Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12055 Commits
60 Branches
317 Tags
333 MiB
 
 
 
 
 
 
Tree: 05cf47dc67
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '05cf47dc67'
${ noResults }
seaweedfs/weed/s3api/policy_conversion_test.go

371 lines
9.6 KiB
Raw Blame History

package s3api
import (
"testing"
"github.com/seaweedfs/seaweedfs/weed/iam/policy"
)
func TestConvertPolicyDocumentWithMixedTypes(t *testing.T) {
// Test that numeric and boolean values in arrays are properly converted
src := &policy.PolicyDocument{
Version: "2012-10-17",
Statement: []policy.Statement{
{
Sid: "TestMixedTypes",
Effect: "Allow",
Action: []string{"s3:GetObject"},
Resource: []string{"arn:aws:s3:::bucket/*"},
Principal: []interface{}{"user1", 123, true}, // Mixed types
Condition: map[string]map[string]interface{}{
"NumericEquals": {
"s3:max-keys": []interface{}{100, 200, "300"}, // Mixed types
},
"StringEquals": {
"s3:prefix": []interface{}{"test", 123, false}, // Mixed types
},
},
},
},
}
// Convert
dest := ConvertPolicyDocumentToPolicyEngine(src)
// Verify document structure
if dest == nil {
t.Fatal("Expected non-nil result")
}
if dest.Version != "2012-10-17" {
t.Errorf("Expected version '2012-10-17', got '%s'", dest.Version)
}
if len(dest.Statement) != 1 {
t.Fatalf("Expected 1 statement, got %d", len(dest.Statement))
}
stmt := dest.Statement[0]
// Verify Principal conversion (should have 3 items converted to strings)
if stmt.Principal == nil {
t.Fatal("Expected non-nil Principal")
}
principals := stmt.Principal.Strings()
if len(principals) != 3 {
t.Errorf("Expected 3 principals, got %d", len(principals))
}
// Check that numeric and boolean were converted
expectedPrincipals := []string{"user1", "123", "true"}
for i, expected := range expectedPrincipals {
if principals[i] != expected {
t.Errorf("Principal[%d]: expected '%s', got '%s'", i, expected, principals[i])
}
}
// Verify Condition conversion
if len(stmt.Condition) != 2 {
t.Errorf("Expected 2 condition blocks, got %d", len(stmt.Condition))
}
// Check NumericEquals condition
numericCond, ok := stmt.Condition["NumericEquals"]
if !ok {
t.Fatal("Expected NumericEquals condition")
}
maxKeys, ok := numericCond["s3:max-keys"]
if !ok {
t.Fatal("Expected s3:max-keys in NumericEquals")
}
maxKeysStrs := maxKeys.Strings()
expectedMaxKeys := []string{"100", "200", "300"}
if len(maxKeysStrs) != len(expectedMaxKeys) {
t.Errorf("Expected %d max-keys values, got %d", len(expectedMaxKeys), len(maxKeysStrs))
}
for i, expected := range expectedMaxKeys {
if maxKeysStrs[i] != expected {
t.Errorf("max-keys[%d]: expected '%s', got '%s'", i, expected, maxKeysStrs[i])
}
}
// Check StringEquals condition
stringCond, ok := stmt.Condition["StringEquals"]
if !ok {
t.Fatal("Expected StringEquals condition")
}
prefix, ok := stringCond["s3:prefix"]
if !ok {
t.Fatal("Expected s3:prefix in StringEquals")
}
prefixStrs := prefix.Strings()
expectedPrefix := []string{"test", "123", "false"}
if len(prefixStrs) != len(expectedPrefix) {
t.Errorf("Expected %d prefix values, got %d", len(expectedPrefix), len(prefixStrs))
}
for i, expected := range expectedPrefix {
if prefixStrs[i] != expected {
t.Errorf("prefix[%d]: expected '%s', got '%s'", i, expected, prefixStrs[i])
}
}
}
func TestConvertPrincipalWithMapAndMixedTypes(t *testing.T) {
// Test AWS-style principal map with mixed types
principalMap := map[string]interface{}{
"AWS": []interface{}{
"arn:aws:iam::123456789012:user/Alice",
456, // User ID as number
true, // Some boolean value
},
}
result := convertPrincipal(principalMap)
if result == nil {
t.Fatal("Expected non-nil result")
}
strs := result.Strings()
if len(strs) != 3 {
t.Errorf("Expected 3 values, got %d", len(strs))
}
expectedValues := []string{
"arn:aws:iam::123456789012:user/Alice",
"456",
"true",
}
for i, expected := range expectedValues {
if strs[i] != expected {
t.Errorf("Value[%d]: expected '%s', got '%s'", i, expected, strs[i])
}
}
}
func TestConvertConditionValueWithMixedTypes(t *testing.T) {
// Test []interface{} with mixed types
mixedValues := []interface{}{
"string",
123,
true,
456.78,
}
result := convertConditionValue(mixedValues)
strs := result.Strings()
expectedValues := []string{"string", "123", "true", "456.78"}
if len(strs) != len(expectedValues) {
t.Errorf("Expected %d values, got %d", len(expectedValues), len(strs))
}
for i, expected := range expectedValues {
if strs[i] != expected {
t.Errorf("Value[%d]: expected '%s', got '%s'", i, expected, strs[i])
}
}
}
func TestConvertPolicyDocumentNil(t *testing.T) {
result := ConvertPolicyDocumentToPolicyEngine(nil)
if result != nil {
t.Error("Expected nil result for nil input")
}
}
func TestConvertPrincipalNil(t *testing.T) {
result := convertPrincipal(nil)
