Browse Source

fix: update all S3 API tests and middleware for runtime filerAddress

- Updated S3IAMIntegration constructor to accept filerAddress parameter
- Fixed all NewS3IAMIntegration calls in tests to pass test filer address
- Updated all AssumeRoleWithWebIdentity calls in S3 API tests
- Fixed glog format string error in auth_credentials.go
- All S3 API and IAM integration tests now compile successfully
- Maintains runtime filer address flexibility throughout the stack
pull/7160/head
chrislu 1 month ago
parent
commit
9f5adbeca6
  1. 2
      weed/s3api/auth_credentials.go
  2. 6
      weed/s3api/s3_end_to_end_test.go
  3. 4
      weed/s3api/s3_iam_middleware.go
  4. 4
      weed/s3api/s3_iam_simple_test.go
  5. 10
      weed/s3api/s3_jwt_auth_test.go
  6. 4
      weed/s3api/s3_multipart_iam_test.go
  7. 8
      weed/s3api/s3_presigned_url_iam_test.go

2
weed/s3api/auth_credentials.go

@ -615,7 +615,7 @@ func (iam *IdentityAccessManagement) authenticateJWTWithIAM(r *http.Request) (*I
glog.V(0).Infof("authenticateJWTWithIAM: starting JWT authentication")
// Use IAM integration to authenticate JWT
iamIdentity, errCode := iam.iamIntegration.AuthenticateJWT(ctx, r)
glog.V(0).Infof("authenticateJWTWithIAM: AuthenticateJWT returned errCode=%s", errCode)
glog.V(0).Infof("authenticateJWTWithIAM: AuthenticateJWT returned errCode=%v", errCode)
if errCode != s3err.ErrNone {
return nil, errCode
}

6
weed/s3api/s3_end_to_end_test.go

@ -120,7 +120,7 @@ func TestS3MultipartUploadWithJWT(t *testing.T) {
setupS3WriteRole(ctx, iamManager)
// Assume role
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
RoleArn: "arn:seaweed:iam::role/S3WriteRole",
WebIdentityToken: "valid-oidc-token",
RoleSessionName: "multipart-test-session",
@ -227,7 +227,7 @@ func TestS3PerformanceWithIAM(t *testing.T) {
setupS3ReadOnlyRole(ctx, iamManager)
// Assume role
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
RoleArn: "arn:seaweed:iam::role/S3ReadOnlyRole",
WebIdentityToken: "valid-oidc-token",
RoleSessionName: "performance-test-session",
@ -313,7 +313,7 @@ func setupCompleteS3IAMSystem(t *testing.T) (http.Handler, *integration.IAMManag
require.NoError(t, err)
// Add IAM integration to the server
s3IAMIntegration := NewS3IAMIntegration(iamManager)
s3IAMIntegration := NewS3IAMIntegration(iamManager, "localhost:8888")
s3ApiServer.iam.SetIAMIntegration(s3IAMIntegration)
return router, iamManager

4
weed/s3api/s3_iam_middleware.go

@ -321,7 +321,7 @@ func minInt(a, b int) int {
// SetIAMIntegration adds advanced IAM integration to the S3ApiServer
func (s3a *S3ApiServer) SetIAMIntegration(iamManager *integration.IAMManager) {
if s3a.iam != nil {
s3a.iam.iamIntegration = NewS3IAMIntegration(iamManager)
s3a.iam.iamIntegration = NewS3IAMIntegration(iamManager, "localhost:8888")
glog.V(0).Infof("IAM integration successfully set on S3ApiServer")
} else {
glog.Errorf("Cannot set IAM integration: s3a.iam is nil")
@ -341,7 +341,7 @@ func NewEnhancedS3ApiServer(baseServer *S3ApiServer, iamManager *integration.IAM
return &EnhancedS3ApiServer{
S3ApiServer: baseServer,
iamIntegration: NewS3IAMIntegration(iamManager),
iamIntegration: NewS3IAMIntegration(iamManager, "localhost:8888"),
}
}

4
weed/s3api/s3_iam_simple_test.go

@ -37,7 +37,7 @@ func TestS3IAMMiddleware(t *testing.T) {
require.NoError(t, err)
// Create S3 IAM integration
s3IAMIntegration := NewS3IAMIntegration(iamManager)
s3IAMIntegration := NewS3IAMIntegration(iamManager, "localhost:8888")
// Test that integration is created successfully
assert.NotNil(t, s3IAMIntegration)
@ -50,7 +50,7 @@ func TestS3IAMMiddlewareJWTAuth(t *testing.T) {
t.Skip("JWT authentication test requires full IAM setup")
// Create IAM integration
s3iam := NewS3IAMIntegration(nil) // Disabled integration
s3iam := NewS3IAMIntegration(nil, "localhost:8888") // Disabled integration
// Create test request with JWT token
req := httptest.NewRequest("GET", "/test-bucket/test-object", http.NoBody)

