fix tests

1 month ago · c5321abcbc
2 changed files with 49 additions and 0 deletions
--- a/test/s3/iam/iam_config.json
+++ b/test/s3/iam/iam_config.json
@ -46,6 +46,11 @@
              "claim": "roles",
              "value": "s3-write-only", 
              "role": "arn:seaweed:iam::role/KeycloakWriteOnlyRole"
+            },
+            {
+              "claim": "roles",
+              "value": "s3-read-write",
+              "role": "arn:seaweed:iam::role/KeycloakReadWriteRole"
            }
          ],
          "defaultRole": "arn:seaweed:iam::role/KeycloakReadOnlyRole"
@ -166,6 +171,25 @@
      "attachedPolicies": ["S3WriteOnlyPolicy"],
      "description": "Write-only role for Keycloak users"
    }
+    ,
+    {
+      "roleName": "KeycloakReadWriteRole",
+      "roleArn": "arn:seaweed:iam::role/KeycloakReadWriteRole",
+      "trustPolicy": {
+        "Version": "2012-10-17",
+        "Statement": [
+          {
+            "Effect": "Allow",
+            "Principal": {
+              "Federated": "keycloak"
+            },
+            "Action": ["sts:AssumeRoleWithWebIdentity"]
+          }
+        ]
+      },
+      "attachedPolicies": ["S3ReadWritePolicy"],
+      "description": "Read-write role for Keycloak users"
+    }
  ],
  "policies": [
    {
@ -244,5 +268,29 @@
        ]
      }
    }
+    ,
+    {
+      "name": "S3ReadWritePolicy",
+      "document": {
+        "Version": "2012-10-17",
+        "Statement": [
+          {
+            "Effect": "Allow",
+            "Action": [
+              "s3:*"
+            ],
+            "Resource": [
+              "arn:seaweed:s3:::*",
+              "arn:seaweed:s3:::*/*"
+            ]
+          },
+          {
+            "Effect": "Allow",
+            "Action": ["sts:ValidateSession"],
+            "Resource": ["*"]
+          }
+        ]
+      }
+    }
  ]
 }
--- a/test/s3/iam/setup_keycloak.sh
+++ b/test/s3/iam/setup_keycloak.sh
@ -272,6 +272,7 @@ main() {
    create_role "$ADMIN_TOKEN" "s3-admin" "SeaweedFS S3 Administrator"
    create_role "$ADMIN_TOKEN" "s3-read-only" "SeaweedFS S3 Read-Only User"
    create_role "$ADMIN_TOKEN" "s3-write-only" "SeaweedFS S3 Write-Only User"
+    create_role "$ADMIN_TOKEN" "s3-read-write" "SeaweedFS S3 Read-Write User"
    sleep 1
    
    # Create test users