fix: update all S3 API tests and middleware for runtime filerAddress

- Updated S3IAMIntegration constructor to accept filerAddress parameter - Fixed all NewS3IAMIntegration calls in tests to pass test filer address - Updated all AssumeRoleWithWebIdentity calls in S3 API tests - Fixed glog format string error in auth_credentials.go - All S3 API and IAM integration tests now compile successfully - Maintains runtime filer address flexibility throughout the stack
1 month ago · 9f5adbeca6
7 changed files with 19 additions and 19 deletions
--- a/weed/s3api/auth_credentials.go
+++ b/weed/s3api/auth_credentials.go
@ -615,7 +615,7 @@ func (iam *IdentityAccessManagement) authenticateJWTWithIAM(r *http.Request) (*I
 	glog.V(0).Infof("authenticateJWTWithIAM: starting JWT authentication")
 	// Use IAM integration to authenticate JWT
 	iamIdentity, errCode := iam.iamIntegration.AuthenticateJWT(ctx, r)
-	glog.V(0).Infof("authenticateJWTWithIAM: AuthenticateJWT returned errCode=%s", errCode)
+	glog.V(0).Infof("authenticateJWTWithIAM: AuthenticateJWT returned errCode=%v", errCode)
 	if errCode != s3err.ErrNone {
 		return nil, errCode
 	}
--- a/weed/s3api/s3_end_to_end_test.go
+++ b/weed/s3api/s3_end_to_end_test.go
@ -120,7 +120,7 @@ func TestS3MultipartUploadWithJWT(t *testing.T) {
 	setupS3WriteRole(ctx, iamManager)

 	// Assume role
-	response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
+	response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
 		RoleArn:          "arn:seaweed:iam::role/S3WriteRole",
 		WebIdentityToken: "valid-oidc-token",
 		RoleSessionName:  "multipart-test-session",
@ -227,7 +227,7 @@ func TestS3PerformanceWithIAM(t *testing.T) {
 	setupS3ReadOnlyRole(ctx, iamManager)

 	// Assume role
-	response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
+	response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
 		RoleArn:          "arn:seaweed:iam::role/S3ReadOnlyRole",
 		WebIdentityToken: "valid-oidc-token",
 		RoleSessionName:  "performance-test-session",
@ -313,7 +313,7 @@ func setupCompleteS3IAMSystem(t *testing.T) (http.Handler, *integration.IAMManag
 	require.NoError(t, err)

 	// Add IAM integration to the server
-	s3IAMIntegration := NewS3IAMIntegration(iamManager)
+	s3IAMIntegration := NewS3IAMIntegration(iamManager, "localhost:8888")
 	s3ApiServer.iam.SetIAMIntegration(s3IAMIntegration)

 	return router, iamManager
--- a/weed/s3api/s3_iam_middleware.go
+++ b/weed/s3api/s3_iam_middleware.go
@ -321,7 +321,7 @@ func minInt(a, b int) int {
 // SetIAMIntegration adds advanced IAM integration to the S3ApiServer
 func (s3a *S3ApiServer) SetIAMIntegration(iamManager *integration.IAMManager) {
 	if s3a.iam != nil {
-		s3a.iam.iamIntegration = NewS3IAMIntegration(iamManager)
+		s3a.iam.iamIntegration = NewS3IAMIntegration(iamManager, "localhost:8888")
 		glog.V(0).Infof("IAM integration successfully set on S3ApiServer")
 	} else {
 		glog.Errorf("Cannot set IAM integration: s3a.iam is nil")
@ -341,7 +341,7 @@ func NewEnhancedS3ApiServer(baseServer *S3ApiServer, iamManager *integration.IAM

 	return &EnhancedS3ApiServer{
 		S3ApiServer:    baseServer,
-		iamIntegration: NewS3IAMIntegration(iamManager),
+		iamIntegration: NewS3IAMIntegration(iamManager, "localhost:8888"),
 	}
 }

--- a/weed/s3api/s3_iam_simple_test.go
+++ b/weed/s3api/s3_iam_simple_test.go
@ -37,7 +37,7 @@ func TestS3IAMMiddleware(t *testing.T) {
 	require.NoError(t, err)

 	// Create S3 IAM integration
-	s3IAMIntegration := NewS3IAMIntegration(iamManager)
+	s3IAMIntegration := NewS3IAMIntegration(iamManager, "localhost:8888")

 	// Test that integration is created successfully
 	assert.NotNil(t, s3IAMIntegration)
@ -50,7 +50,7 @@ func TestS3IAMMiddlewareJWTAuth(t *testing.T) {
 	t.Skip("JWT authentication test requires full IAM setup")

 	// Create IAM integration
-	s3iam := NewS3IAMIntegration(nil) // Disabled integration
+	s3iam := NewS3IAMIntegration(nil, "localhost:8888") // Disabled integration

