From 58bba419e71a008f78bb701050517724a23bbcb5 Mon Sep 17 00:00:00 2001 From: Chris Lu Date: Sun, 11 Jan 2026 21:03:01 -0800 Subject: [PATCH] fix: update tests to use public TokenGenerator field Following the change to make TokenGenerator public in STSService, this commit updates the test files to reference the correct public field name. This resolves compilation errors in the IAM STS test suite. --- weed/iam/sts/cross_instance_token_test.go | 24 +++++++++++------------ weed/iam/sts/distributed_sts_test.go | 24 +++++++++++------------ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/weed/iam/sts/cross_instance_token_test.go b/weed/iam/sts/cross_instance_token_test.go index c628d5e0d..22da56aa1 100644 --- a/weed/iam/sts/cross_instance_token_test.go +++ b/weed/iam/sts/cross_instance_token_test.go @@ -127,16 +127,16 @@ func TestCrossInstanceTokenUsage(t *testing.T) { sessionId := TestSessionID expiresAt := time.Now().Add(time.Hour) - tokenFromA, err := instanceA.tokenGenerator.GenerateSessionToken(sessionId, expiresAt) + tokenFromA, err := instanceA.TokenGenerator.GenerateSessionToken(sessionId, expiresAt) require.NoError(t, err, "Instance A should generate token") // Validate token on Instance B - claimsFromB, err := instanceB.tokenGenerator.ValidateSessionToken(tokenFromA) + claimsFromB, err := instanceB.TokenGenerator.ValidateSessionToken(tokenFromA) require.NoError(t, err, "Instance B should validate token from Instance A") assert.Equal(t, sessionId, claimsFromB.SessionId, "Session ID should match") // Validate same token on Instance C - claimsFromC, err := instanceC.tokenGenerator.ValidateSessionToken(tokenFromA) + claimsFromC, err := instanceC.TokenGenerator.ValidateSessionToken(tokenFromA) require.NoError(t, err, "Instance C should validate token from Instance A") assert.Equal(t, sessionId, claimsFromC.SessionId, "Session ID should match") @@ -295,15 +295,15 @@ func TestSTSDistributedConfigurationRequirements(t *testing.T) { // Generate token on Instance A sessionId := "test-session" expiresAt := time.Now().Add(time.Hour) - tokenFromA, err := instanceA.tokenGenerator.GenerateSessionToken(sessionId, expiresAt) + tokenFromA, err := instanceA.TokenGenerator.GenerateSessionToken(sessionId, expiresAt) require.NoError(t, err) // Instance A should validate its own token - _, err = instanceA.tokenGenerator.ValidateSessionToken(tokenFromA) + _, err = instanceA.TokenGenerator.ValidateSessionToken(tokenFromA) assert.NoError(t, err, "Instance A should validate own token") // Instance B should REJECT token due to different signing key - _, err = instanceB.tokenGenerator.ValidateSessionToken(tokenFromA) + _, err = instanceB.TokenGenerator.ValidateSessionToken(tokenFromA) assert.Error(t, err, "Instance B should reject token with different signing key") assert.Contains(t, err.Error(), "invalid token", "Should be signature validation error") }) @@ -339,11 +339,11 @@ func TestSTSDistributedConfigurationRequirements(t *testing.T) { // Generate token on Instance A sessionId := "test-session" expiresAt := time.Now().Add(time.Hour) - tokenFromA, err := instanceA.tokenGenerator.GenerateSessionToken(sessionId, expiresAt) + tokenFromA, err := instanceA.TokenGenerator.GenerateSessionToken(sessionId, expiresAt) require.NoError(t, err) // Instance B should REJECT token due to different issuer - _, err = instanceB.tokenGenerator.ValidateSessionToken(tokenFromA) + _, err = instanceB.TokenGenerator.ValidateSessionToken(tokenFromA) assert.Error(t, err, "Instance B should reject token with different issuer") assert.Contains(t, err.Error(), "invalid issuer", "Should be issuer validation error") }) @@ -368,12 +368,12 @@ func TestSTSDistributedConfigurationRequirements(t *testing.T) { // Generate token on Instance 0 sessionId := "multi-instance-test" expiresAt := time.Now().Add(time.Hour) - token, err := instances[0].tokenGenerator.GenerateSessionToken(sessionId, expiresAt) + token, err := instances[0].TokenGenerator.GenerateSessionToken(sessionId, expiresAt) require.NoError(t, err) // All other instances should validate the token for i := 1; i < 5; i++ { - claims, err := instances[i].tokenGenerator.ValidateSessionToken(token) + claims, err := instances[i].TokenGenerator.ValidateSessionToken(token) require.NoError(t, err, "Instance %d should validate