Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

fmt

pull/7160/head
chrislu 1 month ago
parent
0181261c98
commit
dc6024c0b9
2 changed files with 10 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      weed/iam/sts/cross_instance_token_test.go
  2. 12
      weed/iam/sts/session_claims.go

10
weed/iam/sts/cross_instance_token_test.go
View File

@ -13,13 +13,13 @@ import (
// can be used and validated by other STS instances in a distributed environment // can be used and validated by other STS instances in a distributed environment
func TestCrossInstanceTokenUsage(t *testing.T) { func TestCrossInstanceTokenUsage(t *testing.T) {
ctx := context.Background() ctx := context.Background()
// Dummy filer address for testing
// Dummy filer address for testing
// Common configuration that would be shared across all instances in production // Common configuration that would be shared across all instances in production
sharedConfig := &STSConfig{ sharedConfig := &STSConfig{
TokenDuration: time.Hour, TokenDuration: time.Hour,
MaxSessionLength: 12 * time.Hour, MaxSessionLength: 12 * time.Hour,
Issuer: "distributed-sts-cluster", // SAME across all instances
Issuer: "distributed-sts-cluster", // SAME across all instances
SigningKey: []byte(TestSigningKey32Chars), // SAME across all instances SigningKey: []byte(TestSigningKey32Chars), // SAME across all instances
Providers: []*ProviderConfig{ Providers: []*ProviderConfig{
{ {
@ -61,10 +61,10 @@ func TestCrossInstanceTokenUsage(t *testing.T) {
// Test 1: Token generated on Instance A can be validated on Instance B & C // Test 1: Token generated on Instance A can be validated on Instance B & C
t.Run("cross_instance_token_validation", func(t *testing.T) { t.Run("cross_instance_token_validation", func(t *testing.T) {
// Generate session token on Instance A
// Generate session token on Instance A
sessionId := TestSessionID sessionId := TestSessionID
expiresAt := time.Now().Add(time.Hour) expiresAt := time.Now().Add(time.Hour)
tokenFromA, err := instanceA.tokenGenerator.GenerateSessionToken(sessionId, expiresAt) tokenFromA, err := instanceA.tokenGenerator.GenerateSessionToken(sessionId, expiresAt)
require.NoError(t, err, "Instance A should generate token") require.NoError(t, err, "Instance A should generate token")
@ -288,7 +288,6 @@ func TestSTSDistributedConfigurationRequirements(t *testing.T) {
MaxSessionLength: 12 * time.Hour, MaxSessionLength: 12 * time.Hour,
Issuer: "production-sts-cluster", Issuer: "production-sts-cluster",
SigningKey: []byte("production-signing-key-32-chars-l"), SigningKey: []byte("production-signing-key-32-chars-l"),
} }
// Create multiple instances with identical config // Create multiple instances with identical config
@ -318,7 +317,6 @@ func TestSTSDistributedConfigurationRequirements(t *testing.T) {
func TestSTSRealWorldDistributedScenarios(t *testing.T) { func TestSTSRealWorldDistributedScenarios(t *testing.T) {
ctx := context.Background() ctx := context.Background()
t.Run("load_balanced_s3_gateway_scenario", func(t *testing.T) { t.Run("load_balanced_s3_gateway_scenario", func(t *testing.T) {
// Simulate real production scenario: // Simulate real production scenario:
// 1. User authenticates with OIDC provider // 1. User authenticates with OIDC provider

12
weed/iam/sts/session_claims.go
View File

@ -7,7 +7,7 @@ import (
) )
// STSSessionClaims represents comprehensive session information embedded in JWT tokens // STSSessionClaims represents comprehensive session information embedded in JWT tokens
// This eliminates the need for separate session storage by embedding all session
// This eliminates the need for separate session storage by embedding all session
// metadata directly in the token itself - enabling true stateless operation // metadata directly in the token itself - enabling true stateless operation
type STSSessionClaims struct { type STSSessionClaims struct {
jwt.RegisteredClaims jwt.RegisteredClaims
@ -26,16 +26,16 @@ type STSSessionClaims struct {
Policies []string `json:"pol,omitempty"` // policies (abbreviated) Policies []string `json:"pol,omitempty"` // policies (abbreviated)
// Identity provider information // Identity provider information
IdentityProvider string `json:"idp"` // identity_provider
ExternalUserId string `json:"ext_uid"` // external_user_id
ProviderIssuer string `json:"prov_iss"` // provider_issuer
IdentityProvider string `json:"idp"` // identity_provider
ExternalUserId string `json:"ext_uid"` // external_user_id
ProviderIssuer string `json:"prov_iss"` // provider_issuer
// Request context (optional, for policy evaluation) // Request context (optional, for policy evaluation)
RequestContext map[string]interface{} `json:"req_ctx,omitempty"` RequestContext map[string]interface{} `json:"req_ctx,omitempty"`
// Session metadata // Session metadata
AssumedAt time.Time `json:"assumed_at"` // when role was assumed
MaxDuration int64 `json:"max_dur,omitempty"` // maximum session duration in seconds
AssumedAt time.Time `json:"assumed_at"` // when role was assumed
MaxDuration int64 `json:"max_dur,omitempty"` // maximum session duration in seconds
} }
// NewSTSSessionClaims creates new STS session claims with all required information // NewSTSSessionClaims creates new STS session claims with all required information

Write Preview
Loading…
Cancel
Save