2020-12-07 15:16:20 +08:00
|
|
|
package filer
|
2020-11-26 05:26:45 +08:00
|
|
|
|
|
|
|
import (
|
2020-12-07 15:16:20 +08:00
|
|
|
"bytes"
|
2020-11-26 05:26:45 +08:00
|
|
|
"testing"
|
|
|
|
|
2022-07-29 15:17:28 +08:00
|
|
|
. "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
|
2022-07-13 17:28:20 +08:00
|
|
|
|
2022-07-29 15:17:28 +08:00
|
|
|
"github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"
|
2020-11-26 05:26:45 +08:00
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestS3Conf(t *testing.T) {
|
|
|
|
s3Conf := &iam_pb.S3ApiConfiguration{
|
|
|
|
Identities: []*iam_pb.Identity{
|
|
|
|
{
|
|
|
|
Name: "some_name",
|
|
|
|
Credentials: []*iam_pb.Credential{
|
|
|
|
{
|
|
|
|
AccessKey: "some_access_key1",
|
|
|
|
SecretKey: "some_secret_key1",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Actions: []string{
|
2020-12-07 16:29:17 +08:00
|
|
|
ACTION_ADMIN,
|
|
|
|
ACTION_READ,
|
|
|
|
ACTION_WRITE,
|
2020-11-26 05:26:45 +08:00
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: "some_read_only_user",
|
|
|
|
Credentials: []*iam_pb.Credential{
|
|
|
|
{
|
|
|
|
AccessKey: "some_access_key2",
|
|
|
|
SecretKey: "some_secret_key2",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Actions: []string{
|
2020-12-07 16:29:17 +08:00
|
|
|
ACTION_READ,
|
|
|
|
ACTION_TAGGING,
|
|
|
|
ACTION_LIST,
|
2020-11-26 05:26:45 +08:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
2020-12-07 15:16:20 +08:00
|
|
|
var buf bytes.Buffer
|
2021-07-09 18:19:21 +08:00
|
|
|
err := ProtoToText(&buf, s3Conf)
|
2020-12-02 20:19:05 +08:00
|
|
|
assert.Equal(t, err, nil)
|
2020-11-26 05:26:45 +08:00
|
|
|
s3ConfSaved := &iam_pb.S3ApiConfiguration{}
|
2020-12-07 15:16:20 +08:00
|
|
|
err = ParseS3ConfigurationFromBytes(buf.Bytes(), s3ConfSaved)
|
2020-12-02 20:19:05 +08:00
|
|
|
assert.Equal(t, err, nil)
|
2020-11-26 05:26:45 +08:00
|
|
|
|
|
|
|
assert.Equal(t, "some_name", s3ConfSaved.Identities[0].Name)
|
|
|
|
assert.Equal(t, "some_read_only_user", s3ConfSaved.Identities[1].Name)
|
|
|
|
assert.Equal(t, "some_access_key1", s3ConfSaved.Identities[0].Credentials[0].AccessKey)
|
|
|
|
assert.Equal(t, "some_secret_key2", s3ConfSaved.Identities[1].Credentials[0].SecretKey)
|
|
|
|
}
|
2022-07-13 17:28:20 +08:00
|
|
|
|
|
|
|
func TestCheckDuplicateAccessKey(t *testing.T) {
|
|
|
|
var tests = []struct {
|
|
|
|
s3cfg *iam_pb.S3ApiConfiguration
|
|
|
|
err string
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
&iam_pb.S3ApiConfiguration{
|
|
|
|
Identities: []*iam_pb.Identity{
|
|
|
|
{
|
|
|
|
Name: "some_name",
|
|
|
|
Credentials: []*iam_pb.Credential{
|
|
|
|
{
|
|
|
|
AccessKey: "some_access_key1",
|
|
|
|
SecretKey: "some_secret_key1",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Actions: []string{
|
|
|
|
ACTION_ADMIN,
|
|
|
|
ACTION_READ,
|
|
|
|
ACTION_WRITE,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: "some_read_only_user",
|
|
|
|
Credentials: []*iam_pb.Credential{
|
|
|
|
{
|
|
|
|
AccessKey: "some_access_key2",
|
|
|
|
SecretKey: "some_secret_key2",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Actions: []string{
|
|
|
|
ACTION_READ,
|
|
|
|
ACTION_TAGGING,
|
|
|
|
ACTION_LIST,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
&iam_pb.S3ApiConfiguration{
|
2022-08-31 00:37:52 +08:00
|
|
|
Identities: []*iam_pb.Identity{
|
|
|
|
{
|
|
|
|
Name: "some_name",
|
|
|
|
Credentials: []*iam_pb.Credential{
|
|
|
|
{
|
|
|
|
AccessKey: "some_access_key1",
|
|
|
|
SecretKey: "some_secret_key1",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Actions: []string{
|
|
|
|
ACTION_ADMIN,
|
|
|
|
ACTION_READ,
|
|
|
|
ACTION_WRITE,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: "some_name",
|
|
|
|
Credentials: []*iam_pb.Credential{
|
|
|
|
{
|
|
|
|
AccessKey: "some_access_key1",
|
|
|
|
SecretKey: "some_secret_key1",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Actions: []string{
|
|
|
|
ACTION_READ,
|
|
|
|
ACTION_TAGGING,
|
|
|
|
ACTION_LIST,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
&iam_pb.S3ApiConfiguration{
|
2022-07-13 17:28:20 +08:00
|
|
|
Identities: []*iam_pb.Identity{
|
|
|
|
{
|
|
|
|
Name: "some_name",
|
|
|
|
Credentials: []*iam_pb.Credential{
|
|
|
|
{
|
|
|
|
AccessKey: "some_access_key1",
|
|
|
|
SecretKey: "some_secret_key1",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Actions: []string{
|
|
|
|
ACTION_ADMIN,
|
|
|
|
ACTION_READ,
|
|
|
|
ACTION_WRITE,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: "some_read_only_user",
|
|
|
|
Credentials: []*iam_pb.Credential{
|
|
|
|
{
|
|
|
|
AccessKey: "some_access_key1",
|
|
|
|
SecretKey: "some_secret_key1",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Actions: []string{
|
|
|
|
ACTION_READ,
|
|
|
|
ACTION_TAGGING,
|
|
|
|
ACTION_LIST,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
"duplicate accessKey[some_access_key1], already configured in user[some_name]",
|
|
|
|
},
|
|
|
|
}
|
|
|
|
for i, test := range tests {
|
|
|
|
err := CheckDuplicateAccessKey(test.s3cfg)
|
|
|
|
var errString string
|
|
|
|
if err == nil {
|
|
|
|
errString = ""
|
|
|
|
} else {
|
|
|
|
errString = err.Error()
|
|
|
|
}
|
|
|
|
if errString != test.err {
|
|
|
|
t.Errorf("[%d]: got: %s expected: %s", i, errString, test.err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|