seaweedfs

chrislu 0cbb29161d fix: improve S3 IAM integration test JWT token generation and configuration Enhanced the S3 IAM integration test framework to generate proper JWT tokens with all required claims and added missing identity provider configuration. ### Problem: - TestS3IAMPolicyEnforcement and TestS3IAMBucketPolicyIntegration failing - GitHub Actions: 501 NotImplemented error - Local environment: 403 AccessDenied error - JWT tokens missing required claims (role, snam, principal, etc.) - IAM config missing identity provider for 'test-oidc' ### Solution: - Enhanced generateSTSSessionToken() to include all required JWT claims: - role: Role ARN (arn:seaweed:iam::role/TestAdminRole) - snam: Session name (test-session-admin-user) - principal: Principal ARN (arn:seaweed:sts::assumed-role/...) - assumed, assumed_at, ext_uid, idp, max_dur, sid - Added test-oidc identity provider to iam_config.json - Added sts:ValidateSession action to S3AdminPolicy and S3ReadOnlyPolicy ### Technical Details: - JWT tokens now match the format expected by S3IAMIntegration middleware - Identity provider 'test-oidc' configured as mock type - Policies include both S3 actions and STS session validation - Signing key matches between test framework and S3 server config ### Current Status: - ✅ JWT token generation: Complete with all required claims - ✅ IAM configuration: Identity provider and policies configured - ⚠️ Authentication: Still investigating 403 AccessDenied locally - 🔄 Need to verify if this resolves 501 NotImplemented in GitHub Actions This addresses the core JWT token format and configuration issues. Further debugging may be needed for the authentication flow.	2 months ago
..
seaweedfs	Helm Chart: support wildcards for s3-ingress host by quoting value (#7155)	2 months ago
artifacthub-repo.yml	Update artifacthub-repo-stable.yml (#4330)	3 years ago

chrislu 0cbb29161d fix: improve S3 IAM integration test JWT token generation and configuration

Enhanced the S3 IAM integration test framework to generate proper JWT tokens
with all required claims and added missing identity provider configuration.

### Problem:
- TestS3IAMPolicyEnforcement and TestS3IAMBucketPolicyIntegration failing
- GitHub Actions: 501 NotImplemented error
- Local environment: 403 AccessDenied error
- JWT tokens missing required claims (role, snam, principal, etc.)
- IAM config missing identity provider for 'test-oidc'

### Solution:
- Enhanced generateSTSSessionToken() to include all required JWT claims:
  - role: Role ARN (arn:seaweed:iam::role/TestAdminRole)
  - snam: Session name (test-session-admin-user)
  - principal: Principal ARN (arn:seaweed:sts::assumed-role/...)
  - assumed, assumed_at, ext_uid, idp, max_dur, sid
- Added test-oidc identity provider to iam_config.json
- Added sts:ValidateSession action to S3AdminPolicy and S3ReadOnlyPolicy

### Technical Details:
- JWT tokens now match the format expected by S3IAMIntegration middleware
- Identity provider 'test-oidc' configured as mock type
- Policies include both S3 actions and STS session validation
- Signing key matches between test framework and S3 server config

### Current Status:
- ✅ JWT token generation: Complete with all required claims
- ✅ IAM configuration: Identity provider and policies configured
- ⚠️  Authentication: Still investigating 403 AccessDenied locally
- 🔄 Need to verify if this resolves 501 NotImplemented in GitHub Actions

This addresses the core JWT token format and configuration issues.
Further debugging may be needed for the authentication flow.

2 months ago

seaweedfs

Helm Chart: support wildcards for s3-ingress host by quoting value (#7155)

2 months ago

artifacthub-repo.yml

Update artifacthub-repo-stable.yml (#4330)

3 years ago