refactor(s3api): use typed iamAuthPath for authorization path constants

- Define iamAuthPath as a named string type (similar to existing authType enum) - Update constants to use explicit type: iamAuthPathJWT, iamAuthPathSTS_V4, etc. - Update determineIAMAuthPath() to return typed iamAuthPath - Improves type safety and prevents accidental string value misuse
1 month ago · fdb1d96a2c
2 changed files with 12 additions and 8 deletions
--- a/weed/iam/sts/session_claims_test.go
+++ b/weed/iam/sts/session_claims_test.go
@ -177,9 +177,9 @@ func TestSTSSessionClaimsToSessionInfoCredentialExpiration(t *testing.T) {
 			sessionInfo := claims.ToSessionInfo()

 			assert.NotNil(t, sessionInfo.Credentials)
-		// Check expiration within 1 second due to timing precision (symmetric tolerance)
-		assert.WithinDuration(t, tc.expiresAt, sessionInfo.Credentials.Expiration, time.Second,
-			"credential expiration should be within 1 second of session expiration")
+			// Check expiration within 1 second due to timing precision (symmetric tolerance)
+			assert.WithinDuration(t, tc.expiresAt, sessionInfo.Credentials.Expiration, time.Second,
+				"credential expiration should be within 1 second of session expiration")
 			// We set tc.expiresAt to past/future values to exercise expiration handling.
 			// Assert the credentials' expiration relative to now to exercise code behavior
 			if tc.expectNotExpired {
--- a/weed/s3api/auth_credentials.go
+++ b/weed/s3api/auth_credentials.go
@ -952,15 +952,19 @@ func (iam *IdentityAccessManagement) authenticateJWTWithIAM(r *http.Request) (*I
 }

 // IAM authorization path type constants
+// iamAuthPath represents the type of IAM authorization path
+type iamAuthPath string
+
+// IAM authorization path constants
 const (
-	iamAuthPathJWT       = "jwt"
-	iamAuthPathSTS_V4    = "sts_v4"
-	iamAuthPathStatic_V4 = "static_v4"
-	iamAuthPathNone      = "none"
+	iamAuthPathJWT       iamAuthPath = "jwt"
+	iamAuthPathSTS_V4    iamAuthPath = "sts_v4"
+	iamAuthPathStatic_V4 iamAuthPath = "static_v4"
+	iamAuthPathNone      iamAuthPath = "none"
 )

 // determineIAMAuthPath determines the IAM authorization path based on available tokens and principals
-func determineIAMAuthPath(sessionToken, principal, principalArn string) string {
+func determineIAMAuthPath(sessionToken, principal, principalArn string) iamAuthPath {
 	if sessionToken != "" && principal != "" {
 		return iamAuthPathJWT
 	} else if sessionToken != "" && principalArn != "" {