Browse Source
Merge pull request #2543 from skurfuerst/seaweedfs-158
Merge pull request #2543 from skurfuerst/seaweedfs-158
FEATURE: add JWT to HTTP endpoints of Filer and use them in S3 Clientpull/2564/head
Chris Lu
3 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 376 additions and 36 deletions
-
2test/s3/compatibility/.gitignore
-
11test/s3/compatibility/Dockerfile
-
13test/s3/compatibility/README.md
-
5test/s3/compatibility/prepare.sh
-
24test/s3/compatibility/run.sh
-
109test/s3/compatibility/s3tests.conf
-
30weed/command/scaffold/security.toml
-
4weed/s3api/s3api_object_copy_handlers.go
-
36weed/s3api/s3api_object_handlers.go
-
21weed/s3api/s3api_server.go
-
2weed/security/guard.go
-
37weed/security/jwt.go
-
13weed/server/filer_server.go
-
78weed/server/filer_server_handlers.go
-
4weed/server/master_grpc_server_volume.go
-
4weed/server/master_server_handlers.go
-
2weed/server/volume_server_handlers.go
-
17weed/util/http_util.go
@ -0,0 +1,2 @@ |
|||||
|
/s3-tests |
||||
|
/tmp |
@ -0,0 +1,11 @@ |
|||||
|
# the tests only support python 3.6, not newer |
||||
|
FROM ubuntu:latest |
||||
|
|
||||
|
RUN apt-get update && DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get install -y git-core sudo tzdata |
||||
|
RUN git clone https://github.com/ceph/s3-tests.git |
||||
|
WORKDIR s3-tests |
||||
|
|
||||
|
# we pin a certain commit |
||||
|
RUN git checkout 9a6a1e9f197fc9fb031b809d1e057635c2ff8d4e |
||||
|
|
||||
|
RUN ./bootstrap |
@ -0,0 +1,13 @@ |
|||||
|
# Running S3 Compatibility tests against SeaweedFS |
||||
|
|
||||
|
This is using [the tests from CephFS](https://github.com/ceph/s3-tests). |
||||
|
|
||||
|
## Prerequisites |
||||
|
|
||||
|
- have Docker installed |
||||
|
- this has been executed on Mac. On Linux, the hostname in `s3tests.conf` needs to be adjusted. |
||||
|
|
||||
|
## Running tests |
||||
|
|
||||
|
- `./prepare.sh` to build the docker image |
||||
|
- `./run.sh` to execute all tests |
@ -0,0 +1,5 @@ |
|||||
|
#!/usr/bin/env bash |
||||
|
|
||||
|
set -ex |
||||
|
|
||||
|
docker build --progress=plain -t s3tests . |
@ -0,0 +1,24 @@ |
|||||
|
#!/usr/bin/env bash |
||||
|
|
||||
|
set -ex |
||||
|
|
||||
|
killall -9 weed || echo "already stopped" |
||||
|
rm -Rf tmp |
||||
|
mkdir tmp |
||||
|
docker stop s3test-instance || echo "already stopped" |
||||
|
|
||||
|
ulimit -n 10000 |
||||
|
../../../weed/weed server -filer -s3 -volume.max 0 -master.volumeSizeLimitMB 5 -dir "$(pwd)/tmp" 1>&2>weed.log & |
||||
|
|
||||
|
until $(curl --output /dev/null --silent --head --fail http://127.0.0.1:9333); do |
||||
|
printf '.' |
||||
|
sleep 5 |
||||
|
done |
||||
|
sleep 3 |
||||
|
|
||||
|
rm -Rf logs-full.txt logs-summary.txt |
||||
|
# docker run --name s3test-instance --rm -e S3TEST_CONF=s3tests.conf -v `pwd`/s3tests.conf:/s3-tests/s3tests.conf -it s3tests ./virtualenv/bin/nosetests s3tests_boto3/functional/test_s3.py:test_get_obj_tagging -v -a 'resource=object,!bucket-policy,!versioning,!encryption' |
||||
|
docker run --name s3test-instance --rm -e S3TEST_CONF=s3tests.conf -v `pwd`/s3tests.conf:/s3-tests/s3tests.conf -it s3tests ./virtualenv/bin/nosetests s3tests_boto3/functional/test_s3.py -v -a 'resource=object,!bucket-policy,!versioning,!encryption' | sed -n -e '/botocore.hooks/!p;//q' | tee logs-summary.txt |
||||
|
|
||||
|
docker stop s3test-instance || echo "already stopped" |
||||
|
killall -9 weed |
@ -0,0 +1,109 @@ |
|||||
|
[DEFAULT] |
||||
|
## this section is just used for host, port and bucket_prefix |
||||
|
|
||||
|
# host set for rgw in vstart.sh |
||||
|
host = host.docker.internal |
||||
|
|
||||
|
