Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fix tests

pull/7160/head
chrislu 3 months ago
parent
db4b613d44
commit
c34b14de8c
2 changed files with 60 additions and 61 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 27
      weed/iam/integration/iam_integration_test.go
  2. 12
      weed/iam/integration/role_store_test.go

27
weed/iam/integration/iam_integration_test.go
View File

@ -5,8 +5,8 @@ import (
"testing" "testing"
"time" "time"
"github.com/seaweedfs/seaweedfs/weed/iam/oidc"
"github.com/seaweedfs/seaweedfs/weed/iam/ldap" "github.com/seaweedfs/seaweedfs/weed/iam/ldap"
"github.com/seaweedfs/seaweedfs/weed/iam/oidc"
"github.com/seaweedfs/seaweedfs/weed/iam/policy" "github.com/seaweedfs/seaweedfs/weed/iam/policy"
"github.com/seaweedfs/seaweedfs/weed/iam/sts" "github.com/seaweedfs/seaweedfs/weed/iam/sts"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
@ -185,11 +185,11 @@ func TestPolicyEnforcement(t *testing.T) {
principal := response.AssumedRoleUser.Arn principal := response.AssumedRoleUser.Arn
tests := []struct { tests := []struct {
name string
action string
resource string
name string
action string
resource string
shouldAllow bool shouldAllow bool
reason string
reason string
}{ }{
{ {
name: "allow read access", name: "allow read access",
@ -350,11 +350,10 @@ func setupIntegratedIAMSystem(t *testing.T) *IAMManager {
// Configure and initialize // Configure and initialize
config := &IAMConfig{ config := &IAMConfig{
STS: &sts.STSConfig{ STS: &sts.STSConfig{
TokenDuration: time.Hour,
MaxSessionLength: time.Hour * 12,
Issuer: "test-sts",
SigningKey: []byte("test-signing-key-32-characters-long"),
TokenDuration: time.Hour,
MaxSessionLength: time.Hour * 12,
Issuer: "test-sts",
SigningKey: []byte("test-signing-key-32-characters-long"),
}, },
Policy: &policy.PolicyEngineConfig{ Policy: &policy.PolicyEngineConfig{
DefaultEffect: "Deny", DefaultEffect: "Deny",
@ -424,7 +423,7 @@ func setupTestPoliciesAndRoles(t *testing.T, manager *IAMManager) {
}, },
} }
err := manager.CreatePolicy(ctx, "S3ReadOnlyPolicy", s3ReadPolicy)
err := manager.CreatePolicy(ctx, "", "S3ReadOnlyPolicy", s3ReadPolicy)
require.NoError(t, err) require.NoError(t, err)
// Create LDAP user policy // Create LDAP user policy
@ -442,11 +441,11 @@ func setupTestPoliciesAndRoles(t *testing.T, manager *IAMManager) {
}, },
} }
err = manager.CreatePolicy(ctx, "LDAPUserPolicy", ldapUserPolicy)
err = manager.CreatePolicy(ctx, "", "LDAPUserPolicy", ldapUserPolicy)
require.NoError(t, err) require.NoError(t, err)
// Create roles with trust policies // Create roles with trust policies
err = manager.CreateRole(ctx, "S3ReadOnlyRole", &RoleDefinition{
err = manager.CreateRole(ctx, "", "S3ReadOnlyRole", &RoleDefinition{
RoleName: "S3ReadOnlyRole", RoleName: "S3ReadOnlyRole",
TrustPolicy: &policy.PolicyDocument{ TrustPolicy: &policy.PolicyDocument{
Version: "2012-10-17", Version: "2012-10-17",
@ -464,7 +463,7 @@ func setupTestPoliciesAndRoles(t *testing.T, manager *IAMManager) {
}) })
require.NoError(t, err) require.NoError(t, err)
err = manager.CreateRole(ctx, "LDAPUserRole", &RoleDefinition{
err = manager.CreateRole(ctx, "", "LDAPUserRole", &RoleDefinition{
RoleName: "LDAPUserRole", RoleName: "LDAPUserRole",
TrustPolicy: &policy.PolicyDocument{ TrustPolicy: &policy.PolicyDocument{
Version: "2012-10-17", Version: "2012-10-17",

12
weed/iam/integration/role_store_test.go
View File

@ -34,11 +34,11 @@ func TestMemoryRoleStore(t *testing.T) {
}, },
} }
err := store.StoreRole(ctx, "TestRole", roleDef)
err := store.StoreRole(ctx, "", "TestRole", roleDef)
require.NoError(t, err) require.NoError(t, err)
// Test retrieving the role // Test retrieving the role
retrievedRole, err := store.GetRole(ctx, "TestRole")
retrievedRole, err := store.GetRole(ctx, "", "TestRole")
require.NoError(t, err) require.NoError(t, err)
assert.Equal(t, "TestRole", retrievedRole.RoleName) assert.Equal(t, "TestRole", retrievedRole.RoleName)
assert.Equal(t, "arn:seaweed:iam::role/TestRole", retrievedRole.RoleArn) assert.Equal(t, "arn:seaweed:iam::role/TestRole", retrievedRole.RoleArn)
@ -46,16 +46,16 @@ func TestMemoryRoleStore(t *testing.T) {
assert.Equal(t, []string{"TestPolicy"}, retrievedRole.AttachedPolicies) assert.Equal(t, []string{"TestPolicy"}, retrievedRole.AttachedPolicies)
// Test listing roles // Test listing roles
roles, err := store.ListRoles(ctx)
roles, err := store.ListRoles(ctx, "")
require.NoError(t, err) require.NoError(t, err)
assert.Contains(t, roles, "TestRole") assert.Contains(t, roles, "TestRole")
// Test deleting the role // Test deleting the role
err = store.DeleteRole(ctx, "TestRole")
err = store.DeleteRole(ctx, "", "TestRole")
require.NoError(t, err) require.NoError(t, err)
// Verify role is deleted // Verify role is deleted
_, err = store.GetRole(ctx, "TestRole")
_, err = store.GetRole(ctx, "", "TestRole")
assert.Error(t, err) assert.Error(t, err)
} }
@ -114,7 +114,7 @@ func TestDistributedIAMManagerWithRoleStore(t *testing.T) {
AttachedPolicies: []string{"S3ReadOnlyPolicy"}, AttachedPolicies: []string{"S3ReadOnlyPolicy"},
} }
err = iamManager.CreateRole(ctx, "DistributedTestRole", roleDef)
err = iamManager.CreateRole(ctx, "", "DistributedTestRole", roleDef)
require.NoError(t, err) require.NoError(t, err)
// Test that role is accessible through the IAM manager // Test that role is accessible through the IAM manager

Write Preview
Loading…
Cancel
Save