Browse Source
Merge pull request #2543 from skurfuerst/seaweedfs-158
Merge pull request #2543 from skurfuerst/seaweedfs-158
FEATURE: add JWT to HTTP endpoints of Filer and use them in S3 Clientpull/2564/head
Chris Lu
3 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 376 additions and 36 deletions
-
2test/s3/compatibility/.gitignore
-
11test/s3/compatibility/Dockerfile
-
13test/s3/compatibility/README.md
-
5test/s3/compatibility/prepare.sh
-
24test/s3/compatibility/run.sh
-
109test/s3/compatibility/s3tests.conf
-
30weed/command/scaffold/security.toml
-
4weed/s3api/s3api_object_copy_handlers.go
-
36weed/s3api/s3api_object_handlers.go
-
13weed/s3api/s3api_server.go
-
2weed/security/guard.go
-
37weed/security/jwt.go
-
13weed/server/filer_server.go
-
78weed/server/filer_server_handlers.go
-
4weed/server/master_grpc_server_volume.go
-
4weed/server/master_server_handlers.go
-
2weed/server/volume_server_handlers.go
-
17weed/util/http_util.go
@ -0,0 +1,2 @@ |
|||
/s3-tests |
|||
/tmp |
@ -0,0 +1,11 @@ |
|||
# the tests only support python 3.6, not newer |
|||
FROM ubuntu:latest |
|||
|
|||
RUN apt-get update && DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get install -y git-core sudo tzdata |
|||
RUN git clone https://github.com/ceph/s3-tests.git |
|||
WORKDIR s3-tests |
|||
|
|||
# we pin a certain commit |
|||
RUN git checkout 9a6a1e9f197fc9fb031b809d1e057635c2ff8d4e |
|||
|
|||
RUN ./bootstrap |
@ -0,0 +1,13 @@ |
|||
# Running S3 Compatibility tests against SeaweedFS |
|||
|
|||
This is using [the tests from CephFS](https://github.com/ceph/s3-tests). |
|||
|
|||
## Prerequisites |
|||
|
|||
- have Docker installed |
|||
- this has been executed on Mac. On Linux, the hostname in `s3tests.conf` needs to be adjusted. |
|||
|
|||
## Running tests |
|||
|
|||
- `./prepare.sh` to build the docker image |
|||
- `./run.sh` to execute all tests |
@ -0,0 +1,5 @@ |
|||
#!/usr/bin/env bash |
|||
|
|||
set -ex |
|||
|
|||
docker build --progress=plain -t s3tests . |
@ -0,0 +1,24 @@ |
|||
#!/usr/bin/env bash |
|||
|
|||
set -ex |
|||
|
|||
killall -9 weed || echo "already stopped" |
|||
rm -Rf tmp |
|||
mkdir tmp |
|||
docker stop s3test-instance || echo "already stopped" |
|||
|
|||
ulimit -n 10000 |
|||
../../../weed/weed server -filer -s3 -volume.max 0 -master.volumeSizeLimitMB 5 -dir "$(pwd)/tmp" 1>&2>weed.log & |
|||
|
|||
until $(curl --output /dev/null --silent --head --fail http://127.0.0.1:9333); do |
|||
printf '.' |
|||
sleep 5 |
|||
done |
|||
sleep 3 |
|||
|
|||
rm -Rf logs-full.txt logs-summary.txt |
|||
# docker run --name s3test-instance --rm -e S3TEST_CONF=s3tests.conf -v `pwd`/s3tests.conf:/s3-tests/s3tests.conf -it s3tests ./virtualenv/bin/nosetests s3tests_boto3/functional/test_s3.py:test_get_obj_tagging -v -a 'resource=object,!bucket-policy,!versioning,!encryption' |
|||
docker run --name s3test-instance --rm -e S3TEST_CONF=s3tests.conf -v `pwd`/s3tests.conf:/s3-tests/s3tests.conf -it s3tests ./virtualenv/bin/nosetests s3tests_boto3/functional/test_s3.py -v -a 'resource=object,!bucket-policy,!versioning,!encryption' | sed -n -e '/botocore.hooks/!p;//q' | tee logs-summary.txt |
|||
|
|||
docker stop s3test-instance || echo "already stopped" |
|||
killall -9 weed |
@ -0,0 +1,109 @@ |
|||
[DEFAULT] |
|||
## this section is just used for host, port and bucket_prefix |
|||
|
|||
# host set for rgw in vstart.sh |
|||
