From 9f5adbeca6b50a885714abeefadf00e8ac8de708 Mon Sep 17 00:00:00 2001 From: chrislu Date: Sun, 24 Aug 2025 14:47:00 -0700 Subject: [PATCH] fix: update all S3 API tests and middleware for runtime filerAddress - Updated S3IAMIntegration constructor to accept filerAddress parameter - Fixed all NewS3IAMIntegration calls in tests to pass test filer address - Updated all AssumeRoleWithWebIdentity calls in S3 API tests - Fixed glog format string error in auth_credentials.go - All S3 API and IAM integration tests now compile successfully - Maintains runtime filer address flexibility throughout the stack --- weed/s3api/auth_credentials.go | 2 +- weed/s3api/s3_end_to_end_test.go | 6 +++--- weed/s3api/s3_iam_middleware.go | 4 ++-- weed/s3api/s3_iam_simple_test.go | 4 ++-- weed/s3api/s3_jwt_auth_test.go | 10 +++++----- weed/s3api/s3_multipart_iam_test.go | 4 ++-- weed/s3api/s3_presigned_url_iam_test.go | 8 ++++---- 7 files changed, 19 insertions(+), 19 deletions(-) diff --git a/weed/s3api/auth_credentials.go b/weed/s3api/auth_credentials.go index d17be5d69..434df92d0 100644 --- a/weed/s3api/auth_credentials.go +++ b/weed/s3api/auth_credentials.go @@ -615,7 +615,7 @@ func (iam *IdentityAccessManagement) authenticateJWTWithIAM(r *http.Request) (*I glog.V(0).Infof("authenticateJWTWithIAM: starting JWT authentication") // Use IAM integration to authenticate JWT iamIdentity, errCode := iam.iamIntegration.AuthenticateJWT(ctx, r) - glog.V(0).Infof("authenticateJWTWithIAM: AuthenticateJWT returned errCode=%s", errCode) + glog.V(0).Infof("authenticateJWTWithIAM: AuthenticateJWT returned errCode=%v", errCode) if errCode != s3err.ErrNone { return nil, errCode } diff --git a/weed/s3api/s3_end_to_end_test.go b/weed/s3api/s3_end_to_end_test.go index 7b539b707..0a001e980 100644 --- a/weed/s3api/s3_end_to_end_test.go +++ b/weed/s3api/s3_end_to_end_test.go @@ -120,7 +120,7 @@ func TestS3MultipartUploadWithJWT(t *testing.T) { setupS3WriteRole(ctx, iamManager) // Assume role - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: "arn:seaweed:iam::role/S3WriteRole", WebIdentityToken: "valid-oidc-token", RoleSessionName: "multipart-test-session", @@ -227,7 +227,7 @@ func TestS3PerformanceWithIAM(t *testing.T) { setupS3ReadOnlyRole(ctx, iamManager) // Assume role - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: "arn:seaweed:iam::role/S3ReadOnlyRole", WebIdentityToken: "valid-oidc-token", RoleSessionName: "performance-test-session", @@ -313,7 +313,7 @@ func setupCompleteS3IAMSystem(t *testing.T) (http.Handler, *integration.IAMManag require.NoError(t, err) // Add IAM integration to the server - s3IAMIntegration := NewS3IAMIntegration(iamManager) + s3IAMIntegration := NewS3IAMIntegration(iamManager, "localhost:8888") s3ApiServer.iam.SetIAMIntegration(s3IAMIntegration) return router, iamManager diff --git a/weed/s3api/s3_iam_middleware.go b/weed/s3api/s3_iam_middleware.go index 4270ab2f0..b74d825e6 100644 --- a/weed/s3api/s3_iam_middleware.go +++ b/weed/s3api/s3_iam_middleware.go @@ -321,7 +321,7 @@ func minInt(a, b int) int { // SetIAMIntegration adds advanced IAM integration to the S3ApiServer func (s3a *S3ApiServer) SetIAMIntegration(iamManager *integration.IAMManager) { if s3a.iam != nil { - s3a.iam.iamIntegration = NewS3IAMIntegration(iamManager) + s3a.iam.iamIntegration = NewS3IAMIntegration(iamManager, "localhost:8888") glog.V(0).Infof("IAM integration successfully set on S3ApiServer") } else { glog.Errorf("Cannot set IAM integration: s3a.iam is nil") @@ -341,7 +341,7 @@ func NewEnhancedS3ApiServer(baseServer *S3ApiServer, iamManager *integration.IAM return &EnhancedS3ApiServer{ S3ApiServer: baseServer, - iamIntegration: NewS3IAMIntegration(iamManager), + iamIntegration: NewS3IAMIntegration(iamManager, "localhost:8888"), } } diff --git a/weed/s3api/s3_iam_simple_test.go b/weed/s3api/s3_iam_simple_test.go index 50eb038ad..9877abe41 100644 --- a/weed/s3api/s3_iam_simple_test.go +++ b/weed/s3api/s3_iam_simple_test.go @@ -37,7 +37,7 @@ func TestS3IAMMiddleware(t *testing.T) { require.NoError(t, err) // Create S3 IAM integration - s3IAMIntegration := NewS3IAMIntegration(iamManager) + s3IAMIntegration := NewS3IAMIntegration(iamManager, "localhost:8888") // Test that integration is created successfully assert.NotNil(t, s3IAMIntegration) @@ -50,7 +50,7 @@ func TestS3IAMMiddlewareJWTAuth(t *testing.T) { t.Skip("JWT authentication test requires full IAM setup") // Create