if result != nil {
t.Error("Expected nil result for nil input")
}
}
func TestConvertPrincipalEmptyArray(t *testing.T) {
// Empty array should return nil
result := convertPrincipal([]interface{}{})
if result != nil {
t.Error("Expected nil result for empty array")
}
}
func TestConvertPrincipalUnknownType(t *testing.T) {
// Unknown types should return nil
result := convertPrincipal(12345) // Just a number, not valid principal
if result != nil {
t.Error("Expected nil result for unknown type")
}
}
func TestConvertPrincipalWithNilValues(t *testing.T) {
// Test that nil values in arrays are skipped for security
principalArray := []interface{}{
"arn:aws:iam::123456789012:user/Alice",
nil, // Should be skipped
"arn:aws:iam::123456789012:user/Bob",
nil, // Should be skipped
}
result := convertPrincipal(principalArray)
if result == nil {
t.Fatal("Expected non-nil result")
}
strs := result.Strings()
// Should only have 2 values (nil values skipped)
if len(strs) != 2 {
t.Errorf("Expected 2 values (nil values skipped), got %d", len(strs))
}
expectedValues := []string{
"arn:aws:iam::123456789012:user/Alice",
"arn:aws:iam::123456789012:user/Bob",
}
for i, expected := range expectedValues {
if strs[i] != expected {
t.Errorf("Value[%d]: expected '%s', got '%s'", i, expected, strs[i])
}
}
}
func TestConvertConditionValueWithNilValues(t *testing.T) {
// Test that nil values in condition arrays are skipped
mixedValues := []interface{}{
"string",
nil, // Should be skipped
123,
nil, // Should be skipped
true,
}
result := convertConditionValue(mixedValues)
strs := result.Strings()
// Should only have 3 values (nil values skipped)
expectedValues := []string{"string", "123", "true"}
if len(strs) != len(expectedValues) {
t.Errorf("Expected %d values (nil values skipped), got %d", len(expectedValues), len(strs))
}
for i, expected := range expectedValues {
if strs[i] != expected {
t.Errorf("Value[%d]: expected '%s', got '%s'", i, expected, strs[i])
}
}
}
func TestConvertPrincipalMapWithNilValues(t *testing.T) {
// Test AWS-style principal map with nil values
principalMap := map[string]interface{}{
"AWS": []interface{}{
"arn:aws:iam::123456789012:user/Alice",
nil, // Should be skipped
"arn:aws:iam::123456789012:user/Bob",
},
}
result := convertPrincipal(principalMap)
if result == nil {
t.Fatal("Expected non-nil result")
}
strs := result.Strings()
// Should only have 2 values (nil value skipped)
if len(strs) != 2 {
t.Errorf("Expected 2 values (nil value skipped), got %d", len(strs))
}
expectedValues := []string{
"arn:aws:iam::123456789012:user/Alice",
"arn:aws:iam::123456789012:user/Bob",
}
for i, expected := range expectedValues {
if strs[i] != expected {
t.Errorf("Value[%d]: expected '%s', got '%s'", i, expected, strs[i])
}
}
}
func TestConvertToStringUnsupportedType(t *testing.T) {
// Test that unsupported types (e.g., nested maps/slices) return empty string
// This should trigger a warning log but not fail
type customStruct struct {
Field string
}
testCases := []struct {
name string
input interface{}
expected string
}{
{
name: "nested map",
input: map[string]interface{}{"key": "value"},
expected: "", // Unsupported, returns empty string
},
{
name: "nested slice",
input: []int{1, 2, 3},
expected: "", // Unsupported, returns empty string
},
{
name: "custom struct",
input: customStruct{Field: "test"},
expected: "", // Unsupported, returns empty string
},
{
name: "function",
input: func() {},
expected: "", // Unsupported, returns empty string
},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
result := convertToString(tc.input)
if result != tc.expected {
t.Errorf("Expected '%s', got '%s'", tc.expected, result)
}
// Note: In a real test, you might want to capture log output
// to verify the warning was actually logged
})
}
}
func TestConvertToStringSupportedTypes(t *testing.T) {
// Test that all supported types convert correctly
testCases := []struct {
name string
input interface{}
expected string
}{
{"string", "test", "test"},
{"bool true", true, "true"},
{"bool false", false, "false"},
{"int", 123, "123"},
{"int8", int8(127), "127"},
{"int16", int16(32767), "32767"},
{"int32", int32(2147483647), "2147483647"},
{"int64", int64(9223372036854775807), "9223372036854775807"},
{"uint", uint(123), "123"},
{"uint8", uint8(255), "255"},
{"uint16", uint16(65535), "65535"},
{"uint32", uint32(4294967295), "4294967295"},
{"uint64", uint64(18446744073709551615), "18446744073709551615"},
{"float32", float32(3.14), "3.14"},
{"float64", float64(3.14159265359), "3.14159265359"},
}
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
result := convertToString(tc.input)
if result != tc.expected {
t.Errorf("Expected '%s', got '%s'", tc.expected, result)
}
})
}
}