seaweedfs/weed/filer/s3iam_conf_test.go

package filer

import (
	"bytes"
	"testing"

	. "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"

	"github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"

	"github.com/stretchr/testify/assert"
)

func TestS3Conf(t *testing.T) {
	s3Conf := &iam_pb.S3ApiConfiguration{
		Identities: []*iam_pb.Identity{
			{
				Name: "some_name",
				Credentials: []*iam_pb.Credential{
					{
						AccessKey: "some_access_key1",
						SecretKey: "some_secret_key1",
					},
				},
				Actions: []string{
					ACTION_ADMIN,
					ACTION_READ,
					ACTION_WRITE,
				},
			},
			{
				Name: "some_read_only_user",
				Credentials: []*iam_pb.Credential{
					{
						AccessKey: "some_access_key2",
						SecretKey: "some_secret_key2",
					},
				},
				Actions: []string{
					ACTION_READ,
					ACTION_TAGGING,
					ACTION_LIST,
				},
			},
		},
	}
	var buf bytes.Buffer
	err := ProtoToText(&buf, s3Conf)
	assert.Equal(t, err, nil)
	s3ConfSaved := &iam_pb.S3ApiConfiguration{}
	err = ParseS3ConfigurationFromBytes(buf.Bytes(), s3ConfSaved)
	assert.Equal(t, err, nil)

	assert.Equal(t, "some_name", s3ConfSaved.Identities[0].Name)
	assert.Equal(t, "some_read_only_user", s3ConfSaved.Identities[1].Name)
	assert.Equal(t, "some_access_key1", s3ConfSaved.Identities[0].Credentials[0].AccessKey)
	assert.Equal(t, "some_secret_key2", s3ConfSaved.Identities[1].Credentials[0].SecretKey)
}

func TestCheckDuplicateAccessKey(t *testing.T) {
	var tests = []struct {
		s3cfg *iam_pb.S3ApiConfiguration
		err   string
	}{
		{
			&iam_pb.S3ApiConfiguration{
				Identities: []*iam_pb.Identity{
					{
						Name: "some_name",
						Credentials: []*iam_pb.Credential{
							{
								AccessKey: "some_access_key1",
								SecretKey: "some_secret_key1",
							},
						},
						Actions: []string{
							ACTION_ADMIN,
							ACTION_READ,
							ACTION_WRITE,
						},
					},
					{
						Name: "some_read_only_user",
						Credentials: []*iam_pb.Credential{
							{
								AccessKey: "some_access_key2",
								SecretKey: "some_secret_key2",
							},
						},
						Actions: []string{
							ACTION_READ,
							ACTION_TAGGING,
							ACTION_LIST,
						},
					},
				},
			},
			"",
		},
		{
			&iam_pb.S3ApiConfiguration{
				Identities: []*iam_pb.Identity{
					{
						Name: "some_name",
						Credentials: []*iam_pb.Credential{
							{
								AccessKey: "some_access_key1",
								SecretKey: "some_secret_key1",
							},
						},
						Actions: []string{
							ACTION_ADMIN,
							ACTION_READ,
							ACTION_WRITE,
						},
					},
					{
						Name: "some_name",
						Credentials: []*iam_pb.Credential{
							{
								AccessKey: "some_access_key1",
								SecretKey: "some_secret_key1",
							},
						},
						Actions: []string{
							ACTION_READ,
							ACTION_TAGGING,
							ACTION_LIST,
						},
					},
				},
			},
			"",
		},
		{
			&iam_pb.S3ApiConfiguration{
				Identities: []*iam_pb.Identity{
					{
						Name: "some_name",
						Credentials: []*iam_pb.Credential{
							{
								AccessKey: "some_access_key1",
								SecretKey: "some_secret_key1",
							},
						},
						Actions: []string{
							ACTION_ADMIN,
							ACTION_READ,
							ACTION_WRITE,
						},
					},
					{
						Name: "some_read_only_user",
						Credentials: []*iam_pb.Credential{
							{
								AccessKey: "some_access_key1",
								SecretKey: "some_secret_key1",
							},
						},
						Actions: []string{
							ACTION_READ,
							ACTION_TAGGING,
							ACTION_LIST,
						},
					},
				},
			},
			"duplicate accessKey[some_access_key1], already configured in user[some_name]",
		},
	}
	for i, test := range tests {
		err := CheckDuplicateAccessKey(test.s3cfg)
		var errString string
		if err == nil {
			errString = ""
		} else {
			errString = err.Error()
		}
		if errString != test.err {
			t.Errorf("[%d]: got: %s expected: %s", i, errString, test.err)
		}
	}
}
refactoring 2020-12-07 07:16:20 +00:00			`package filer`
s3iam test 2020-11-25 21:26:45 +00:00
			`import (`
refactoring 2020-12-07 07:16:20 +00:00			`"bytes"`
s3iam test 2020-11-25 21:26:45 +00:00			`"testing"`

