Accueil Explorer Aide
Connexion
github-mirrors
/
mirror-seaweedfs
2
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: b64ada08bd
Branches Tags
mirror-seaweedf...
/
weed
/
s3api
/
s3_token_differentiation_test.go

s3_token_differentiation_test.go 3.0 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117 
  1. package s3api
    2. 

  2. 

  3. import (
    4. 

  4. 	"strings"
    5. 

  5. 	"testing"
    6. 

  6. 	"time"
    7. 

  7. 

  8. 	"github.com/seaweedfs/seaweedfs/weed/iam/integration"
    9. 

  9. 	"github.com/seaweedfs/seaweedfs/weed/iam/sts"
    10. 

  10. 	"github.com/stretchr/testify/assert"
    11. 

  11. )
    12. 

  12. 

  13. func TestS3IAMIntegration_isSTSIssuer(t *testing.T) {
    14. 

  14. 	// Create test STS service with configuration
    15. 

  15. 	stsService := sts.NewSTSService()
    16. 

  16. 

  17. 	// Set up STS configuration with a specific issuer
    18. 

  18. 	testIssuer := "https://seaweedfs-prod.company.com/sts"
    19. 

  19. 	stsConfig := &sts.STSConfig{
    20. 

  20. 		Issuer:           testIssuer,
    21. 

  21. 		SigningKey:       []byte("test-signing-key-32-characters-long"),
    22. 

  22. 		TokenDuration:    sts.FlexibleDuration{time.Hour},
    23. 

  23. 		MaxSessionLength: sts.FlexibleDuration{12 * time.Hour}, // Required field
    24. 

  24. 	}
    25. 

  25. 

  26. 	// Initialize STS service with config (this sets the Config field)
    27. 

  27. 	err := stsService.Initialize(stsConfig)
    28. 

  28. 	assert.NoError(t, err)
    29. 

  29. 

  30. 	// Create S3IAM integration with configured STS service
    31. 

  31. 	s3iam := &S3IAMIntegration{
    32. 

  32. 		iamManager:   &integration.IAMManager{}, // Mock
    33. 

  33. 		stsService:   stsService,
    34. 

  34. 		filerAddress: "test-filer:8888",
    35. 

  35. 		enabled:      true,
    36. 

  36. 	}
    37. 

  37. 

  38. 	tests := []struct {
    39. 

  39. 		name     string
    40. 

  40. 		issuer   string
    41. 

  41. 		expected bool
    42. 

  42. 	}{
    43. 

  43. 		// Only exact match should return true
    44. 

  44. 		{
    45. 

  45. 			name:     "exact match with configured issuer",
    46. 

  46. 			issuer:   testIssuer,
    47. 

  47. 			expected: true,
    48. 

  48. 		},
    49. 

  49. 		// All other issuers should return false (exact matching)
    50. 

  50. 		{
    51. 

  51. 			name:     "similar but not exact issuer",
    52. 

  52. 			issuer:   "https://seaweedfs-prod.company.com/sts2",
    53. 

  53. 			expected: false,
    54. 

  54. 		},
    55. 

  55. 		{
    56. 

  56. 			name:     "substring of configured issuer",
    57. 

  57. 			issuer:   "seaweedfs-prod.company.com",
    58. 

  58. 			expected: false,
    59. 

  59. 		},
    60. 

  60. 		{
    61. 

  61. 			name:     "contains configured issuer as substring",
    62. 

  62. 			issuer:   "prefix-" + testIssuer + "-suffix",
    63. 

  63. 			expected: false,
    64. 

  64. 		},
    65. 

  65. 		{
    66. 

  66. 			name:     "case sensitive - different case",
    67. 

  67. 			issuer:   strings.ToUpper(testIssuer),
    68. 

  68. 			expected: false,
    69. 

  69. 		},
    70. 

  70. 		{
    71. 

  71. 			name:     "Google OIDC",
    72. 

  72. 			issuer:   "https://accounts.google.com",
    73. 

  73. 			expected: false,
    74. 

  74. 		},
    75. 

  75. 		{
    76. 

  76. 			name:     "Azure AD",
    77. 

  77. 			issuer:   "https://login.microsoftonline.com/tenant-id/v2.0",
    78. 

  78. 			expected: false,
    79. 

  79. 		},
    80. 

  80. 		{
    81. 

  81. 			name:     "Auth0",
    82. 

  82. 			issuer:   "https://mycompany.auth0.com",
    83. 

  83. 			expected: false,
    84. 

  84. 		},
    85. 

  85. 		{
    86. 

  86. 			name:     "Keycloak",
    87. 

  87. 			issuer:   "https://keycloak.mycompany.com/auth/realms/master",
    88. 

  88. 			expected: false,
    89. 

  89. 		},
    90. 

  90. 		{
    91. 

  91. 			name:     "Empty string",
    92. 

  92. 			issuer:   "",
    93. 

  93. 			expected: false,
    94. 

  94. 		},
    95. 

  95. 	}
    96. 

  96. 

  97. 	for _, tt := range tests {
    98. 

  98. 		t.Run(tt.name, func(t *testing.T) {
    99. 

  99. 			result := s3iam.isSTSIssuer(tt.issuer)
    100. 

  100. 			assert.Equal(t, tt.expected, result, "isSTSIssuer should use exact matching against configured issuer")
    101. 

  101. 		})
    102. 

  102. 	}
    103. 

  103. }
    104. 

  104. 

  105. func TestS3IAMIntegration_isSTSIssuer_NoSTSService(t *testing.T) {
    106. 

  106. 	// Create S3IAM integration without STS service
    107. 

  107. 	s3iam := &S3IAMIntegration{
    108. 

  108. 		iamManager:   &integration.IAMManager{},
    109. 

  109. 		stsService:   nil, // No STS service
    110. 

  110. 		filerAddress: "test-filer:8888",
    111. 

  111. 		enabled:      true,
    112. 

  112. 	}
    113. 

  113. 

  114. 	// Should return false when STS service is not available
    115. 

  115. 	result := s3iam.isSTSIssuer("seaweedfs-sts")
    116. 

  116. 	assert.False(t, result, "isSTSIssuer should return false when STS service is nil")
    117. 

  117. }
    118.