Tree:
4c324fca15
add-admin-and-worker-to-helm-charts
add-ec-vacuum
add-foundation-db
add_fasthttp_client
add_remote_storage
adding-message-queue-integration-tests
avoid_releasing_temp_file_on_write
changing-to-zap
collect-public-metrics
create-table-snapshot-api-design
data_query_pushdown
dependabot/maven/other/java/client/com.google.protobuf-protobuf-java-3.25.5
dependabot/maven/other/java/examples/org.apache.hadoop-hadoop-common-3.4.0
detect-and-plan-ec-tasks
do-not-retry-if-error-is-NotFound
enhance-erasure-coding
fasthttp
filer1_maintenance_branch
fix-GetObjectLockConfigurationHandler
fix-versioning-listing-only
ftp
gh-pages
improve-fuse-mount
improve-fuse-mount2
logrus
master
message_send
mount2
mq-subscribe
mq2
original_weed_mount
pr-7412
random_access_file
refactor-needle-read-operations
refactor-volume-write
remote_overlay
revert-5134-patch-1
revert-5819-patch-1
revert-6434-bugfix-missing-s3-audit
s3-select
sub
tcp_read
test-reverting-lock-table
test_udp
testing
testing-sdx-generation
tikv
track-mount-e2e
volume_buffered_writes
worker-execute-ec-tasks
0.72
0.72.release
0.73
0.74
0.75
0.76
0.77
0.90
0.91
0.92
0.93
0.94
0.95
0.96
0.97
0.98
0.99
1.00
1.01
1.02
1.03
1.04
1.05
1.06
1.07
1.08
1.09
1.10
1.11
1.12
1.14
1.15
1.16
1.17
1.18
1.19
1.20
1.21
1.22
1.23
1.24
1.25
1.26
1.27
1.28
1.29
1.30
1.31
1.32
1.33
1.34
1.35
1.36
1.37
1.38
1.40
1.41
1.42
1.43
1.44
1.45
1.46
1.47
1.48
1.49
1.50
1.51
1.52
1.53
1.54
1.55
1.56
1.57
1.58
1.59
1.60
1.61
1.61RC
1.62
1.63
1.64
1.65
1.66
1.67
1.68
1.69
1.70
1.71
1.72
1.73
1.74
1.75
1.76
1.77
1.78
1.79
1.80
1.81
1.82
1.83
1.84
1.85
1.86
1.87
1.88
1.90
1.91
1.92
1.93
1.94
1.95
1.96
1.97
1.98
1.99
1;70
2.00
2.01
2.02
2.03
2.04
2.05
2.06
2.07
2.08
2.09
2.10
2.11
2.12
2.13
2.14
2.15
2.16
2.17
2.18
2.19
2.20
2.21
2.22
2.23
2.24
2.25
2.26
2.27
2.28
2.29
2.30
2.31
2.32
2.33
2.34
2.35
2.36
2.37
2.38
2.39
2.40
2.41
2.42
2.43
2.47
2.48
2.49
2.50
2.51
2.52
2.53
2.54
2.55
2.56
2.57
2.58
2.59
2.60
2.61
2.62
2.63
2.64
2.65
2.66
2.67
2.68
2.69
2.70
2.71
2.72
2.73
2.74
2.75
2.76
2.77
2.78
2.79
2.80
2.81
2.82
2.83
2.84
2.85
2.86
2.87
2.88
2.89
2.90
2.91
2.92
2.93
2.94
2.95
2.96
2.97
2.98
2.99
3.00
3.01
3.02
3.03
3.04
3.05
3.06
3.07
3.08
3.09
3.10
3.11
3.12
3.13
3.14
3.15
3.16
3.18
3.19
3.20
3.21
3.22
3.23
3.24
3.25
3.26
3.27
3.28
3.29
3.30
3.31
3.32
3.33
3.34
3.35
3.36
3.37
3.38
3.39
3.40
3.41
3.42
3.43
3.44
3.45
3.46
3.47
3.48
3.50
3.51
3.52
3.53
3.54
3.55
3.56
3.57
3.58
3.59
3.60
3.61
3.62
3.63
3.64
3.65
3.66
3.67
3.68
3.69
3.71
3.72
3.73
3.74
3.75
3.76
3.77
3.78
3.79
3.80
3.81
3.82
3.83
3.84
3.85
3.86
3.87
3.88
3.89
3.90
3.91
3.92
3.93
3.94
3.95
3.96
3.97
3.98
3.99
dev
helm-3.65.1
v0.69
v0.70beta
v3.33
${ noResults }
6 Commits (4c324fca15c31efd4e0fe941019d2dac23c94e03)
| Author | SHA1 | Message | Date |
|---|---|---|---|
chrislu
|
299c86f002 |
feat: Add Keycloak OIDC integration for S3 IAM tests
- Add Docker Compose setup with Keycloak OIDC provider - Configure test realm with users, roles, and S3 client - Implement automatic detection between Keycloak and mock OIDC modes - Add comprehensive Keycloak integration tests for authentication and authorization - Support real JWT token validation with production-like OIDC flow - Add Docker-specific IAM configuration for containerized testing - Include detailed documentation for Keycloak integration setup Integration includes: - Real OIDC authentication flow with username/password - JWT Bearer token authentication for S3 operations - Role mapping from Keycloak roles to SeaweedFS IAM policies - Comprehensive test coverage for production scenarios - Automatic fallback to mock mode when Keycloak unavailable |
2 months ago |
|
chrislu
|
4329997b76 |
chore: Clean up duplicate files and update gitignore
- Remove duplicate enhanced_s3_server.go and iam_config.json from root - Remove unnecessary Dockerfile.test and backup files - Update gitignore for better file management - Consolidate IAM integration files in proper locations |
2 months ago |
|
chrislu
|
1ac0d85a5b |
fix: Update integration test Makefile for IAM configuration
- Fix weed binary path to use installed version from GOPATH - Add IAM config file path to S3 server startup command - Correct master server command line arguments - Improve service startup and configuration for IAM integration tests |
2 months ago |
|
chrislu
|
ca97d7c865 |
feat: Implement JWT Bearer token support in S3 integration tests
- Add BearerTokenTransport for JWT authentication in AWS SDK clients - Implement STS-compatible JWT token generation for tests - Configure AWS SDK to use Bearer tokens instead of signature-based auth - Add proper JWT claims structure matching STS TokenGenerator format - Support for testing JWT-based S3 authentication flow |
2 months ago |
|
chrislu
|
2186ed5fc1 |
feat: Add enhanced S3 server with IAM integration
- Add enhanced_s3_server.go to enable S3 server startup with advanced IAM - Add iam_config.json with IAM configuration for integration tests - Supports JWT Bearer token authentication for S3 operations - Integrates with STS service and policy engine for authorization |
2 months ago |
|
chrislu
|
27f2a88f10 |
🧪 CREATE S3 IAM INTEGRATION TESTS: Comprehensive End-to-End Testing Suite!