move to https://github.com/seaweedfs/seaweedfs 2022-07-29 07:17:28 +00:00			`. "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"`
supplement check duplicate accesskey 2022-07-13 09:28:20 +00:00
move to https://github.com/seaweedfs/seaweedfs 2022-07-29 07:17:28 +00:00			`"github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"`
s3iam test 2020-11-25 21:26:45 +00:00
			`"github.com/stretchr/testify/assert"`
			`)`

			`func TestS3Conf(t *testing.T) {`
			`s3Conf := &iam_pb.S3ApiConfiguration{`
			`Identities: []*iam_pb.Identity{`
			`{`
			`Name: "some_name",`
			`Credentials: []*iam_pb.Credential{`
			`{`
			`AccessKey: "some_access_key1",`
			`SecretKey: "some_secret_key1",`
			`},`
			`},`
			`Actions: []string{`
break import cycle 2020-12-07 08:29:17 +00:00			`ACTION_ADMIN,`
			`ACTION_READ,`
			`ACTION_WRITE,`
s3iam test 2020-11-25 21:26:45 +00:00			`},`
			`},`
			`{`
			`Name: "some_read_only_user",`
			`Credentials: []*iam_pb.Credential{`
			`{`
			`AccessKey: "some_access_key2",`
			`SecretKey: "some_secret_key2",`
			`},`
			`},`
			`Actions: []string{`
break import cycle 2020-12-07 08:29:17 +00:00			`ACTION_READ,`
			`ACTION_TAGGING,`
			`ACTION_LIST,`
s3iam test 2020-11-25 21:26:45 +00:00			`},`
			`},`
			`},`
			`}`
refactoring 2020-12-07 07:16:20 +00:00			`var buf bytes.Buffer`
rename 2021-07-09 10:19:21 +00:00			`err := ProtoToText(&buf, s3Conf)`
use content field of entry 2020-12-02 12:19:05 +00:00			`assert.Equal(t, err, nil)`
s3iam test 2020-11-25 21:26:45 +00:00			`s3ConfSaved := &iam_pb.S3ApiConfiguration{}`
refactoring 2020-12-07 07:16:20 +00:00			`err = ParseS3ConfigurationFromBytes(buf.Bytes(), s3ConfSaved)`
use content field of entry 2020-12-02 12:19:05 +00:00			`assert.Equal(t, err, nil)`
s3iam test 2020-11-25 21:26:45 +00:00
			`assert.Equal(t, "some_name", s3ConfSaved.Identities[0].Name)`
			`assert.Equal(t, "some_read_only_user", s3ConfSaved.Identities[1].Name)`
			`assert.Equal(t, "some_access_key1", s3ConfSaved.Identities[0].Credentials[0].AccessKey)`
			`assert.Equal(t, "some_secret_key2", s3ConfSaved.Identities[1].Credentials[0].SecretKey)`
			`}`
supplement check duplicate accesskey 2022-07-13 09:28:20 +00:00
			`func TestCheckDuplicateAccessKey(t *testing.T) {`
			`var tests = []struct {`
			`s3cfg *iam_pb.S3ApiConfiguration`
			`err string`
			`}{`
			`{`
			`&iam_pb.S3ApiConfiguration{`
			`Identities: []*iam_pb.Identity{`
			`{`
			`Name: "some_name",`
			`Credentials: []*iam_pb.Credential{`
			`{`
			`AccessKey: "some_access_key1",`
			`SecretKey: "some_secret_key1",`
			`},`
			`},`
			`Actions: []string{`
			`ACTION_ADMIN,`
			`ACTION_READ,`
