seaweedfs/weed/s3api/auth_credentials_test.go

package s3api

import (
	. "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
	"github.com/stretchr/testify/assert"
	"reflect"
	"testing"

	"github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"
	jsonpb "google.golang.org/protobuf/encoding/protojson"
)

func TestIdentityListFileFormat(t *testing.T) {

	s3ApiConfiguration := &iam_pb.S3ApiConfiguration{}

	identity1 := &iam_pb.Identity{
		Name: "some_name",
		Credentials: []*iam_pb.Credential{
			{
				AccessKey: "some_access_key1",
				SecretKey: "some_secret_key2",
			},
		},
		Actions: []string{
			ACTION_ADMIN,
			ACTION_READ,
			ACTION_WRITE,
		},
	}
	identity2 := &iam_pb.Identity{
		Name: "some_read_only_user",
		Credentials: []*iam_pb.Credential{
			{
				AccessKey: "some_access_key1",
				SecretKey: "some_secret_key1",
			},
		},
		Actions: []string{
			ACTION_READ,
		},
	}
	identity3 := &iam_pb.Identity{
		Name: "some_normal_user",
		Credentials: []*iam_pb.Credential{
			{
				AccessKey: "some_access_key2",
				SecretKey: "some_secret_key2",
			},
		},
		Actions: []string{
			ACTION_READ,
			ACTION_WRITE,
		},
	}

	s3ApiConfiguration.Identities = append(s3ApiConfiguration.Identities, identity1)
	s3ApiConfiguration.Identities = append(s3ApiConfiguration.Identities, identity2)
	s3ApiConfiguration.Identities = append(s3ApiConfiguration.Identities, identity3)

	m := jsonpb.MarshalOptions{
		EmitUnpopulated: true,
		Indent:          "  ",
	}

	text, _ := m.Marshal(s3ApiConfiguration)

	println(string(text))

}

func TestCanDo(t *testing.T) {
	ident1 := &Identity{
		Name: "anything",
		Actions: []Action{
			"Write:bucket1/a/b/c/*",
			"Write:bucket1/a/b/other",
		},
	}
	// object specific
	assert.Equal(t, true, ident1.canDo(ACTION_WRITE, "bucket1", "/a/b/c/d.txt"))
	assert.Equal(t, false, ident1.canDo(ACTION_WRITE, "bucket1", "/a/b/other/some"), "action without *")

	// bucket specific
	ident2 := &Identity{
		Name: "anything",
		Actions: []Action{
			"Read:bucket1",
			"Write:bucket1/*",
			"WriteAcp:bucket1",
		},
	}
	assert.Equal(t, true, ident2.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt"))
	assert.Equal(t, true, ident2.canDo(ACTION_WRITE, "bucket1", "/a/b/c/d.txt"))
	assert.Equal(t, true, ident2.canDo(ACTION_WRITE_ACP, "bucket1", ""))
	assert.Equal(t, false, ident2.canDo(ACTION_READ_ACP, "bucket1", ""))
	assert.Equal(t, false, ident2.canDo(ACTION_LIST, "bucket1", "/a/b/c/d.txt"))

	// across buckets
	ident3 := &Identity{
		Name: "anything",
		Actions: []Action{
			"Read",
			"Write",
		},
	}
	assert.Equal(t, true, ident3.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt"))
	assert.Equal(t, true, ident3.canDo(ACTION_WRITE, "bucket1", "/a/b/c/d.txt"))
	assert.Equal(t, false, ident3.canDo(ACTION_LIST, "bucket1", "/a/b/other/some"))
	assert.Equal(t, false, ident3.canDo(ACTION_WRITE_ACP, "bucket1", ""))

	// partial buckets
	ident4 := &Identity{
		Name: "anything",
		Actions: []Action{
			"Read:special_*",
			"ReadAcp:special_*",
		},
	}
	assert.Equal(t, true, ident4.canDo(ACTION_READ, "special_bucket", "/a/b/c/d.txt"))
	assert.Equal(t, true, ident4.canDo(ACTION_READ_ACP, "special_bucket", ""))
	assert.Equal(t, false, ident4.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt"))

