Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11984 Commits
53 Branches
313 Tags
342 MiB
 
 
 
 
 
 
Tree: 812f5c1a5a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '812f5c1a5a'
${ noResults }
seaweedfs/weed/s3api/s3_token_differentiation_te...

102 lines
2.4 KiB
Raw Blame History

package s3api
import (
"testing"
"github.com/seaweedfs/seaweedfs/weed/iam/integration"
"github.com/seaweedfs/seaweedfs/weed/iam/sts"
"github.com/stretchr/testify/assert"
)
func TestS3IAMIntegration_isSTSIssuer(t *testing.T) {
// Create test STS service
stsService := sts.NewSTSService()
// Create S3IAM integration with STS service
s3iam := &S3IAMIntegration{
iamManager: &integration.IAMManager{}, // Mock
stsService: stsService,
filerAddress: "test-filer:8888",
enabled: true,
}
tests := []struct {
name string
issuer string
expected bool
}{
// STS issuers (should return true)
{
name: "explicit STS issuer",
issuer: "seaweedfs-sts",
expected: true,
},
{
name: "STS in issuer name",
issuer: "https://mycompany-sts.example.com",
expected: true,
},
{
name: "seaweed in issuer name",
issuer: "https://seaweed-prod.company.com",
expected: true,
},
{
name: "localhost for development",
issuer: "http://localhost:9333/sts",
expected: true,
},
{
name: "case insensitive STS",
issuer: "SEAWEEDFS-STS-PROD",
expected: true,
},
// External OIDC issuers (should return false)
{
name: "Google OIDC",
issuer: "https://accounts.google.com",
expected: false,
},
{
name: "Azure AD",
issuer: "https://login.microsoftonline.com/tenant-id/v2.0",
expected: false,
},
{
name: "Auth0",
issuer: "https://mycompany.auth0.com",
expected: false,
},
{
name: "Keycloak",
issuer: "https://keycloak.mycompany.com/auth/realms/master",
expected: false,
},
{
name: "Generic OIDC provider",
issuer: "https://oidc.provider.com",
expected: false,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result := s3iam.isSTSIssuer(tt.issuer)
assert.Equal(t, tt.expected, result, "isSTSIssuer should correctly identify issuer type")
})
}
}
func TestS3IAMIntegration_isSTSIssuer_NoSTSService(t *testing.T) {
// Create S3IAM integration without STS service
s3iam := &S3IAMIntegration{
iamManager: &integration.IAMManager{},
stsService: nil, // No STS service
filerAddress: "test-filer:8888",
enabled: true,
}
// Should return false when STS service is not available
result := s3iam.isSTSIssuer("seaweedfs-sts")
assert.False(t, result, "isSTSIssuer should return false when STS service is nil")
}