pass in filerAddressProvider

1 month ago · db0a9bd031
6 changed files with 40 additions and 18 deletions
--- a/weed/iam/integration/iam_integration_test.go
+++ b/weed/iam/integration/iam_integration_test.go
@ -364,7 +364,9 @@ func setupIntegratedIAMSystem(t *testing.T) *IAMManager {
 		},
 	}

-	err := manager.Initialize(config)
+	err := manager.Initialize(config, func() string {
+		return "localhost:8888" // Mock filer address for testing
+	})
 	require.NoError(t, err)

 	// Set up test providers
--- a/weed/iam/integration/iam_manager.go
+++ b/weed/iam/integration/iam_manager.go
@ -15,10 +15,11 @@ import (

 // IAMManager orchestrates all IAM components
 type IAMManager struct {
-	stsService   *sts.STSService
-	policyEngine *policy.PolicyEngine
-	roleStore    RoleStore
-	initialized  bool
+	stsService           *sts.STSService
+	policyEngine         *policy.PolicyEngine
+	roleStore            RoleStore
+	filerAddressProvider func() string // Function to get current filer address
+	initialized          bool
 }

 // IAMConfig holds configuration for all IAM components
@ -84,11 +85,14 @@ func NewIAMManager() *IAMManager {
 }

 // Initialize initializes the IAM manager with all components
-func (m *IAMManager) Initialize(config *IAMConfig) error {
+func (m *IAMManager) Initialize(config *IAMConfig, filerAddressProvider func() string) error {
 	if config == nil {
 		return fmt.Errorf("config cannot be nil")
 	}

+	// Store the filer address provider function
+	m.filerAddressProvider = filerAddressProvider
+
 	// Initialize STS service
 	m.stsService = sts.NewSTSService()
 	if err := m.stsService.Initialize(config.STS); err != nil {
@ -115,6 +119,14 @@ func (m *IAMManager) Initialize(config *IAMConfig) error {
 	return nil
 }

+// getFilerAddress returns the current filer address using the provider function
+func (m *IAMManager) getFilerAddress() string {
+	if m.filerAddressProvider != nil {
+		return m.filerAddressProvider()
+	}
+	return "" // Fallback to empty string if no provider is set
+}
+
 // createRoleStore creates a role store based on configuration
 func (m *IAMManager) createRoleStore(config *RoleStoreConfig) (RoleStore, error) {
 	if config == nil {
@ -190,7 +202,7 @@ func (m *IAMManager) AssumeRoleWithWebIdentity(ctx context.Context, request *sts
 	roleName := extractRoleNameFromArn(request.RoleArn)

 	// Get role definition
-	roleDef, err := m.roleStore.GetRole(ctx, "", roleName)
+	roleDef, err := m.roleStore.GetRole(ctx, m.getFilerAddress(), roleName)
 	if err != nil {
 		return nil, fmt.Errorf("role not found: %s", roleName)
 	}
@ -214,7 +226,7 @@ func (m *IAMManager) AssumeRoleWithCredentials(ctx context.Context, request *sts
 	roleName := extractRoleNameFromArn(request.RoleArn)

 	// Get role definition
-	roleDef, err := m.roleStore.GetRole(ctx, "", roleName)
+	roleDef, err := m.roleStore.GetRole(ctx, m.getFilerAddress(), roleName)
 	if err != nil {
 		return nil, fmt.Errorf("role not found: %s", roleName)
 	}
@ -249,7 +261,7 @@ func (m *IAMManager) IsActionAllowed(ctx context.Context, request *ActionRequest
 	}

 	// Get role definition
-	roleDef, err := m.roleStore.GetRole(ctx, "", roleName)
+	roleDef, err := m.roleStore.GetRole(ctx, m.getFilerAddress(), roleName)
 	if err != nil {
 		return false, fmt.Errorf("role not found: %s", roleName)
 	}
@ -274,7 +286,7 @@ func (m *IAMManager) IsActionAllowed(ctx context.Context, request *ActionRequest
 // ValidateTrustPolicy validates if a principal can assume a role (for testing)
 func (m *IAMManager) ValidateTrustPolicy(ctx context.Context, roleArn, provider, userID string) bool {
 	roleName := extractRoleNameFromArn(roleArn)
-	roleDef, err := m.roleStore.GetRole(ctx, "", roleName)
+	roleDef, err := m.roleStore.GetRole(ctx, m.getFilerAddress(), roleName)
 	if err != nil {
 		return false
 	}
@ -542,7 +554,7 @@ func (m *IAMManager) ValidateTrustPolicyForWebIdentity(ctx context.Context, role
 	roleName := extractRoleNameFromArn(roleArn)