token", i) assert.Equal(t, sessionId, claims.SessionId, "Instance %d should extract correct session ID", i) } @@ -486,10 +486,10 @@ func TestSTSRealWorldDistributedScenarios(t *testing.T) { assert.True(t, sessionInfo3.ExpiresAt.After(time.Now()), "Session should not be expired") // Step 5: Token should be identical when parsed - claims2, err := gateway2.tokenGenerator.ValidateSessionToken(sessionToken) + claims2, err := gateway2.TokenGenerator.ValidateSessionToken(sessionToken) require.NoError(t, err) - claims3, err := gateway3.tokenGenerator.ValidateSessionToken(sessionToken) + claims3, err := gateway3.TokenGenerator.ValidateSessionToken(sessionToken) require.NoError(t, err) assert.Equal(t, claims2.SessionId, claims3.SessionId, "Session IDs should match") diff --git a/weed/iam/sts/distributed_sts_test.go b/weed/iam/sts/distributed_sts_test.go index 133f3a669..200583aaa 100644 --- a/weed/iam/sts/distributed_sts_test.go +++ b/weed/iam/sts/distributed_sts_test.go @@ -109,9 +109,9 @@ func TestDistributedSTSService(t *testing.T) { expiresAt := time.Now().Add(time.Hour) // Generate tokens from different instances - token1, err1 := instance1.tokenGenerator.GenerateSessionToken(sessionId, expiresAt) - token2, err2 := instance2.tokenGenerator.GenerateSessionToken(sessionId, expiresAt) - token3, err3 := instance3.tokenGenerator.GenerateSessionToken(sessionId, expiresAt) + token1, err1 := instance1.TokenGenerator.GenerateSessionToken(sessionId, expiresAt) + token2, err2 := instance2.TokenGenerator.GenerateSessionToken(sessionId, expiresAt) + token3, err3 := instance3.TokenGenerator.GenerateSessionToken(sessionId, expiresAt) require.NoError(t, err1, "Instance 1 token generation should succeed") require.NoError(t, err2, "Instance 2 token generation should succeed") @@ -130,13 +130,13 @@ func TestDistributedSTSService(t *testing.T) { expiresAt := time.Now().Add(time.Hour) // Generate token on instance 1 - token, err := instance1.tokenGenerator.GenerateSessionToken(sessionId, expiresAt) + token, err := instance1.TokenGenerator.GenerateSessionToken(sessionId, expiresAt) require.NoError(t, err) // Validate on all instances - claims1, err1 := instance1.tokenGenerator.ValidateSessionToken(token) - claims2, err2 := instance2.tokenGenerator.ValidateSessionToken(token) - claims3, err3 := instance3.tokenGenerator.ValidateSessionToken(token) + claims1, err1 := instance1.TokenGenerator.ValidateSessionToken(token) + claims2, err2 := instance2.TokenGenerator.ValidateSessionToken(token) + claims3, err3 := instance3.TokenGenerator.ValidateSessionToken(token) require.NoError(t, err1, "Instance 1 should validate token from instance 1") require.NoError(t, err2, "Instance 2 should validate token from instance 1") @@ -216,15 +216,15 @@ func TestSTSConfigurationValidation(t *testing.T) { // Generate token on instance 1 sessionId := "test-session" expiresAt := time.Now().Add(time.Hour) - token, err := instance1.tokenGenerator.GenerateSessionToken(sessionId, expiresAt) + token, err := instance1.TokenGenerator.GenerateSessionToken(sessionId, expiresAt) require.NoError(t, err) // Instance 1 should validate its own token - _, err = instance1.tokenGenerator.ValidateSessionToken(token) + _, err = instance1.TokenGenerator.ValidateSessionToken(token) assert.NoError(t, err, "Instance 1 should validate its own token") // Instance 2 should reject token from instance 1 (different signing key) - _, err = instance2.tokenGenerator.ValidateSessionToken(token) + _, err = instance2.TokenGenerator.ValidateSessionToken(token) assert.Error(t, err, "Instance 2 should reject token with different signing key") }) @@ -258,12 +258,12 @@ func TestSTSConfigurationValidation(t *testing.T) { // Generate token on instance 1 sessionId := "test-session" expiresAt := time.Now().Add(time.Hour) - token, err := instance1.tokenGenerator.GenerateSessionToken(sessionId, expiresAt) + token, err := instance1.TokenGenerator.GenerateSessionToken(sessionId, expiresAt) require.NoError(t, err) // Instance 2 should reject token due to issuer mismatch // (Even though signing key is the same, issuer validation will fail) - _, err = instance2.tokenGenerator.ValidateSessionToken(token) + _, err = instance2.TokenGenerator.ValidateSessionToken(token) assert.Error(t, err, "Instance 2 should reject token with different issuer") }) }