			`ACTION_WRITE,`
			`},`
			`},`
			`{`
			`Name: "some_read_only_user",`
			`Credentials: []*iam_pb.Credential{`
			`{`
			`AccessKey: "some_access_key2",`
			`SecretKey: "some_secret_key2",`
			`},`
			`},`
			`Actions: []string{`
			`ACTION_READ,`
			`ACTION_TAGGING,`
			`ACTION_LIST,`
			`},`
			`},`
			`},`
			`},`
			`"",`
			`},`
			`{`
			`&iam_pb.S3ApiConfiguration{`
s3: fix configuring IAM for the same user hi, how can I add bucket permission to a user now? Previously, if I needed to add permission to an existing credential, I simply repeated the s3.configure command with a different bucket name. Now I am getting error: duplicate accessKey[ХХХХ], already configured in user[YYYY] s3.configure -access_key key -actions Read,Write,List -buckets bucket1 -secret_key secr -user user1 s3.configure -access_key key -actions Read,Write,List -buckets bucket2 -secret_key secr -user user1 2022-08-30 16:37:52 +00:00			`Identities: []*iam_pb.Identity{`
			`{`
			`Name: "some_name",`
			`Credentials: []*iam_pb.Credential{`
			`{`
			`AccessKey: "some_access_key1",`
			`SecretKey: "some_secret_key1",`
			`},`
			`},`
			`Actions: []string{`
			`ACTION_ADMIN,`
			`ACTION_READ,`
			`ACTION_WRITE,`
			`},`
			`},`
			`{`
			`Name: "some_name",`
			`Credentials: []*iam_pb.Credential{`
			`{`
			`AccessKey: "some_access_key1",`
			`SecretKey: "some_secret_key1",`
			`},`
			`},`
			`Actions: []string{`
			`ACTION_READ,`
			`ACTION_TAGGING,`
			`ACTION_LIST,`
			`},`
			`},`
			`},`
			`},`
			`"",`
			`},`
			`{`
			`&iam_pb.S3ApiConfiguration{`
supplement check duplicate accesskey 2022-07-13 09:28:20 +00:00			`Identities: []*iam_pb.Identity{`
			`{`
			`Name: "some_name",`
			`Credentials: []*iam_pb.Credential{`
			`{`
			`AccessKey: "some_access_key1",`
			`SecretKey: "some_secret_key1",`
			`},`
			`},`
			`Actions: []string{`
			`ACTION_ADMIN,`
			`ACTION_READ,`
			`ACTION_WRITE,`
			`},`
			`},`
			`{`
			`Name: "some_read_only_user",`
			`Credentials: []*iam_pb.Credential{`
			`{`
			`AccessKey: "some_access_key1",`
			`SecretKey: "some_secret_key1",`
			`},`
			`},`
			`Actions: []string{`
			`ACTION_READ,`
			`ACTION_TAGGING,`
			`ACTION_LIST,`
			`},`
			`},`
			`},`
			`},`
			`"duplicate accessKey[some_access_key1], already configured in user[some_name]",`
			`},`
			`}`
			`for i, test := range tests {`
			`err := CheckDuplicateAccessKey(test.s3cfg)`
			`var errString string`
			`if err == nil {`
			`errString = ""`
			`} else {`
			`errString = err.Error()`
			`}`
			`if errString != test.err {`
			`t.Errorf("[%d]: got: %s expected: %s", i, errString, test.err)`
			`}`
			`}`
			`}`