	// admin buckets
	ident5 := &Identity{
		Name: "anything",
		Actions: []Action{
			"Admin:special_*",
		},
	}
	assert.Equal(t, true, ident5.canDo(ACTION_READ, "special_bucket", "/a/b/c/d.txt"))
	assert.Equal(t, true, ident5.canDo(ACTION_READ_ACP, "special_bucket", ""))
	assert.Equal(t, true, ident5.canDo(ACTION_WRITE, "special_bucket", "/a/b/c/d.txt"))
	assert.Equal(t, true, ident5.canDo(ACTION_WRITE_ACP, "special_bucket", ""))

	// anonymous buckets
	ident6 := &Identity{
		Name: "anonymous",
		Actions: []Action{
			"Read",
		},
	}
	assert.Equal(t, true, ident6.canDo(ACTION_READ, "anything_bucket", "/a/b/c/d.txt"))
}

type LoadS3ApiConfigurationTestCase struct {
	pbAccount   *iam_pb.Account
	pbIdent     *iam_pb.Identity
	expectIdent *Identity
}

func TestLoadS3ApiConfiguration(t *testing.T) {
	specifiedAccount := Account{
		Id:           "specifiedAccountID",
		DisplayName:  "specifiedAccountName",
		EmailAddress: "specifiedAccounEmail@example.com",
	}
	pbSpecifiedAccount := iam_pb.Account{
		Id:           "specifiedAccountID",
		DisplayName:  "specifiedAccountName",
		EmailAddress: "specifiedAccounEmail@example.com",
	}
	testCases := map[string]*LoadS3ApiConfigurationTestCase{
		"notSpecifyAccountId": {
			pbIdent: &iam_pb.Identity{
				Name: "notSpecifyAccountId",
				Actions: []string{
					"Read",
					"Write",
				},
				Credentials: []*iam_pb.Credential{
					{
						AccessKey: "some_access_key1",
						SecretKey: "some_secret_key2",
					},
				},
			},
			expectIdent: &Identity{
				Name:    "notSpecifyAccountId",
				Account: &AccountAdmin,
				Actions: []Action{
					"Read",
					"Write",
				},
				Credentials: []*Credential{
					{
						AccessKey: "some_access_key1",
						SecretKey: "some_secret_key2",
					},
				},
			},
		},
		"specifiedAccountID": {
			pbAccount: &pbSpecifiedAccount,
			pbIdent: &iam_pb.Identity{
				Name:    "specifiedAccountID",
				Account: &pbSpecifiedAccount,
				Actions: []string{
					"Read",
					"Write",
				},
			},
			expectIdent: &Identity{
				Name:    "specifiedAccountID",
				Account: &specifiedAccount,
				Actions: []Action{
					"Read",
					"Write",
				},
			},
		},
		"anonymous": {
			pbIdent: &iam_pb.Identity{
				Name: "anonymous",
				Actions: []string{
					"Read",
					"Write",
				},
			},
			expectIdent: &Identity{
				Name:    "anonymous",
				Account: &AccountAnonymous,
				Actions: []Action{
					"Read",
					"Write",
				},
			},
		},
	}

	config := &iam_pb.S3ApiConfiguration{
		Identities: make([]*iam_pb.Identity, 0),
	}
	for _, v := range testCases {
		config.Identities = append(config.Identities, v.pbIdent)
		if v.pbAccount != nil {
			config.Accounts = append(config.Accounts, v.pbAccount)
		}
	}

	iam := IdentityAccessManagement{}
	err := iam.loadS3ApiConfiguration(config)
	if err != nil {
		return
	}

	for _, ident := range iam.identities {
		tc := testCases[ident.Name]
		if !reflect.DeepEqual(ident, tc.expectIdent) {
			t.Errorf("not expect for ident name %s", ident.Name)
		}
	}
}
support acl 2020-02-09 22:30:02 +00:00			`package s3api`

