diff --git a/weed/s3api/s3_end_to_end_test.go b/weed/s3api/s3_end_to_end_test.go index 0a001e980..458704e15 100644 --- a/weed/s3api/s3_end_to_end_test.go +++ b/weed/s3api/s3_end_to_end_test.go @@ -84,7 +84,7 @@ func TestS3EndToEndWithJWT(t *testing.T) { tt.setupRole(ctx, iamManager) // Assume role to get JWT token - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: tt.roleArn, WebIdentityToken: "valid-oidc-token", RoleSessionName: tt.sessionName, @@ -120,7 +120,7 @@ func TestS3MultipartUploadWithJWT(t *testing.T) { setupS3WriteRole(ctx, iamManager) // Assume role - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: "arn:seaweed:iam::role/S3WriteRole", WebIdentityToken: "valid-oidc-token", RoleSessionName: "multipart-test-session", @@ -227,7 +227,7 @@ func TestS3PerformanceWithIAM(t *testing.T) { setupS3ReadOnlyRole(ctx, iamManager) // Assume role - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: "arn:seaweed:iam::role/S3ReadOnlyRole", WebIdentityToken: "valid-oidc-token", RoleSessionName: "performance-test-session", @@ -291,6 +291,9 @@ func setupCompleteS3IAMSystem(t *testing.T) (http.Handler, *integration.IAMManag DefaultEffect: "Deny", StoreType: "memory", }, + Roles: &integration.RoleStoreConfig{ + StoreType: "memory", + }, } err := iamManager.Initialize(config) diff --git a/weed/s3api/s3_iam_simple_test.go b/weed/s3api/s3_iam_simple_test.go index 9877abe41..11db85c03 100644 --- a/weed/s3api/s3_iam_simple_test.go +++ b/weed/s3api/s3_iam_simple_test.go @@ -31,6 +31,9 @@ func TestS3IAMMiddleware(t *testing.T) { DefaultEffect: "Deny", StoreType: "memory", }, + Roles: &integration.RoleStoreConfig{ + StoreType: "memory", + }, } err := iamManager.Initialize(config) diff --git a/weed/s3api/s3_jwt_auth_test.go b/weed/s3api/s3_jwt_auth_test.go index 13c253334..47a7a2a8e 100644 --- a/weed/s3api/s3_jwt_auth_test.go +++ b/weed/s3api/s3_jwt_auth_test.go @@ -66,7 +66,7 @@ func TestJWTAuthenticationFlow(t *testing.T) { tt.setupRole(ctx, iamManager) // Assume role to get JWT - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: tt.roleArn, WebIdentityToken: "valid-oidc-token", RoleSessionName: "jwt-auth-test", @@ -196,7 +196,7 @@ func TestIPBasedPolicyEnforcement(t *testing.T) { setupTestIPRestrictedRole(ctx, iamManager) // Assume role - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: "arn:seaweed:iam::role/S3IPRestrictedRole", WebIdentityToken: "valid-oidc-token", RoleSessionName: "ip-test-session", @@ -277,6 +277,9 @@ func setupTestIAMManager(t *testing.T) *integration.IAMManager { DefaultEffect: "Deny", StoreType: "memory", }, + Roles: &integration.RoleStoreConfig{ + StoreType: "memory", + }, } err := manager.Initialize(config) diff --git a/weed/s3api/s3_multipart_iam_test.go b/weed/s3api/s3_multipart_iam_test.go index 9c554d313..b162deafe 100644 --- a/weed/s3api/s3_multipart_iam_test.go +++ b/weed/s3api/s3_multipart_iam_test.go @@ -36,7 +36,7 @@ func TestMultipartIAMValidation(t *testing.T) { setupTestRolesForMultipart(ctx, iamManager) // Get session token - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: "arn:seaweed:iam::role/S3WriteRole", WebIdentityToken: "valid-oidc-token", RoleSessionName: "multipart-test-session", @@ -468,6 +468,9 @@ func setupTestIAMManagerForMultipart(t *testing.T) *integration.IAMManager { DefaultEffect: "Deny", StoreType: "memory", }, + Roles: &integration.RoleStoreConfig{ + StoreType: "memory", + }, } err := manager.Initialize(config) diff --git a/weed/s3api/s3_presigned_url_iam_test.go b/weed/s3api/s3_presigned_url_iam_test.go index e2d0f40a6..7828dd75f 100644 --- a/weed/s3api/s3_presigned_url_iam_test.go +++ b/weed/s3api/s3_presigned_url_iam_test.go @@ -35,7 +35,7 @@ func TestPresignedURLIAMValidation(t *testing.T) { setupTestRolesForPresigned(ctx, iamManager) // Get session token - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: "arn:seaweed:iam::role/S3ReadOnlyRole", WebIdentityToken: "valid-oidc-token", RoleSessionName: "presigned-test-session", @@ -111,7 +111,7 @@ func TestPresignedURLGeneration(t *testing.T) { setupTestRolesForPresigned(ctx, iamManager) // Get session token - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: "arn:seaweed:iam::role/S3AdminRole", WebIdentityToken: "valid-oidc-token", RoleSessionName: "presigned-gen-test-session", @@ -429,6 +429,9 @@ func setupTestIAMManagerForPresigned(t *testing.T) *integration.IAMManager { DefaultEffect: "Deny", StoreType: "memory", }, + Roles: &integration.RoleStoreConfig{ + StoreType: "memory", + }, } err := manager.Initialize(config)