Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12000 Commits
50 Branches
315 Tags
330 MiB
 
 
 
 
 
 
Tree: ffbf0bc71f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ffbf0bc71f'
${ noResults }
seaweedfs/.github/workflows/s3-iam-tests.yml

414 lines
13 KiB
Raw Blame History

name: "S3 IAM Integration Tests"
on:
pull_request:
paths:
- 'weed/iam/**'
- 'weed/s3api/**'
- 'test/s3/iam/**'
- '.github/workflows/s3-iam-tests.yml'
push:
branches: [ master ]
paths:
- 'weed/iam/**'
- 'weed/s3api/**'
- 'test/s3/iam/**'
- '.github/workflows/s3-iam-tests.yml'
concurrency:
group: ${{ github.head_ref }}/s3-iam-tests
cancel-in-progress: true
permissions:
contents: read
defaults:
run:
working-directory: weed
jobs:
# Unit tests for IAM components
iam-unit-tests:
name: IAM Unit Tests
runs-on: ubuntu-22.04
timeout-minutes: 15
steps:
- name: Check out code
uses: actions/checkout@v5
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
id: go
- name: Get dependencies
run: |
go mod download
- name: Run IAM Unit Tests
timeout-minutes: 10
run: |
set -x
echo "=== Running IAM STS Tests ==="
go test -v -timeout 5m ./iam/sts/...
echo "=== Running IAM Policy Tests ==="
go test -v -timeout 5m ./iam/policy/...
echo "=== Running IAM Integration Tests ==="
go test -v -timeout 5m ./iam/integration/...
echo "=== Running S3 API IAM Tests ==="
go test -v -timeout 5m ./s3api/... -run ".*IAM.*|.*JWT.*|.*Auth.*"
- name: Upload test results on failure
if: failure()
uses: actions/upload-artifact@v4
with:
name: iam-unit-test-results
path: |
weed/testdata/
weed/**/testdata/
retention-days: 3
# S3 IAM integration tests with SeaweedFS services
s3-iam-integration-tests:
name: S3 IAM Integration Tests
runs-on: ubuntu-22.04
timeout-minutes: 25
strategy:
matrix:
test-type: ["basic", "advanced", "policy-enforcement"]
steps:
- name: Check out code
uses: actions/checkout@v5
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
id: go
- name: Install SeaweedFS
working-directory: weed
run: |
go install -buildvcs=false
- name: Run S3 IAM Integration Tests - ${{ matrix.test-type }}
timeout-minutes: 20
working-directory: test/s3/iam
run: |
set -x
echo "=== System Information ==="
uname -a
free -h
df -h
echo "=== Starting S3 IAM Integration Tests (${{ matrix.test-type }}) ==="
# Set WEED_BINARY to use the installed version
export WEED_BINARY=$(which weed)
export TEST_TIMEOUT=15m
# Run tests based on type
case "${{ matrix.test-type }}" in
"basic")
echo "Running basic IAM functionality tests..."
make clean setup start-services wait-for-services
go test -v -timeout 15m -run "TestS3IAMAuthentication|TestS3IAMBasicWorkflow|TestS3IAMTokenValidation" ./...
;;
"advanced")
echo "Running advanced IAM feature tests..."
make clean setup start-services wait-for-services
go test -v -timeout 15m -run "TestS3IAMSessionExpiration|TestS3IAMMultipart|TestS3IAMPresigned" ./...
;;
"policy-enforcement")
echo "Running policy enforcement tests..."
make clean setup start-services wait-for-services
go test -v -timeout 15m -run "TestS3IAMPolicyEnforcement|TestS3IAMBucketPolicy|TestS3IAMContextual" ./...
;;
*)
echo "Unknown test type: ${{ matrix.test-type }}"
exit 1
;;
esac
# Always cleanup
make stop-services
- name: Show service logs on failure
if: failure()
working-directory: test/s3/iam
run: |
echo "=== Service Logs ==="
echo "--- Master Log ---"
tail -50 weed-master.log 2>/dev/null || echo "No master log found"
echo ""
echo "--- Filer Log ---"
tail -50 weed-filer.log 2>/dev/null || echo "No filer log found"
echo ""
echo "--- Volume Log ---"
tail -50 weed-volume.log 2>/dev/null || echo "No volume log found"
echo ""
echo "--- S3 API Log ---"
tail -50 weed-s3.log 2>/dev/null || echo "No S3 log found"
echo ""
echo "=== Process Information ==="
ps aux | grep -E "(weed|test)" || true
netstat -tlnp | grep -E "(8333|8888|9333|8080)" || true
- name: Upload test logs on failure
if: failure()
uses: actions/upload-artifact@v4
with:
name: s3-iam-integration-logs-${{ matrix.test-type }}
path: test/s3/iam/weed-*.log
retention-days: 5
# Keycloak integration tests with Docker Compose
s3-iam-keycloak-tests:
name: S3 IAM Keycloak Integration
runs-on: ubuntu-22.04
timeout-minutes: 30
# Always run Keycloak integration tests
steps:
- name: Check out code
uses: actions/checkout@v5
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
id: go
- name: Install SeaweedFS
working-directory: weed
run: |
go install -buildvcs=false
- name: Configure Keycloak (repo script only)
shell: bash
working-directory: .
run: |
echo "Configuring Keycloak via repo script..."
sudo apt-get update -y
sudo apt-get install -y jq bash
/bin/bash test/s3/iam/setup_keycloak.sh
- name: Start SeaweedFS Services
working-directory: test/s3/iam
run: |
echo "Starting SeaweedFS services..."
export WEED_BINARY=$(which weed)
make clean setup start-services wait-for-services
echo "SeaweedFS services are ready"
- name: Run Keycloak Integration Tests
timeout-minutes: 20