			`import (`
move to https://github.com/seaweedfs/seaweedfs 2022-07-29 07:17:28 +00:00			`. "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"`
wildcard prefix to restrict access to directories in s3 bucket https://github.com/chrislusf/seaweedfs/discussions/2551 2022-01-03 23:39:36 +00:00			`"github.com/stretchr/testify/assert"`
add ownership rest apis (#3765) 2022-10-02 02:18:00 +00:00			`"reflect"`
support acl 2020-02-09 22:30:02 +00:00			`"testing"`

move to https://github.com/seaweedfs/seaweedfs 2022-07-29 07:17:28 +00:00			`"github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"`
[s3acl] Step1: move s3account.AccountManager into to iam.S3ApiConfiguration (#4859) * move s3account.AccountManager into to iam.S3ApiConfiguration and switch to Interface https://github.com/seaweedfs/seaweedfs/issues/4519 * fix: test bucket acl default and adjust the variable names * fix: s3 api config test --------- Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> Co-authored-by: Chris Lu <chrislusf@users.noreply.github.com> 2023-09-25 15:34:12 +00:00			`jsonpb "google.golang.org/protobuf/encoding/protojson"`
support acl 2020-02-09 22:30:02 +00:00			`)`

			`func TestIdentityListFileFormat(t *testing.T) {`

configuration stores the identity list 2020-02-17 20:31:59 +00:00			`s3ApiConfiguration := &iam_pb.S3ApiConfiguration{}`
support acl 2020-02-09 22:30:02 +00:00
			`identity1 := &iam_pb.Identity{`
			`Name: "some_name",`
			`Credentials: []*iam_pb.Credential{`
			`{`
			`AccessKey: "some_access_key1",`
			`SecretKey: "some_secret_key2",`
			`},`
			`},`
			`Actions: []string{`
			`ACTION_ADMIN,`
			`ACTION_READ,`
			`ACTION_WRITE,`
			`},`
			`}`
			`identity2 := &iam_pb.Identity{`
			`Name: "some_read_only_user",`
			`Credentials: []*iam_pb.Credential{`
			`{`
			`AccessKey: "some_access_key1",`
			`SecretKey: "some_secret_key1",`
			`},`
			`},`
			`Actions: []string{`
			`ACTION_READ,`
			`},`
			`}`
			`identity3 := &iam_pb.Identity{`
			`Name: "some_normal_user",`
			`Credentials: []*iam_pb.Credential{`
			`{`
			`AccessKey: "some_access_key2",`
			`SecretKey: "some_secret_key2",`
			`},`
			`},`
			`Actions: []string{`
			`ACTION_READ,`
			`ACTION_WRITE,`
			`},`
			`}`

configuration stores the identity list 2020-02-17 20:31:59 +00:00			`s3ApiConfiguration.Identities = append(s3ApiConfiguration.Identities, identity1)`
			`s3ApiConfiguration.Identities = append(s3ApiConfiguration.Identities, identity2)`
			`s3ApiConfiguration.Identities = append(s3ApiConfiguration.Identities, identity3)`
support acl 2020-02-09 22:30:02 +00:00
fix tests 2022-08-18 07:15:46 +00:00			`m := jsonpb.MarshalOptions{`
			`EmitUnpopulated: true,`
			`Indent: " ",`
support acl 2020-02-09 22:30:02 +00:00			`}`

