fmt

1 month ago · dc6024c0b9
2 changed files with 10 additions and 12 deletions
--- a/weed/iam/sts/cross_instance_token_test.go
+++ b/weed/iam/sts/cross_instance_token_test.go
@ -13,13 +13,13 @@ import (
 // can be used and validated by other STS instances in a distributed environment
 func TestCrossInstanceTokenUsage(t *testing.T) {
 	ctx := context.Background()
- // Dummy filer address for testing
+	// Dummy filer address for testing

 	// Common configuration that would be shared across all instances in production
 	sharedConfig := &STSConfig{
 		TokenDuration:    time.Hour,
 		MaxSessionLength: 12 * time.Hour,
-		Issuer:           "distributed-sts-cluster",                       // SAME across all instances
+		Issuer:           "distributed-sts-cluster",     // SAME across all instances
 		SigningKey:       []byte(TestSigningKey32Chars), // SAME across all instances
 		Providers: []*ProviderConfig{
 			{
@ -61,10 +61,10 @@ func TestCrossInstanceTokenUsage(t *testing.T) {

 	// Test 1: Token generated on Instance A can be validated on Instance B & C
 	t.Run("cross_instance_token_validation", func(t *testing.T) {
-				// Generate session token on Instance A
+		// Generate session token on Instance A
 		sessionId := TestSessionID
 		expiresAt := time.Now().Add(time.Hour)
-		
+
 		tokenFromA, err := instanceA.tokenGenerator.GenerateSessionToken(sessionId, expiresAt)
 		require.NoError(t, err, "Instance A should generate token")

@ -288,7 +288,6 @@ func TestSTSDistributedConfigurationRequirements(t *testing.T) {
 			MaxSessionLength: 12 * time.Hour,
 			Issuer:           "production-sts-cluster",
 			SigningKey:       []byte("production-signing-key-32-chars-l"),
-
 		}

 		// Create multiple instances with identical config
@ -318,7 +317,6 @@ func TestSTSDistributedConfigurationRequirements(t *testing.T) {
 func TestSTSRealWorldDistributedScenarios(t *testing.T) {
 	ctx := context.Background()

-
 	t.Run("load_balanced_s3_gateway_scenario", func(t *testing.T) {
 		// Simulate real production scenario:
 		// 1. User authenticates with OIDC provider
--- a/weed/iam/sts/session_claims.go
+++ b/weed/iam/sts/session_claims.go
@ -7,7 +7,7 @@ import (
 )

 // STSSessionClaims represents comprehensive session information embedded in JWT tokens
-// This eliminates the need for separate session storage by embedding all session 
+// This eliminates the need for separate session storage by embedding all session
 // metadata directly in the token itself - enabling true stateless operation
 type STSSessionClaims struct {
 	jwt.RegisteredClaims
@ -26,16 +26,16 @@ type STSSessionClaims struct {
 	Policies []string `json:"pol,omitempty"` // policies (abbreviated)

 	// Identity provider information
-	IdentityProvider string `json:"idp"`         // identity_provider
-	ExternalUserId   string `json:"ext_uid"`     // external_user_id
-	ProviderIssuer   string `json:"prov_iss"`    // provider_issuer
+	IdentityProvider string `json:"idp"`      // identity_provider
+	ExternalUserId   string `json:"ext_uid"`  // external_user_id
+	ProviderIssuer   string `json:"prov_iss"` // provider_issuer

 	// Request context (optional, for policy evaluation)
 	RequestContext map[string]interface{} `json:"req_ctx,omitempty"`

 	// Session metadata
-	AssumedAt   time.Time `json:"assumed_at"`          // when role was assumed
-	MaxDuration int64     `json:"max_dur,omitempty"`   // maximum session duration in seconds
+	AssumedAt   time.Time `json:"assumed_at"`        // when role was assumed
+	MaxDuration int64     `json:"max_dur,omitempty"` // maximum session duration in seconds
 }

 // NewSTSSessionClaims creates new STS session claims with all required information