working-directory: test/s3/iam
run: |
set -x
echo "=== Running Keycloak Integration Tests ==="
export KEYCLOAK_URL="http://localhost:8080"
export S3_ENDPOINT="http://localhost:8333"
# Ensure the seaweedfs-test realm is available before running tests (repo script should have created it)
timeout 120 bash -c 'until curl -fs http://localhost:8080/realms/seaweedfs-test/.well-known/openid-configuration > /dev/null; do echo "... waiting for realm"; sleep 3; done'
# Verify services are accessible
echo "=== Verifying Service Accessibility ==="
curl -f http://localhost:8080/realms/master || {
echo "❌ Keycloak not accessible"
docker logs keycloak --tail=50
exit 1
}
# For IAM-enabled S3 API, we expect a 403 response when accessing without auth
# This indicates the server is running and IAM is working correctly
if curl -s http://localhost:8333 > /dev/null 2>&1; then
echo "✅ SeaweedFS S3 API is responding (IAM-protected endpoint)"
else
echo "❌ SeaweedFS S3 API not accessible"
cat weed-s3.log || true
exit 1
fi
# Run Keycloak-specific tests
echo "=== Running Keycloak Tests ==="
go test -v -timeout 15m -run "TestKeycloak" ./... || {
echo "❌ Keycloak integration tests failed"
echo "=== Service Logs ==="
echo "--- Keycloak logs ---"
docker logs keycloak --tail=100
echo "--- SeaweedFS logs ---"
cat weed-s3.log 2>/dev/null || echo "No S3 log found"
cat weed-master.log 2>/dev/null || echo "No master log found"
cat weed-filer.log 2>/dev/null || echo "No filer log found"
exit 1
}
- name: Show service logs on failure
if: failure()
working-directory: test/s3/iam
run: |
echo "=== Keycloak Container Logs ==="
docker logs keycloak --tail=200 || true
echo "=== SeaweedFS Service Logs ==="
echo "--- S3 API Log ---"
tail -100 weed-s3.log 2>/dev/null || echo "No S3 log found"
echo "--- Master Log ---"
tail -100 weed-master.log 2>/dev/null || echo "No master log found"
echo "--- Filer Log ---"
tail -100 weed-filer.log 2>/dev/null || echo "No filer log found"
echo "--- Volume Log ---"
tail -100 weed-volume.log 2>/dev/null || echo "No volume log found"
echo "=== Container Status ==="
docker ps -a
echo "=== Network Information ==="
netstat -tlnp | grep -E "(8080|8333|8888|9333)" || true
curl -v http://localhost:8080/realms/master || true
curl -v http://localhost:8333 || true
- name: Cleanup Services
if: always()
working-directory: test/s3/iam
run: |
echo "Stopping SeaweedFS services..."
make stop-services || true
echo "Stopping Keycloak container..."
docker stop keycloak || true
docker rm keycloak || true
- name: Upload service logs on failure
if: failure()
uses: actions/upload-artifact@v4
with:
name: s3-iam-keycloak-logs
path: |
test/s3/iam/weed-*.log
test/s3/iam/*.log
retention-days: 5
# Distributed IAM tests
s3-iam-distributed-tests:
name: S3 IAM Distributed Tests
runs-on: ubuntu-22.04
timeout-minutes: 25
steps:
- name: Check out code
uses: actions/checkout@v5
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
id: go
- name: Install SeaweedFS
working-directory: weed
run: |
go install -buildvcs=false
- name: Run Distributed IAM Tests
timeout-minutes: 20
working-directory: test/s3/iam
run: |
set -x
echo "=== System Information ==="
uname -a
free -h
export WEED_BINARY=$(which weed)
export TEST_TIMEOUT=15m
# Test distributed configuration
echo "Testing distributed IAM configuration..."
make clean setup
# Start services with distributed IAM config
echo "Starting services with distributed configuration..."
make start-services
make wait-for-services
# Run distributed-specific tests
export ENABLE_DISTRIBUTED_TESTS=true
go test -v -timeout 15m -run "TestS3IAMDistributedTests" ./... || {
echo "❌ Distributed tests failed, checking logs..."
make logs
exit 1
}
make stop-services
- name: Upload distributed test logs
if: always()
uses: actions/upload-artifact@v4
with:
name: s3-iam-distributed-logs
path: test/s3/iam/weed-*.log
retention-days: 7
# Performance and stress tests
s3-iam-performance-tests:
name: S3 IAM Performance Tests
runs-on: ubuntu-22.04
timeout-minutes: 30
steps:
- name: Check out code
uses: actions/checkout@v5
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: 'go.mod'
id: go
- name: Install SeaweedFS
working-directory: weed
run: |
go install -buildvcs=false
- name: Run IAM Performance Benchmarks
timeout-minutes: 25
working-directory: test/s3/iam
run: |
set -x
echo "=== Running IAM Performance Tests ==="
export WEED_BINARY=$(which weed)
export TEST_TIMEOUT=20m
make clean setup start-services wait-for-services
# Run performance tests (benchmarks disabled for CI)
echo "Running performance tests..."
export ENABLE_PERFORMANCE_TESTS=true
go test -v -timeout 15m -run "TestS3IAMPerformanceTests" ./... || {
echo "❌ Performance tests failed"
make logs
exit 1
}
make stop-services
- name: Upload performance test results
if: always()
uses: actions/upload-artifact@v4
with:
name: s3-iam-performance-results
path: |
test/s3/iam/weed-*.log
test/s3/iam/*.test
retention-days: 7