From f4c4e4c770c74a2d087dda8c98cdbf9c91b74b3d Mon Sep 17 00:00:00 2001 From: chrislu Date: Sun, 24 Aug 2025 20:32:55 -0700 Subject: [PATCH] fix: resolve S3 API test compilation errors and configuration issues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixed all compilation errors in S3 API IAM tests by removing obsolete filerAddress parameters and adding missing role store configurations. ### Compilation Fixes: - Removed filerAddress parameter from all AssumeRoleWithWebIdentity calls - Updated method signatures to match stateless STS service API - Fixed calls in: s3_end_to_end_test.go, s3_jwt_auth_test.go, s3_multipart_iam_test.go, s3_presigned_url_iam_test.go ### Configuration Fixes: - Added missing RoleStoreConfig with memory store type to all test setups - Prevents 'filer address is required for FilerRoleStore' errors - Updated test configurations in all S3 API test files ### Test Status: - ✅ Compilation: All S3 API tests now compile successfully - ✅ Simple tests: TestS3IAMMiddleware passes - ⚠️ Complex tests: End-to-end tests need filer server setup - 🔄 Integration: Core IAM functionality working, server setup needs refinement The S3 API IAM integration compiles and basic functionality works. Complex end-to-end tests require additional infrastructure setup. --- weed/s3api/s3_end_to_end_test.go | 9 ++++++--- weed/s3api/s3_iam_simple_test.go | 3 +++ weed/s3api/s3_jwt_auth_test.go | 7 +++++-- weed/s3api/s3_multipart_iam_test.go | 5 ++++- weed/s3api/s3_presigned_url_iam_test.go | 7 +++++-- 5 files changed, 23 insertions(+), 8 deletions(-) diff --git a/weed/s3api/s3_end_to_end_test.go b/weed/s3api/s3_end_to_end_test.go index 0a001e980..458704e15 100644 --- a/weed/s3api/s3_end_to_end_test.go +++ b/weed/s3api/s3_end_to_end_test.go @@ -84,7 +84,7 @@ func TestS3EndToEndWithJWT(t *testing.T) { tt.setupRole(ctx, iamManager) // Assume role to get JWT token - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: tt.roleArn, WebIdentityToken: "valid-oidc-token", RoleSessionName: tt.sessionName, @@ -120,7 +120,7 @@ func TestS3MultipartUploadWithJWT(t *testing.T) { setupS3WriteRole(ctx, iamManager) // Assume role - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: "arn:seaweed:iam::role/S3WriteRole", WebIdentityToken: "valid-oidc-token", RoleSessionName: "multipart-test-session", @@ -227,7 +227,7 @@ func TestS3PerformanceWithIAM(t *testing.T) { setupS3ReadOnlyRole(ctx, iamManager) // Assume role - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: "arn:seaweed:iam::role/S3ReadOnlyRole", WebIdentityToken: "valid-oidc-token", RoleSessionName: "performance-test-session", @@ -291,6 +291,9 @@ func setupCompleteS3IAMSystem(t *testing.T) (http.Handler, *integration.IAMManag DefaultEffect: "Deny", StoreType: "memory", }, + Roles: &integration.RoleStoreConfig{ + StoreType: "memory", + }, } err := iamManager.Initialize(config) diff --git a/weed/s3api/s3_iam_simple_test.go b/weed/s3api/s3_iam_simple_test.go index 9877abe41..11db85c03 100644 --- a/weed/s3api/s3_iam_simple_test.go +++ b/weed/s3api/s3_iam_simple_test.go @@ -31,6 +31,9 @@ func TestS3IAMMiddleware(t *testing.T) { DefaultEffect: "Deny", StoreType: "memory", }, + Roles: &integration.RoleStoreConfig{ + StoreType: "memory", + }, } err := iamManager.Initialize(config) diff --git a/weed/s3api/s3_jwt_auth_test.go b/weed/s3api/s3_jwt_auth_test.go index 13c253334..47a7a2a8e 100644 --- a/weed/s3api/s3_jwt_auth_test.go +++ b/weed/s3api/s3_jwt_auth_test.go @@ -66,7 +66,7 @@ func TestJWTAuthenticationFlow(t *testing.T) { tt.setupRole(ctx, iamManager) // Assume role to get JWT - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: tt.roleArn, WebIdentityToken: "valid-oidc-token", RoleSessionName: "jwt-auth-test", @@ -196,7 +196,7 @@ func TestIPBasedPolicyEnforcement(t *testing.T) { setupTestIPRestrictedRole(ctx, iamManager) // Assume role - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: "arn:seaweed:iam::role/S3IPRestrictedRole", WebIdentityToken: "valid-oidc-token", RoleSessionName: "ip-test-session", @@ -277,6 +277,9 @@ func setupTestIAMManager(t *testing.T) *integration.IAMManager { DefaultEffect: "Deny", StoreType: "memory", }, + Roles: &integration.RoleStoreConfig{ + StoreType: "memory", + }, } err := manager.Initialize(config) diff --git a/weed/s3api/s3_multipart_iam_test.go b/weed/s3api/s3_multipart_iam_test.go index 9c554d313..b162deafe 100644 --- a/weed/s3api/s3_multipart_iam_test.go +++ b/weed/s3api/s3_multipart_iam_test.go @@ -36,7 +36,7 @@ func TestMultipartIAMValidation(t *testing.T) { setupTestRolesForMultipart(ctx, iamManager) // Get session token - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: "arn:seaweed:iam::role/S3WriteRole", WebIdentityToken: "valid-oidc-token", RoleSessionName: "multipart-test-session", @@ -468,6 +468,9 @@ func setupTestIAMManagerForMultipart(t *testing.T) *integration.IAMManager { DefaultEffect: "Deny", StoreType: "memory", }, + Roles: &integration.RoleStoreConfig{ + StoreType: "memory", + }, } err := manager.Initialize(config) diff --git a/weed/s3api/s3_presigned_url_iam_test.go b/weed/s3api/s3_presigned_url_iam_test.go index e2d0f40a6..7828dd75f 100644 --- a/weed/s3api/s3_presigned_url_iam_test.go +++ b/weed/s3api/s3_presigned_url_iam_test.go @@ -35,7 +35,7 @@ func TestPresignedURLIAMValidation(t *testing.T) { setupTestRolesForPresigned(ctx, iamManager) // Get session token - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: "arn:seaweed:iam::role/S3ReadOnlyRole", WebIdentityToken: "valid-oidc-token", RoleSessionName: "presigned-test-session", @@ -111,7 +111,7 @@ func TestPresignedURLGeneration(t *testing.T) { setupTestRolesForPresigned(ctx, iamManager) // Get session token - response, err := iamManager.AssumeRoleWithWebIdentity(ctx, "localhost:8888", &sts.AssumeRoleWithWebIdentityRequest{ + response, err := iamManager.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityRequest{ RoleArn: "arn:seaweed:iam::role/S3AdminRole", WebIdentityToken: "valid-oidc-token", RoleSessionName: "presigned-gen-test-session", @@ -429,6 +429,9 @@ func setupTestIAMManagerForPresigned(t *testing.T) *integration.IAMManager { DefaultEffect: "Deny", StoreType: "memory", }, + Roles: &integration.RoleStoreConfig{ + StoreType: "memory", + }, } err := manager.Initialize(config)