IAM integration - s3iam := NewS3IAMIntegration(nil) // Disabled integration + s3iam := NewS3IAMIntegration(nil, "localhost:8888") // Disabled integration // Create test request with JWT token req := httptest.NewRequest("GET", "/test-bucket/test-object", http.NoBody) diff --git a/weed/s3api/s3_jwt_auth_test.go b/weed/s3api/s3_jwt_auth_test.go index c4c82163c..13c253334 100644 --- a/weed/s3api/s3_jwt_auth_test.go +++ b/weed/s3api/s3_jwt_auth_test.go @@ -24,7 +24,7 @@ func TestJWTAuthenticationFlow(t *testing.T) { iamManager := setupTestIAMManager(t) // Create IAM integration - s3iam := NewS3IAMIntegration(iamManager) + s3iam := NewS3IAMIntegration(iamManager, "localhost:8888") // Create IAM server with integration iamServer := setupIAMWithIntegration(t, iamManager, s3iam) @@ -66,7 +66,7 @@ func TestJWTAuthenticationFlow(t *testing.T) { tt.setupRole(ctx, iamManager) // Assume role to get JWT - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: tt.roleArn, WebIdentityToken: "valid-oidc-token", RoleSessionName: "jwt-auth-test", @@ -101,7 +101,7 @@ func TestJWTAuthenticationFlow(t *testing.T) { // TestJWTTokenValidation tests JWT token validation edge cases func TestJWTTokenValidation(t *testing.T) { iamManager := setupTestIAMManager(t) - s3iam := NewS3IAMIntegration(iamManager) + s3iam := NewS3IAMIntegration(iamManager, "localhost:8888") iamServer := setupIAMWithIntegration(t, iamManager, s3iam) tests := []struct { @@ -189,14 +189,14 @@ func TestRequestContextExtraction(t *testing.T) { // TestIPBasedPolicyEnforcement tests IP-based conditional policies func TestIPBasedPolicyEnforcement(t *testing.T) { iamManager := setupTestIAMManager(t) - s3iam := NewS3IAMIntegration(iamManager) + s3iam := NewS3IAMIntegration(iamManager, "localhost:8888") ctx := context.Background() // Set up IP-restricted role setupTestIPRestrictedRole(ctx, iamManager) // Assume role - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: "arn:seaweed:iam::role/S3IPRestrictedRole", WebIdentityToken: "valid-oidc-token", RoleSessionName: "ip-test-session", diff --git a/weed/s3api/s3_multipart_iam_test.go b/weed/s3api/s3_multipart_iam_test.go index c29c33780..9c554d313 100644 --- a/weed/s3api/s3_multipart_iam_test.go +++ b/weed/s3api/s3_multipart_iam_test.go @@ -22,7 +22,7 @@ import ( func TestMultipartIAMValidation(t *testing.T) { // Set up IAM system iamManager := setupTestIAMManagerForMultipart(t) - s3iam := NewS3IAMIntegration(iamManager) + s3iam := NewS3IAMIntegration(iamManager, "localhost:8888") s3iam.enabled = true // Create IAM with integration @@ -36,7 +36,7 @@ func TestMultipartIAMValidation(t *testing.T) { setupTestRolesForMultipart(ctx, iamManager) // Get session token - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: "arn:seaweed:iam::role/S3WriteRole", WebIdentityToken: "valid-oidc-token", RoleSessionName: "multipart-test-session", diff --git a/weed/s3api/s3_presigned_url_iam_test.go b/weed/s3api/s3_presigned_url_iam_test.go index 168cb71e4..e2d0f40a6 100644 --- a/weed/s3api/s3_presigned_url_iam_test.go +++ b/weed/s3api/s3_presigned_url_iam_test.go @@ -22,7 +22,7 @@ import ( func TestPresignedURLIAMValidation(t *testing.T) { // Set up IAM system iamManager := setupTestIAMManagerForPresigned(t) - s3iam := NewS3IAMIntegration(iamManager) + s3iam := NewS3IAMIntegration(iamManager, "localhost:8888") // Create IAM with integration iam := &IdentityAccessManagement{ @@ -35,7 +35,7 @@ func TestPresignedURLIAMValidation(t *testing.T) { setupTestRolesForPresigned(ctx, iamManager) // Get session token - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: "arn:seaweed:iam::role/S3ReadOnlyRole", WebIdentityToken: "valid-oidc-token", RoleSessionName: "presigned-test-session", @@ -103,7 +103,7 @@ func TestPresignedURLIAMValidation(t *testing.T) { func TestPresignedURLGeneration(t *testing.T) { // Set up IAM system iamManager := setupTestIAMManagerForPresigned(t) - s3iam := NewS3IAMIntegration(iamManager) + s3iam := NewS3IAMIntegration(iamManager, "localhost:8888") s3iam.enabled = true // Enable IAM integration presignedManager := NewS3PresignedURLManager(s3iam) @@ -111,7 +111,7 @@ func TestPresignedURLGeneration(t *testing.T) { setupTestRolesForPresigned(ctx, iamManager) // Get session token - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: "arn:seaweed:iam::role/S3AdminRole", WebIdentityToken: "valid-oidc-token", RoleSessionName: "presigned-gen-test-session",