 	// Get role definition
-	roleDef, err := m.roleStore.GetRole(ctx, "", roleName)
+	roleDef, err := m.roleStore.GetRole(ctx, m.getFilerAddress(), roleName)
 	if err != nil {
 		return fmt.Errorf("role not found: %s", roleName)
 	}
@ -561,7 +573,7 @@ func (m *IAMManager) ValidateTrustPolicyForCredentials(ctx context.Context, role
 	roleName := extractRoleNameFromArn(roleArn)

 	// Get role definition
-	roleDef, err := m.roleStore.GetRole(ctx, "", roleName)
+	roleDef, err := m.roleStore.GetRole(ctx, m.getFilerAddress(), roleName)
 	if err != nil {
 		return fmt.Errorf("role not found: %s", roleName)
 	}
--- a/weed/iam/integration/role_store_test.go
+++ b/weed/iam/integration/role_store_test.go
@ -103,7 +103,9 @@ func TestDistributedIAMManagerWithRoleStore(t *testing.T) {
 	}

 	iamManager := NewIAMManager()
-	err := iamManager.Initialize(config)
+	err := iamManager.Initialize(config, func() string {
+		return "localhost:8888" // Mock filer address for testing
+	})
 	require.NoError(t, err)

 	// Test creating a role
--- a/weed/s3api/s3_end_to_end_test.go
+++ b/weed/s3api/s3_end_to_end_test.go
@ -296,7 +296,9 @@ func setupCompleteS3IAMSystem(t *testing.T) (http.Handler, *integration.IAMManag
 		},
 	}

-	err := iamManager.Initialize(config)
+	err := iamManager.Initialize(config, func() string {
+		return "localhost:8888" // Mock filer address for testing
+	})
 	require.NoError(t, err)

 	// Set up test identity providers
--- a/weed/s3api/s3_iam_simple_test.go
+++ b/weed/s3api/s3_iam_simple_test.go
@ -39,7 +39,9 @@ func TestS3IAMMiddleware(t *testing.T) {
 		},
 	}

-	err := iamManager.Initialize(config)
+	err := iamManager.Initialize(config, func() string {
+		return "localhost:8888" // Mock filer address for testing
+	})
 	require.NoError(t, err)

 	// Create S3 IAM integration
--- a/weed/s3api/s3api_server.go
+++ b/weed/s3api/s3api_server.go
@ -102,7 +102,9 @@ func NewS3ApiServerWithStore(router *mux.Router, option *S3ApiServerOption, expl
 	if option.IamConfig != "" {
 		glog.V(0).Infof("Loading advanced IAM configuration from: %s", option.IamConfig)

-		iamManager, err := loadIAMManagerFromConfig(option.IamConfig)
+		iamManager, err := loadIAMManagerFromConfig(option.IamConfig, func() string {
+			return string(option.Filer)
+		})
 		if err != nil {
 			glog.Errorf("Failed to load IAM configuration: %v", err)
 		} else {
@ -412,7 +414,7 @@ func (s3a *S3ApiServer) registerRouter(router *mux.Router) {
 }

 // loadIAMManagerFromConfig loads the advanced IAM manager from configuration file
-func loadIAMManagerFromConfig(configPath string) (*integration.IAMManager, error) {
+func loadIAMManagerFromConfig(configPath string, filerAddressProvider func() string) (*integration.IAMManager, error) {
 	// Read configuration file
 	configData, err := os.ReadFile(configPath)
 	if err != nil {
@ -446,7 +448,7 @@ func loadIAMManagerFromConfig(configPath string) (*integration.IAMManager, error

 	// Initialize IAM manager
 	iamManager := integration.NewIAMManager()
-	if err := iamManager.Initialize(iamConfig); err != nil {
+	if err := iamManager.Initialize(iamConfig, filerAddressProvider); err != nil {
 		return nil, fmt.Errorf("failed to initialize IAM manager: %w", err)
 	}