Browse Source

fix: resolve S3 API test compilation errors and configuration issues

Fixed all compilation errors in S3 API IAM tests by removing obsolete
filerAddress parameters and adding missing role store configurations.

### Compilation Fixes:
- Removed filerAddress parameter from all AssumeRoleWithWebIdentity calls
- Updated method signatures to match stateless STS service API
- Fixed calls in: s3_end_to_end_test.go, s3_jwt_auth_test.go,
  s3_multipart_iam_test.go, s3_presigned_url_iam_test.go

### Configuration Fixes:
- Added missing RoleStoreConfig with memory store type to all test setups
- Prevents 'filer address is required for FilerRoleStore' errors
- Updated test configurations in all S3 API test files

### Test Status:
-  Compilation: All S3 API tests now compile successfully
-  Simple tests: TestS3IAMMiddleware passes
- ⚠️  Complex tests: End-to-end tests need filer server setup
- 🔄 Integration: Core IAM functionality working, server setup needs refinement

The S3 API IAM integration compiles and basic functionality works.
Complex end-to-end tests require additional infrastructure setup.
pull/7160/head
chrislu 1 month ago
parent
commit
f4c4e4c770
  1. 9
      weed/s3api/s3_end_to_end_test.go
  2. 3
      weed/s3api/s3_iam_simple_test.go
  3. 7
      weed/s3api/s3_jwt_auth_test.go
  4. 5
      weed/s3api/s3_multipart_iam_test.go
  5. 7
      weed/s3api/s3_presigned_url_iam_test.go

9
weed/s3api/s3_end_to_end_test.go

@ -84,7 +84,7 @@ func TestS3EndToEndWithJWT(t *testing.T) {
tt.setupRole(ctx, iamManager)
// Assume role to get JWT token
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
RoleArn: tt.roleArn,
WebIdentityToken: "valid-oidc-token",
RoleSessionName: tt.sessionName,
@ -120,7 +120,7 @@ func TestS3MultipartUploadWithJWT(t *testing.T) {
setupS3WriteRole(ctx, iamManager)
// Assume role
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
RoleArn: "arn:seaweed:iam::role/S3WriteRole",
WebIdentityToken: "valid-oidc-token",
RoleSessionName: "multipart-test-session",
@ -227,7 +227,7 @@ func TestS3PerformanceWithIAM(t *testing.T) {
setupS3ReadOnlyRole(ctx, iamManager)
// Assume role
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
RoleArn: "arn:seaweed:iam::role/S3ReadOnlyRole",
WebIdentityToken: "valid-oidc-token",
RoleSessionName: "performance-test-session",
@ -291,6 +291,9 @@ func setupCompleteS3IAMSystem(t *testing.T) (http.Handler, *integration.IAMManag
DefaultEffect: "Deny",
StoreType: "memory",
},
Roles: &integration.RoleStoreConfig{
StoreType: "memory",
},
}
err := iamManager.Initialize(config)

3
weed/s3api/s3_iam_simple_test.go

@ -31,6 +31,9 @@ func TestS3IAMMiddleware(t *testing.T) {
DefaultEffect: "Deny",
StoreType: "memory",
},
Roles: &integration.RoleStoreConfig{
StoreType: "memory",
},
}
err := iamManager.Initialize(config)

7
weed/s3api/s3_jwt_auth_test.go

@ -66,7 +66,7 @@ func TestJWTAuthenticationFlow(t *testing.T) {
tt.setupRole(ctx, iamManager)
// Assume role to get JWT
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
RoleArn: tt.roleArn,
WebIdentityToken: "valid-oidc-token",
RoleSessionName: "jwt-auth-test",
@ -196,7 +196,7 @@ func TestIPBasedPolicyEnforcement(t *testing.T) {
setupTestIPRestrictedRole(ctx, iamManager)
// Assume role
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
RoleArn: "arn:seaweed:iam::role/S3IPRestrictedRole",
WebIdentityToken: "valid-oidc-token",
RoleSessionName: "ip-test-session",
@ -277,6 +277,9 @@ func setupTestIAMManager(t *testing.T) *integration.IAMManager {
DefaultEffect: "Deny",
StoreType: "memory",
},
Roles: &integration.RoleStoreConfig{
StoreType: "memory",
},
}
err := manager.Initialize(config)

5
weed/s3api/s3_multipart_iam_test.go

@ -36,7 +36,7 @@ func TestMultipartIAMValidation(t *testing.T) {
setupTestRolesForMultipart(ctx, iamManager)
// Get session token
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
RoleArn: "arn:seaweed:iam::role/S3WriteRole",
WebIdentityToken: "valid-oidc-token",
RoleSessionName: "multipart-test-session",
@ -468,6 +468,9 @@ func setupTestIAMManagerForMultipart(t *testing.T) *integration.IAMManager {
DefaultEffect: "Deny",
StoreType: "memory",
},
Roles: &integration.RoleStoreConfig{
StoreType: "memory",
},
}
err := manager.Initialize(config)

7
weed/s3api/s3_presigned_url_iam_test.go

@ -35,7 +35,7 @@ func TestPresignedURLIAMValidation(t *testing.T) {
setupTestRolesForPresigned(ctx, iamManager)
// Get session token
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
RoleArn: "arn:seaweed:iam::role/S3ReadOnlyRole",
WebIdentityToken: "valid-oidc-token",
RoleSessionName: "presigned-test-session",
@ -111,7 +111,7 @@ func TestPresignedURLGeneration(t *testing.T) {
setupTestRolesForPresigned(ctx, iamManager)
// Get session token
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{
response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{
RoleArn: "arn:seaweed:iam::role/S3AdminRole",
WebIdentityToken: "valid-oidc-token",
RoleSessionName: "presigned-gen-test-session",
@ -429,6 +429,9 @@ func setupTestIAMManagerForPresigned(t *testing.T) *integration.IAMManager {
DefaultEffect: "Deny",
StoreType: "memory",
},
Roles: &integration.RoleStoreConfig{
StoreType: "memory",
},
}
err := manager.Initialize(config)

Loading…
Cancel
Save