host = host.docker.internal |
|||
|
|||
# port set for rgw in vstart.sh |
|||
port = 8333 |
|||
|
|||
## say "False" to disable TLS |
|||
is_secure = False |
|||
|
|||
## say "False" to disable SSL Verify |
|||
ssl_verify = False |
|||
|
|||
[fixtures] |
|||
## all the buckets created will start with this prefix; |
|||
## {random} will be filled with random characters to pad |
|||
## the prefix to 30 characters long, and avoid collisions |
|||
bucket prefix = yournamehere-{random}- |
|||
|
|||
[s3 main] |
|||
# main display_name set in vstart.sh |
|||
display_name = M. Tester |
|||
|
|||
# main user_idname set in vstart.sh |
|||
user_id = testid |
|||
|
|||
# main email set in vstart.sh |
|||
email = tester@ceph.com |
|||
|
|||
# zonegroup api_name for bucket location |
|||
api_name = default |
|||
|
|||
## main AWS access key |
|||
access_key = 0555b35654ad1656d804 |
|||
|
|||
## main AWS secret key |
|||
secret_key = h7GhxuBLTrlhVUyxSPUKUV8r/2EI4ngqJxD7iBdBYLhwluN30JaT3Q== |
|||
|
|||
## replace with key id obtained when secret is created, or delete if KMS not tested |
|||
#kms_keyid = 01234567-89ab-cdef-0123-456789abcdef |
|||
|
|||
[s3 alt] |
|||
# alt display_name set in vstart.sh |
|||
display_name = john.doe |
|||
## alt email set in vstart.sh |
|||
email = john.doe@example.com |
|||
|
|||
# alt user_id set in vstart.sh |
|||
user_id = 56789abcdef0123456789abcdef0123456789abcdef0123456789abcdef01234 |
|||
|
|||
# alt AWS access key set in vstart.sh |
|||
access_key = NOPQRSTUVWXYZABCDEFG |
|||
|
|||
# alt AWS secret key set in vstart.sh |
|||
secret_key = nopqrstuvwxyzabcdefghijklmnabcdefghijklm |
|||
|
|||
[s3 tenant] |
|||
# tenant display_name set in vstart.sh |
|||
display_name = testx$tenanteduser |
|||
|
|||
# tenant user_id set in vstart.sh |
|||
user_id = 9876543210abcdef0123456789abcdef0123456789abcdef0123456789abcdef |
|||
|
|||
# tenant AWS secret key set in vstart.sh |
|||
access_key = HIJKLMNOPQRSTUVWXYZA |
|||
|
|||
# tenant AWS secret key set in vstart.sh |
|||
secret_key = opqrstuvwxyzabcdefghijklmnopqrstuvwxyzab |
|||
|
|||
# tenant email set in vstart.sh |
|||
email = tenanteduser@example.com |
|||
|
|||
#following section needs to be added for all sts-tests |
|||
[iam] |
|||
#used for iam operations in sts-tests |
|||
#email from vstart.sh |
|||
email = s3@example.com |
|||
|
|||
#user_id from vstart.sh |
|||
user_id = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef |
|||
|
|||
#access_key from vstart.sh |
|||
access_key = ABCDEFGHIJKLMNOPQRST |
|||
|
|||
#secret_key vstart.sh |
|||
secret_key = abcdefghijklmnopqrstuvwxyzabcdefghijklmn |
|||
|
|||
#display_name from vstart.sh |
|||
display_name = youruseridhere |
|||
|
|||
#following section needs to be added when you want to run Assume Role With Webidentity test |
|||
[webidentity] |
|||
#used for assume role with web identity test in sts-tests |
|||
#all parameters will be obtained from ceph/qa/tasks/keycloak.py |
|||
token=<access_token> |
|||
|
|||
aud=<obtained after introspecting token> |
|||
|
|||
sub=<obtained after introspecting token> |
|||
|
|||
azp=<obtained after introspecting token> |
|||
|
|||
user_token=<access token for a user, with attribute Department=[Engineering, Marketing>] |
|||
|
|||
thumbprint=<obtained from x509 certificate> |
|||
|
|||
KC_REALM=<name of the realm> |
Write
Preview
Loading…
Cancel
Save
Reference in new issue