fix tests 2022-08-18 07:15:46 +00:00			`text, _ := m.Marshal(s3ApiConfiguration)`
support acl 2020-02-09 22:30:02 +00:00
fix tests 2022-08-18 07:15:46 +00:00			`println(string(text))`
support acl 2020-02-09 22:30:02 +00:00
			`}`
wildcard prefix to restrict access to directories in s3 bucket https://github.com/chrislusf/seaweedfs/discussions/2551 2022-01-03 23:39:36 +00:00
			`func TestCanDo(t *testing.T) {`
			`ident1 := &Identity{`
			`Name: "anything",`
			`Actions: []Action{`
			`"Write:bucket1/a/b/c/*",`
			`"Write:bucket1/a/b/other",`
			`},`
			`}`
			`// object specific`
fix auth permission checking 2022-01-04 05:05:20 +00:00			`assert.Equal(t, true, ident1.canDo(ACTION_WRITE, "bucket1", "/a/b/c/d.txt"))`
			`assert.Equal(t, false, ident1.canDo(ACTION_WRITE, "bucket1", "/a/b/other/some"), "action without *")`
wildcard prefix to restrict access to directories in s3 bucket https://github.com/chrislusf/seaweedfs/discussions/2551 2022-01-03 23:39:36 +00:00
			`// bucket specific`
			`ident2 := &Identity{`
			`Name: "anything",`
			`Actions: []Action{`
			`"Read:bucket1",`
			`"Write:bucket1/*",`
[iam] Replace action read/write to readAcp/writeAcp for handlers with acl (#4858) Replace action read/write to readAcp/writeAcp for handlers with acl query https://github.com/seaweedfs/seaweedfs/issues/4519 Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> 2023-09-21 21:07:04 +00:00			`"WriteAcp:bucket1",`
wildcard prefix to restrict access to directories in s3 bucket https://github.com/chrislusf/seaweedfs/discussions/2551 2022-01-03 23:39:36 +00:00			`},`
			`}`
fix auth permission checking 2022-01-04 05:05:20 +00:00			`assert.Equal(t, true, ident2.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt"))`
			`assert.Equal(t, true, ident2.canDo(ACTION_WRITE, "bucket1", "/a/b/c/d.txt"))`
[iam] Replace action read/write to readAcp/writeAcp for handlers with acl (#4858) Replace action read/write to readAcp/writeAcp for handlers with acl query https://github.com/seaweedfs/seaweedfs/issues/4519 Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> 2023-09-21 21:07:04 +00:00			`assert.Equal(t, true, ident2.canDo(ACTION_WRITE_ACP, "bucket1", ""))`
			`assert.Equal(t, false, ident2.canDo(ACTION_READ_ACP, "bucket1", ""))`
fix auth permission checking 2022-01-04 05:05:20 +00:00			`assert.Equal(t, false, ident2.canDo(ACTION_LIST, "bucket1", "/a/b/c/d.txt"))`
wildcard prefix to restrict access to directories in s3 bucket https://github.com/chrislusf/seaweedfs/discussions/2551 2022-01-03 23:39:36 +00:00
			`// across buckets`
			`ident3 := &Identity{`
			`Name: "anything",`
			`Actions: []Action{`
			`"Read",`
			`"Write",`
			`},`
			`}`
fix auth permission checking 2022-01-04 05:05:20 +00:00			`assert.Equal(t, true, ident3.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt"))`
			`assert.Equal(t, true, ident3.canDo(ACTION_WRITE, "bucket1", "/a/b/c/d.txt"))`
			`assert.Equal(t, false, ident3.canDo(ACTION_LIST, "bucket1", "/a/b/other/some"))`
[iam] Replace action read/write to readAcp/writeAcp for handlers with acl (#4858) Replace action read/write to readAcp/writeAcp for handlers with acl query https://github.com/seaweedfs/seaweedfs/issues/4519 Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> 2023-09-21 21:07:04 +00:00			`assert.Equal(t, false, ident3.canDo(ACTION_WRITE_ACP, "bucket1", ""))`
