Browse Source

fix tests

pull/7160/head
chrislu 1 month ago
parent
commit
c5321abcbc
  1. 48
      test/s3/iam/iam_config.json
  2. 1
      test/s3/iam/setup_keycloak.sh

48
test/s3/iam/iam_config.json

@ -46,6 +46,11 @@
"claim": "roles",
"value": "s3-write-only",
"role": "arn:seaweed:iam::role/KeycloakWriteOnlyRole"
},
{
"claim": "roles",
"value": "s3-read-write",
"role": "arn:seaweed:iam::role/KeycloakReadWriteRole"
}
],
"defaultRole": "arn:seaweed:iam::role/KeycloakReadOnlyRole"
@ -166,6 +171,25 @@
"attachedPolicies": ["S3WriteOnlyPolicy"],
"description": "Write-only role for Keycloak users"
}
,
{
"roleName": "KeycloakReadWriteRole",
"roleArn": "arn:seaweed:iam::role/KeycloakReadWriteRole",
"trustPolicy": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "keycloak"
},
"Action": ["sts:AssumeRoleWithWebIdentity"]
}
]
},
"attachedPolicies": ["S3ReadWritePolicy"],
"description": "Read-write role for Keycloak users"
}
],
"policies": [
{
@ -244,5 +268,29 @@
]
}
}
,
{
"name": "S3ReadWritePolicy",
"document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:*"
],
"Resource": [
"arn:seaweed:s3:::*",
"arn:seaweed:s3:::*/*"
]
},
{
"Effect": "Allow",
"Action": ["sts:ValidateSession"],
"Resource": ["*"]
}
]
}
}
]
}

1
test/s3/iam/setup_keycloak.sh

@ -272,6 +272,7 @@ main() {
create_role "$ADMIN_TOKEN" "s3-admin" "SeaweedFS S3 Administrator"
create_role "$ADMIN_TOKEN" "s3-read-only" "SeaweedFS S3 Read-Only User"
create_role "$ADMIN_TOKEN" "s3-write-only" "SeaweedFS S3 Write-Only User"
create_role "$ADMIN_TOKEN" "s3-read-write" "SeaweedFS S3 Read-Write User"
sleep 1
# Create test users

Loading…
Cancel
Save