From dc6024c0b9376b8b833b2eef25adb821d3003357 Mon Sep 17 00:00:00 2001 From: chrislu Date: Sun, 24 Aug 2025 19:50:39 -0700 Subject: [PATCH] fmt --- weed/iam/sts/cross_instance_token_test.go | 10 ++++------ weed/iam/sts/session_claims.go | 12 ++++++------ 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/weed/iam/sts/cross_instance_token_test.go b/weed/iam/sts/cross_instance_token_test.go index 377dfc687..285bd3885 100644 --- a/weed/iam/sts/cross_instance_token_test.go +++ b/weed/iam/sts/cross_instance_token_test.go @@ -13,13 +13,13 @@ import ( // can be used and validated by other STS instances in a distributed environment func TestCrossInstanceTokenUsage(t *testing.T) { ctx := context.Background() - // Dummy filer address for testing + // Dummy filer address for testing // Common configuration that would be shared across all instances in production sharedConfig := &STSConfig{ TokenDuration: time.Hour, MaxSessionLength: 12 * time.Hour, - Issuer: "distributed-sts-cluster", // SAME across all instances + Issuer: "distributed-sts-cluster", // SAME across all instances SigningKey: []byte(TestSigningKey32Chars), // SAME across all instances Providers: []*ProviderConfig{ { @@ -61,10 +61,10 @@ func TestCrossInstanceTokenUsage(t *testing.T) { // Test 1: Token generated on Instance A can be validated on Instance B & C t.Run("cross_instance_token_validation", func(t *testing.T) { - // Generate session token on Instance A + // Generate session token on Instance A sessionId := TestSessionID expiresAt := time.Now().Add(time.Hour) - + tokenFromA, err := instanceA.tokenGenerator.GenerateSessionToken(sessionId, expiresAt) require.NoError(t, err, "Instance A should generate token") @@ -288,7 +288,6 @@ func TestSTSDistributedConfigurationRequirements(t *testing.T) { MaxSessionLength: 12 * time.Hour, Issuer: "production-sts-cluster", SigningKey: []byte("production-signing-key-32-chars-l"), - } // Create multiple instances with identical config @@ -318,7 +317,6 @@ func TestSTSDistributedConfigurationRequirements(t *testing.T) { func TestSTSRealWorldDistributedScenarios(t *testing.T) { ctx := context.Background() - t.Run("load_balanced_s3_gateway_scenario", func(t *testing.T) { // Simulate real production scenario: // 1. User authenticates with OIDC provider diff --git a/weed/iam/sts/session_claims.go b/weed/iam/sts/session_claims.go index ee9b5a7e9..8d065efcd 100644 --- a/weed/iam/sts/session_claims.go +++ b/weed/iam/sts/session_claims.go @@ -7,7 +7,7 @@ import ( ) // STSSessionClaims represents comprehensive session information embedded in JWT tokens -// This eliminates the need for separate session storage by embedding all session +// This eliminates the need for separate session storage by embedding all session // metadata directly in the token itself - enabling true stateless operation type STSSessionClaims struct { jwt.RegisteredClaims @@ -26,16 +26,16 @@ type STSSessionClaims struct { Policies []string `json:"pol,omitempty"` // policies (abbreviated) // Identity provider information - IdentityProvider string `json:"idp"` // identity_provider - ExternalUserId string `json:"ext_uid"` // external_user_id - ProviderIssuer string `json:"prov_iss"` // provider_issuer + IdentityProvider string `json:"idp"` // identity_provider + ExternalUserId string `json:"ext_uid"` // external_user_id + ProviderIssuer string `json:"prov_iss"` // provider_issuer // Request context (optional, for policy evaluation) RequestContext map[string]interface{} `json:"req_ctx,omitempty"` // Session metadata - AssumedAt time.Time `json:"assumed_at"` // when role was assumed - MaxDuration int64 `json:"max_dur,omitempty"` // maximum session duration in seconds + AssumedAt time.Time `json:"assumed_at"` // when role was assumed + MaxDuration int64 `json:"max_dur,omitempty"` // maximum session duration in seconds } // NewSTSSessionClaims creates new STS session claims with all required information