wildcard prefix to restrict access to directories in s3 bucket https://github.com/chrislusf/seaweedfs/discussions/2551 2022-01-03 23:39:36 +00:00
			`// partial buckets`
			`ident4 := &Identity{`
			`Name: "anything",`
			`Actions: []Action{`
			`"Read:special_*",`
[iam] Replace action read/write to readAcp/writeAcp for handlers with acl (#4858) Replace action read/write to readAcp/writeAcp for handlers with acl query https://github.com/seaweedfs/seaweedfs/issues/4519 Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> 2023-09-21 21:07:04 +00:00			`"ReadAcp:special_*",`
wildcard prefix to restrict access to directories in s3 bucket https://github.com/chrislusf/seaweedfs/discussions/2551 2022-01-03 23:39:36 +00:00			`},`
			`}`
fix auth permission checking 2022-01-04 05:05:20 +00:00			`assert.Equal(t, true, ident4.canDo(ACTION_READ, "special_bucket", "/a/b/c/d.txt"))`
[iam] Replace action read/write to readAcp/writeAcp for handlers with acl (#4858) Replace action read/write to readAcp/writeAcp for handlers with acl query https://github.com/seaweedfs/seaweedfs/issues/4519 Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> 2023-09-21 21:07:04 +00:00			`assert.Equal(t, true, ident4.canDo(ACTION_READ_ACP, "special_bucket", ""))`
fix auth permission checking 2022-01-04 05:05:20 +00:00			`assert.Equal(t, false, ident4.canDo(ACTION_READ, "bucket1", "/a/b/c/d.txt"))`
wildcard prefix to restrict access to directories in s3 bucket https://github.com/chrislusf/seaweedfs/discussions/2551 2022-01-03 23:39:36 +00:00
https://github.com/chrislusf/seaweedfs/issues/2583 2022-01-12 11:04:59 +00:00			`// admin buckets`
			`ident5 := &Identity{`
			`Name: "anything",`
			`Actions: []Action{`
			`"Admin:special_*",`
			`},`
			`}`
			`assert.Equal(t, true, ident5.canDo(ACTION_READ, "special_bucket", "/a/b/c/d.txt"))`
[iam] Replace action read/write to readAcp/writeAcp for handlers with acl (#4858) Replace action read/write to readAcp/writeAcp for handlers with acl query https://github.com/seaweedfs/seaweedfs/issues/4519 Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> 2023-09-21 21:07:04 +00:00			`assert.Equal(t, true, ident5.canDo(ACTION_READ_ACP, "special_bucket", ""))`
https://github.com/chrislusf/seaweedfs/issues/2583 2022-01-12 11:04:59 +00:00			`assert.Equal(t, true, ident5.canDo(ACTION_WRITE, "special_bucket", "/a/b/c/d.txt"))`
[iam] Replace action read/write to readAcp/writeAcp for handlers with acl (#4858) Replace action read/write to readAcp/writeAcp for handlers with acl query https://github.com/seaweedfs/seaweedfs/issues/4519 Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> 2023-09-21 21:07:04 +00:00			`assert.Equal(t, true, ident5.canDo(ACTION_WRITE_ACP, "special_bucket", ""))`
[s3] optimization iam lookup for reducing algorithm complexity (#4857) optimization iam lookup for reducing algorithm complexity https://github.com/seaweedfs/seaweedfs/issues/4519 Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> 2023-09-21 15:19:11 +00:00
			`// anonymous buckets`
			`ident6 := &Identity{`
			`Name: "anonymous",`
			`Actions: []Action{`
			`"Read",`
			`},`
			`}`
			`assert.Equal(t, true, ident6.canDo(ACTION_READ, "anything_bucket", "/a/b/c/d.txt"))`
add ownership rest apis (#3765) 2022-10-02 02:18:00 +00:00			`}`