MAJOR ENHANCEMENT: Complete S3+IAM Integration Test Framework 🏆 COMPREHENSIVE TEST SUITE CREATED: - Full end-to-end S3 API testing with IAM authentication and authorization - JWT token-based authentication testing with OIDC provider simulation - Policy enforcement validation for read-only, write-only, and admin roles - Session management and expiration testing framework - Multipart upload IAM integration testing - Bucket policy integration and conflict resolution testing - Contextual policy enforcement (IP-based, time-based conditions) - Presigned URL generation with IAM validation ✅ COMPLETE TEST FRAMEWORK (10 FILES CREATED): - s3_iam_integration_test.go: Main integration test suite (17KB, 7 test functions) - s3_iam_framework.go: Test utilities and mock infrastructure (10KB) - Makefile: Comprehensive build and test automation (7KB, 20+ targets) - README.md: Complete documentation and usage guide (12KB) - test_config.json: IAM configuration for testing (8KB) - go.mod/go.sum: Dependency management with AWS SDK and JWT libraries - Dockerfile.test: Containerized testing environment - docker-compose.test.yml: Multi-service testing with LDAP support 🧪 TEST SCENARIOS IMPLEMENTED: 1. TestS3IAMAuthentication: Valid/invalid/expired JWT token handling 2. TestS3IAMPolicyEnforcement: Role-based access control validation 3. TestS3IAMSessionExpiration: Session lifecycle and expiration testing 4. TestS3IAMMultipartUploadPolicyEnforcement: Multipart operation IAM integration 5. TestS3IAMBucketPolicyIntegration: Resource-based policy testing 6. TestS3IAMContextualPolicyEnforcement: Conditional access control 7. TestS3IAMPresignedURLIntegration: Temporary access URL generation 🔧 TESTING INFRASTRUCTURE: - Mock OIDC Provider: In-memory OIDC server with JWT signing capabilities - RSA Key Generation: 2048-bit keys for secure JWT token signing - Service Lifecycle Management: Automatic SeaweedFS service startup/shutdown - Resource Cleanup: Automatic bucket and object cleanup after tests - Health Checks: Service availability monitoring and wait strategies �� AUTOMATION & CI/CD READY: - Make targets for individual test categories (auth, policy, expiration, etc.) - Docker support for containerized testing environments - CI/CD integration with GitHub Actions and Jenkins examples - Performance benchmarking capabilities with memory profiling - Watch mode for development with automatic test re-runs ✅ SERVICE INTEGRATION TESTING: - Master Server (9333): Cluster coordination and metadata management - Volume Server (8080): Object storage backend testing - Filer Server (8888): Metadata and IAM persistent storage testing - S3 API Server (8333): Complete S3-compatible API with IAM integration - Mock OIDC Server: Identity provider simulation for authentication testing 🎯 PRODUCTION-READY FEATURES: - Comprehensive error handling and assertion validation - Realistic test scenarios matching production use cases - Multiple authentication methods (JWT, session tokens, basic auth) - Policy conflict resolution testing (IAM vs bucket policies) - Concurrent operations testing with multiple clients - Security validation with proper access denial testing 🔒 ENTERPRISE TESTING CAPABILITIES: - Multi-tenant access control validation - Role-based permission inheritance testing - Session token expiration and renewal testing - IP-based and time-based conditional access testing - Audit trail validation for compliance testing - Load testing framework for performance validation 📋 DEVELOPER EXPERIENCE: - Comprehensive README with setup instructions and examples - Makefile with intuitive targets and help documentation - Debug mode for manual service inspection and troubleshooting - Log analysis tools and service health monitoring - Extensible framework for adding new test scenarios This provides a complete, production-ready testing framework for validating the advanced IAM integration with SeaweedFS S3 API functionality! Ready for comprehensive S3+IAM validation 🚀 |
2 months ago |