10
weed/s3api/s3_jwt_auth_test.go

@ -24,7 +24,7 @@ func TestJWTAuthenticationFlow(t *testing.T) {
iamManager := setupTestIAMManager(t)
// Create IAM integration
s3iam := NewS3IAMIntegration(iamManager)
s3iam := NewS3IAMIntegration(iamManager, "localhost:8888")
// Create IAM server with integration
iamServer := setupIAMWithIntegration(t, iamManager, s3iam)
@ -66,7 +66,7 @@ func TestJWTAuthenticationFlow(t *testing.T) {
tt.setupRole(ctx, iamManager)
// Assume role to get JWT
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
RoleArn: tt.roleArn,
WebIdentityToken: "valid-oidc-token",
RoleSessionName: "jwt-auth-test",
@ -101,7 +101,7 @@ func TestJWTAuthenticationFlow(t *testing.T) {
// TestJWTTokenValidation tests JWT token validation edge cases
func TestJWTTokenValidation(t *testing.T) {
iamManager := setupTestIAMManager(t)
s3iam := NewS3IAMIntegration(iamManager)
s3iam := NewS3IAMIntegration(iamManager, "localhost:8888")
iamServer := setupIAMWithIntegration(t, iamManager, s3iam)
tests := []struct {
@ -189,14 +189,14 @@ func TestRequestContextExtraction(t *testing.T) {
// TestIPBasedPolicyEnforcement tests IP-based conditional policies
func TestIPBasedPolicyEnforcement(t *testing.T) {
iamManager := setupTestIAMManager(t)
s3iam := NewS3IAMIntegration(iamManager)
s3iam := NewS3IAMIntegration(iamManager, "localhost:8888")
ctx := context.Background()
// Set up IP-restricted role
setupTestIPRestrictedRole(ctx, iamManager)
// Assume role
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
RoleArn: "arn:seaweed:iam::role/S3IPRestrictedRole",
WebIdentityToken: "valid-oidc-token",
RoleSessionName: "ip-test-session",

4
weed/s3api/s3_multipart_iam_test.go

@ -22,7 +22,7 @@ import (
func TestMultipartIAMValidation(t *testing.T) {
// Set up IAM system
iamManager := setupTestIAMManagerForMultipart(t)
s3iam := NewS3IAMIntegration(iamManager)
s3iam := NewS3IAMIntegration(iamManager, "localhost:8888")
s3iam.enabled = true
// Create IAM with integration
@ -36,7 +36,7 @@ func TestMultipartIAMValidation(t *testing.T) {
setupTestRolesForMultipart(ctx, iamManager)
// Get session token
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
RoleArn: "arn:seaweed:iam::role/S3WriteRole",
WebIdentityToken: "valid-oidc-token",
RoleSessionName: "multipart-test-session",

8
weed/s3api/s3_presigned_url_iam_test.go

@ -22,7 +22,7 @@ import (
func TestPresignedURLIAMValidation(t *testing.T) {
// Set up IAM system
iamManager := setupTestIAMManagerForPresigned(t)
s3iam := NewS3IAMIntegration(iamManager)
s3iam := NewS3IAMIntegration(iamManager, "localhost:8888")
// Create IAM with integration
iam := &IdentityAccessManagement{
@ -35,7 +35,7 @@ func TestPresignedURLIAMValidation(t *testing.T) {
setupTestRolesForPresigned(ctx, iamManager)
// Get session token
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
RoleArn: "arn:seaweed:iam::role/S3ReadOnlyRole",
WebIdentityToken: "valid-oidc-token",
RoleSessionName: "presigned-test-session",
@ -103,7 +103,7 @@ func TestPresignedURLIAMValidation(t *testing.T) {
func TestPresignedURLGeneration(t *testing.T) {
// Set up IAM system
iamManager := setupTestIAMManagerForPresigned(t)
s3iam := NewS3IAMIntegration(iamManager)
s3iam := NewS3IAMIntegration(iamManager, "localhost:8888")
s3iam.enabled = true // Enable IAM integration
presignedManager := NewS3PresignedURLManager(s3iam)
@ -111,7 +111,7 @@ func TestPresignedURLGeneration(t *testing.T) {
setupTestRolesForPresigned(ctx, iamManager)
// Get session token
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
RoleArn: "arn:seaweed:iam::role/S3AdminRole",
WebIdentityToken: "valid-oidc-token",
RoleSessionName: "presigned-gen-test-session",

Loading…
Cancel
Save