			`type LoadS3ApiConfigurationTestCase struct {`
[s3acl] Step1: move s3account.AccountManager into to iam.S3ApiConfiguration (#4859) * move s3account.AccountManager into to iam.S3ApiConfiguration and switch to Interface https://github.com/seaweedfs/seaweedfs/issues/4519 * fix: test bucket acl default and adjust the variable names * fix: s3 api config test --------- Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> Co-authored-by: Chris Lu <chrislusf@users.noreply.github.com> 2023-09-25 15:34:12 +00:00			`pbAccount *iam_pb.Account`
add ownership rest apis (#3765) 2022-10-02 02:18:00 +00:00			`pbIdent *iam_pb.Identity`
			`expectIdent *Identity`
			`}`

			`func TestLoadS3ApiConfiguration(t *testing.T) {`
[s3acl] Step1: move s3account.AccountManager into to iam.S3ApiConfiguration (#4859) * move s3account.AccountManager into to iam.S3ApiConfiguration and switch to Interface https://github.com/seaweedfs/seaweedfs/issues/4519 * fix: test bucket acl default and adjust the variable names * fix: s3 api config test --------- Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> Co-authored-by: Chris Lu <chrislusf@users.noreply.github.com> 2023-09-25 15:34:12 +00:00			`specifiedAccount := Account{`
			`Id: "specifiedAccountID",`
			`DisplayName: "specifiedAccountName",`
			`EmailAddress: "specifiedAccounEmail@example.com",`
			`}`
			`pbSpecifiedAccount := iam_pb.Account{`
			`Id: "specifiedAccountID",`
			`DisplayName: "specifiedAccountName",`
			`EmailAddress: "specifiedAccounEmail@example.com",`
			`}`
add ownership rest apis (#3765) 2022-10-02 02:18:00 +00:00			`testCases := map[string]*LoadS3ApiConfigurationTestCase{`
			`"notSpecifyAccountId": {`
			`pbIdent: &iam_pb.Identity{`
			`Name: "notSpecifyAccountId",`
			`Actions: []string{`
			`"Read",`
			`"Write",`
			`},`
			`Credentials: []*iam_pb.Credential{`
			`{`
			`AccessKey: "some_access_key1",`
			`SecretKey: "some_secret_key2",`
			`},`
			`},`
			`},`
			`expectIdent: &Identity{`
[s3acl] Step1: move s3account.AccountManager into to iam.S3ApiConfiguration (#4859) * move s3account.AccountManager into to iam.S3ApiConfiguration and switch to Interface https://github.com/seaweedfs/seaweedfs/issues/4519 * fix: test bucket acl default and adjust the variable names * fix: s3 api config test --------- Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> Co-authored-by: Chris Lu <chrislusf@users.noreply.github.com> 2023-09-25 15:34:12 +00:00			`Name: "notSpecifyAccountId",`
			`Account: &AccountAdmin,`
add ownership rest apis (#3765) 2022-10-02 02:18:00 +00:00			`Actions: []Action{`
			`"Read",`
			`"Write",`
			`},`
			`Credentials: []*Credential{`
			`{`
			`AccessKey: "some_access_key1",`
			`SecretKey: "some_secret_key2",`
			`},`
			`},`
			`},`
			`},`
			`"specifiedAccountID": {`
[s3acl] Step1: move s3account.AccountManager into to iam.S3ApiConfiguration (#4859) * move s3account.AccountManager into to iam.S3ApiConfiguration and switch to Interface https://github.com/seaweedfs/seaweedfs/issues/4519 * fix: test bucket acl default and adjust the variable names * fix: s3 api config test --------- Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> Co-authored-by: Chris Lu <chrislusf@users.noreply.github.com> 2023-09-25 15:34:12 +00:00			`pbAccount: &pbSpecifiedAccount,`
add ownership rest apis (#3765) 2022-10-02 02:18:00 +00:00			`pbIdent: &iam_pb.Identity{`
[s3acl] Step1: move s3account.AccountManager into to iam.S3ApiConfiguration (#4859) * move s3account.AccountManager into to iam.S3ApiConfiguration and switch to Interface https://github.com/seaweedfs/seaweedfs/issues/4519 * fix: test bucket acl default and adjust the variable names * fix: s3 api config test --------- Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> Co-authored-by: Chris Lu <chrislusf@users.noreply.github.com> 2023-09-25 15:34:12 +00:00			`Name: "specifiedAccountID",`
			`Account: &pbSpecifiedAccount,`
add ownership rest apis (#3765) 2022-10-02 02:18:00 +00:00			`Actions: []string{`
			`"Read",`
			`"Write",`
			`},`
			`},`
			`expectIdent: &Identity{`
[s3acl] Step1: move s3account.AccountManager into to iam.S3ApiConfiguration (#4859) * move s3account.AccountManager into to iam.S3ApiConfiguration and switch to Interface https://github.com/seaweedfs/seaweedfs/issues/4519 * fix: test bucket acl default and adjust the variable names * fix: s3 api config test --------- Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> Co-authored-by: Chris Lu <chrislusf@users.noreply.github.com> 2023-09-25 15:34:12 +00:00			`Name: "specifiedAccountID",`
			`Account: &specifiedAccount,`
add ownership rest apis (#3765) 2022-10-02 02:18:00 +00:00			`Actions: []Action{`
			`"Read",`
			`"Write",`
			`},`
			`},`
			`},`
			`"anonymous": {`
			`pbIdent: &iam_pb.Identity{`
			`Name: "anonymous",`
			`Actions: []string{`
			`"Read",`
			`"Write",`
			`},`
			`},`
			`expectIdent: &Identity{`
[s3acl] Step1: move s3account.AccountManager into to iam.S3ApiConfiguration (#4859) * move s3account.AccountManager into to iam.S3ApiConfiguration and switch to Interface https://github.com/seaweedfs/seaweedfs/issues/4519 * fix: test bucket acl default and adjust the variable names * fix: s3 api config test --------- Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> Co-authored-by: Chris Lu <chrislusf@users.noreply.github.com> 2023-09-25 15:34:12 +00:00			`Name: "anonymous",`
			`Account: &AccountAnonymous,`
add ownership rest apis (#3765) 2022-10-02 02:18:00 +00:00			`Actions: []Action{`
			`"Read",`
			`"Write",`
			`},`
			`},`
			`},`
			`}`