# port set for rgw in vstart.sh |
||||
|
port = 8333 |
||||
|
|
||||
|
## say "False" to disable TLS |
||||
|
is_secure = False |
||||
|
|
||||
|
## say "False" to disable SSL Verify |
||||
|
ssl_verify = False |
||||
|
|
||||
|
[fixtures] |
||||
|
## all the buckets created will start with this prefix; |
||||
|
## {random} will be filled with random characters to pad |
||||
|
## the prefix to 30 characters long, and avoid collisions |
||||
|
bucket prefix = yournamehere-{random}- |
||||
|
|
||||
|
[s3 main] |
||||
|
# main display_name set in vstart.sh |
||||
|
display_name = M. Tester |
||||
|
|
||||
|
# main user_idname set in vstart.sh |
||||
|
user_id = testid |
||||
|
|
||||
|
# main email set in vstart.sh |
||||
|
email = tester@ceph.com |
||||
|
|
||||
|
# zonegroup api_name for bucket location |
||||
|
api_name = default |
||||
|
|
||||
|
## main AWS access key |
||||
|
access_key = 0555b35654ad1656d804 |
||||
|
|
||||
|
## main AWS secret key |
||||
|
secret_key = h7GhxuBLTrlhVUyxSPUKUV8r/2EI4ngqJxD7iBdBYLhwluN30JaT3Q== |
||||
|
|
||||
|
## replace with key id obtained when secret is created, or delete if KMS not tested |
||||
|
#kms_keyid = 01234567-89ab-cdef-0123-456789abcdef |
||||
|
|
||||
|
[s3 alt] |
||||
|
# alt display_name set in vstart.sh |
||||
|
display_name = john.doe |
||||
|
## alt email set in vstart.sh |
||||
|
email = john.doe@example.com |
||||
|
|
||||
|
# alt user_id set in vstart.sh |
||||
|
user_id = 56789abcdef0123456789abcdef0123456789abcdef0123456789abcdef01234 |
||||
|
|
||||
|
# alt AWS access key set in vstart.sh |
||||
|
access_key = NOPQRSTUVWXYZABCDEFG |
||||
|
|
||||
|
# alt AWS secret key set in vstart.sh |
||||
|
secret_key = nopqrstuvwxyzabcdefghijklmnabcdefghijklm |
||||
|
|
||||
|
[s3 tenant] |
||||
|
# tenant display_name set in vstart.sh |
||||
|
display_name = testx$tenanteduser |
||||
|
|
||||
|
# tenant user_id set in vstart.sh |
||||
|
user_id = 9876543210abcdef0123456789abcdef0123456789abcdef0123456789abcdef |
||||
|
|
||||
|
# tenant AWS secret key set in vstart.sh |
||||
|
access_key = HIJKLMNOPQRSTUVWXYZA |
||||
|
|
||||
|
# tenant AWS secret key set in vstart.sh |
||||
|
secret_key = opqrstuvwxyzabcdefghijklmnopqrstuvwxyzab |
||||
|
|
||||
|
# tenant email set in vstart.sh |
||||
|
email = tenanteduser@example.com |
||||
|
|
||||
|
#following section needs to be added for all sts-tests |
||||
|
[iam] |
||||
|
#used for iam operations in sts-tests |
||||
|
#email from vstart.sh |
||||
|
email = s3@example.com |
||||
|
|
||||
|
#user_id from vstart.sh |
||||
|
user_id = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef |
||||
|
|
||||
|
#access_key from vstart.sh |
||||
|
access_key = ABCDEFGHIJKLMNOPQRST |
||||
|
|
||||
|
#secret_key vstart.sh |
||||
|
secret_key = abcdefghijklmnopqrstuvwxyzabcdefghijklmn |
||||
|
|
||||
|
#display_name from vstart.sh |
||||
|
display_name = youruseridhere |
||||
|
|
||||
|
#following section needs to be added when you want to run Assume Role With Webidentity test |
||||
|
[webidentity] |
||||
|
#used for assume role with web identity test in sts-tests |
||||
|
#all parameters will be obtained from ceph/qa/tasks/keycloak.py |
||||
|
token=<access_token> |
||||
|
|
||||
|
aud=<obtained after introspecting token> |
||||
|
|
||||
|
sub=<obtained after introspecting token> |
||||
|
|
||||
|
azp=<obtained after introspecting token> |
||||
|
|
||||
|
user_token=<access token for a user, with attribute Department=[Engineering, Marketing>] |
||||
|
|
||||
|
thumbprint=<obtained from x509 certificate> |
||||
|
|
||||
|
KC_REALM=<name of the realm> |
Write
Preview
Loading…
Cancel
Save
Reference in new issue