130,13 +130,13 @@ func TestDistributedSTSService(t *testing.T) { expiresAt := time.Now().Add(time.Hour) // Generate token on instance 1 - token, err := instance1.tokenGenerator.GenerateSessionToken(sessionId, expiresAt) + token, err := instance1.TokenGenerator.GenerateSessionToken(sessionId, expiresAt) require.NoError(t, err) // Validate on all instances - claims1, err1 := instance1.tokenGenerator.ValidateSessionToken(token) - claims2, err2 := instance2.tokenGenerator.ValidateSessionToken(token) - claims3, err3 := instance3.tokenGenerator.ValidateSessionToken(token) + claims1, err1 := instance1.TokenGenerator.ValidateSessionToken(token) + claims2, err2 := instance2.TokenGenerator.ValidateSessionToken(token) + claims3, err3 := instance3.TokenGenerator.ValidateSessionToken(token) require.NoError(t, err1, "Instance 1 should validate token from instance 1") require.NoError(t, err2, "Instance 2 should validate token from instance 1") @@ -216,15 +216,15 @@ func TestSTSConfigurationValidation(t *testing.T) { // Generate token on instance 1 sessionId := "test-session" expiresAt := time.Now().Add(time.Hour) - token, err := instance1.tokenGenerator.GenerateSessionToken(sessionId, expiresAt) + token, err := instance1.TokenGenerator.GenerateSessionToken(sessionId, expiresAt) require.NoError(t, err) // Instance 1 should validate its own token - _, err = instance1.tokenGenerator.ValidateSessionToken(token) + _, err = instance1.TokenGenerator.ValidateSessionToken(token) assert.NoError(t, err, "Instance 1 should validate its own token") // Instance 2 should reject token from instance 1 (different signing key) - _, err = instance2.tokenGenerator.ValidateSessionToken(token) + _, err = instance2.TokenGenerator.ValidateSessionToken(token) assert.Error(t, err, "Instance 2 should reject token with different signing key") }) @@ -258,12 +258,12 @@ func TestSTSConfigurationValidation(t *testing.T) { // Generate token on instance 1 sessionId := "test-session" expiresAt := time.Now().Add(time.Hour) - token, err := instance1.tokenGenerator.GenerateSessionToken(sessionId, expiresAt) + token, err := instance1.TokenGenerator.GenerateSessionToken(sessionId, expiresAt) require.NoError(t, err) // Instance 2 should reject token due to issuer mismatch // (Even though signing key is the same, issuer validation will fail) - _, err = instance2.tokenGenerator.ValidateSessionToken(token) + _, err = instance2.TokenGenerator.ValidateSessionToken(token) assert.Error(t, err, "Instance 2 should reject token with different issuer") }) }