			`config := &iam_pb.S3ApiConfiguration{`
			`Identities: make([]*iam_pb.Identity, 0),`
			`}`
			`for _, v := range testCases {`
			`config.Identities = append(config.Identities, v.pbIdent)`
[s3acl] Step1: move s3account.AccountManager into to iam.S3ApiConfiguration (#4859) * move s3account.AccountManager into to iam.S3ApiConfiguration and switch to Interface https://github.com/seaweedfs/seaweedfs/issues/4519 * fix: test bucket acl default and adjust the variable names * fix: s3 api config test --------- Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> Co-authored-by: Chris Lu <chrislusf@users.noreply.github.com> 2023-09-25 15:34:12 +00:00			`if v.pbAccount != nil {`
			`config.Accounts = append(config.Accounts, v.pbAccount)`
			`}`
add ownership rest apis (#3765) 2022-10-02 02:18:00 +00:00			`}`
https://github.com/chrislusf/seaweedfs/issues/2583 2022-01-12 11:04:59 +00:00
add ownership rest apis (#3765) 2022-10-02 02:18:00 +00:00			`iam := IdentityAccessManagement{}`
			`err := iam.loadS3ApiConfiguration(config)`
			`if err != nil {`
			`return`
			`}`

			`for _, ident := range iam.identities {`
			`tc := testCases[ident.Name]`
			`if !reflect.DeepEqual(ident, tc.expectIdent) {`
[s3acl] Step1: move s3account.AccountManager into to iam.S3ApiConfiguration (#4859) * move s3account.AccountManager into to iam.S3ApiConfiguration and switch to Interface https://github.com/seaweedfs/seaweedfs/issues/4519 * fix: test bucket acl default and adjust the variable names * fix: s3 api config test --------- Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co> Co-authored-by: Chris Lu <chrislusf@users.noreply.github.com> 2023-09-25 15:34:12 +00:00			`t.Errorf("not expect for ident name %s", ident.Name)`
add ownership rest apis (#3765) 2022-10-02 02:18:00 +00:00			`}`
			`}`
wildcard prefix to restrict access to directories in s3 bucket https://github.com/chrislusf/seaweedfs/discussions/2551 2022-01-03 23:39:36 +00:00			`}`