 	// Create test request with JWT token
 	req := httptest.NewRequest("GET", "/test-bucket/test-object", http.NoBody)
--- a/weed/s3api/s3_jwt_auth_test.go
+++ b/weed/s3api/s3_jwt_auth_test.go
@ -24,7 +24,7 @@ func TestJWTAuthenticationFlow(t *testing.T) {
 	iamManager := setupTestIAMManager(t)

 	// Create IAM integration
-	s3iam := NewS3IAMIntegration(iamManager)
+	s3iam := NewS3IAMIntegration(iamManager, "localhost:8888")

 	// Create IAM server with integration
 	iamServer := setupIAMWithIntegration(t, iamManager, s3iam)
@ -66,7 +66,7 @@ func TestJWTAuthenticationFlow(t *testing.T) {
 			tt.setupRole(ctx, iamManager)

 			// Assume role to get JWT
-			response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
+			response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
 				RoleArn:          tt.roleArn,
 				WebIdentityToken: "valid-oidc-token",
 				RoleSessionName:  "jwt-auth-test",
@ -101,7 +101,7 @@ func TestJWTAuthenticationFlow(t *testing.T) {
 // TestJWTTokenValidation tests JWT token validation edge cases
 func TestJWTTokenValidation(t *testing.T) {
 	iamManager := setupTestIAMManager(t)
-	s3iam := NewS3IAMIntegration(iamManager)
+	s3iam := NewS3IAMIntegration(iamManager, "localhost:8888")
 	iamServer := setupIAMWithIntegration(t, iamManager, s3iam)

 	tests := []struct {
@ -189,14 +189,14 @@ func TestRequestContextExtraction(t *testing.T) {
 // TestIPBasedPolicyEnforcement tests IP-based conditional policies
 func TestIPBasedPolicyEnforcement(t *testing.T) {
 	iamManager := setupTestIAMManager(t)
-	s3iam := NewS3IAMIntegration(iamManager)
+	s3iam := NewS3IAMIntegration(iamManager, "localhost:8888")
 	ctx := context.Background()

 	// Set up IP-restricted role
 	setupTestIPRestrictedRole(ctx, iamManager)

 	// Assume role
-	response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
+	response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
 		RoleArn:          "arn:seaweed:iam::role/S3IPRestrictedRole",
 		WebIdentityToken: "valid-oidc-token",
 		RoleSessionName:  "ip-test-session",
--- a/weed/s3api/s3_multipart_iam_test.go
+++ b/weed/s3api/s3_multipart_iam_test.go
@ -22,7 +22,7 @@ import (
 func TestMultipartIAMValidation(t *testing.T) {
 	// Set up IAM system
 	iamManager := setupTestIAMManagerForMultipart(t)
-	s3iam := NewS3IAMIntegration(iamManager)
+	s3iam := NewS3IAMIntegration(iamManager, "localhost:8888")
 	s3iam.enabled = true

 	// Create IAM with integration
@ -36,7 +36,7 @@ func TestMultipartIAMValidation(t *testing.T) {
 	setupTestRolesForMultipart(ctx, iamManager)

 	// Get session token
-	response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
+	response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
 		RoleArn:          "arn:seaweed:iam::role/S3WriteRole",
 		WebIdentityToken: "valid-oidc-token",
 		RoleSessionName:  "multipart-test-session",
--- a/weed/s3api/s3_presigned_url_iam_test.go
+++ b/weed/s3api/s3_presigned_url_iam_test.go
@ -22,7 +22,7 @@ import (
 func TestPresignedURLIAMValidation(t *testing.T) {
 	// Set up IAM system
 	iamManager := setupTestIAMManagerForPresigned(t)
-	s3iam := NewS3IAMIntegration(iamManager)
+	s3iam := NewS3IAMIntegration(iamManager, "localhost:8888")

 	// Create IAM with integration
 	iam := &IdentityAccessManagement{
@ -35,7 +35,7 @@ func TestPresignedURLIAMValidation(t *testing.T) {
 	setupTestRolesForPresigned(ctx, iamManager)

 	// Get session token
-	response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
+	response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
 		RoleArn:          "arn:seaweed:iam::role/S3ReadOnlyRole",
 		WebIdentityToken: "valid-oidc-token",
 		RoleSessionName:  "presigned-test-session",
@ -103,7 +103,7 @@ func TestPresignedURLIAMValidation(t *testing.T) {
 func TestPresignedURLGeneration(t *testing.T) {
 	// Set up IAM system
 	iamManager := setupTestIAMManagerForPresigned(t)
-	s3iam := NewS3IAMIntegration(iamManager)
+	s3iam := NewS3IAMIntegration(iamManager, "localhost:8888")
 	s3iam.enabled = true // Enable IAM integration
 	presignedManager := NewS3PresignedURLManager(s3iam)

@ -111,7 +111,7 @@ func TestPresignedURLGeneration(t *testing.T) {
 	setupTestRolesForPresigned(ctx, iamManager)

 	// Get session token
-	response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
+	response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
 		RoleArn:          "arn:seaweed:iam::role/S3AdminRole",
 		WebIdentityToken: "valid-oidc-token",
 		RoleSessionName:  "presigned-gen-test-session",