Add credential storage (#6938)

* add credential store interface * load credential.toml * lint * create credentialManager with explicit store type * add type name * InitializeCredentialManager * remove unused functions * fix missing import * fix import * fix nil configuration
2025-07-02 18:03:17 -07:00
parent 6b706f9ccd
commit 1db7c2b8aa
23 changed files with 3656 additions and 288 deletions
--- a/weed/credential/credential_test.go
+++ b/weed/credential/credential_test.go
@@ -0,0 +1,353 @@
+package credential
+
+import (
+	"context"
+	"testing"
+
+	"github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"
+	"github.com/seaweedfs/seaweedfs/weed/util"
+)
+
+func TestCredentialStoreInterface(t *testing.T) {
+	// Note: This test may fail if run without importing store packages
+	// For full integration testing, see the test/ package
+	if len(Stores) == 0 {
+		t.Skip("No credential stores registered - this is expected when testing the base package without store imports")
+	}
+
+	// Check that expected stores are available
+	storeNames := GetAvailableStores()
+	expectedStores := []string{string(StoreTypeFilerEtc), string(StoreTypeMemory)}
+
+	// Add SQLite and PostgreSQL if they're available (build tags dependent)
+	for _, storeName := range storeNames {
+		found := false
+		for _, expected := range append(expectedStores, string(StoreTypeSQLite), string(StoreTypePostgres)) {
+			if string(storeName) == expected {
+				found = true
+				break
+			}
+		}
+		if !found {
+			t.Errorf("Unexpected store found: %s", storeName)
+		}
+	}
+
+	// Test that filer_etc store is always available
+	filerEtcStoreFound := false
+	memoryStoreFound := false
+	for _, storeName := range storeNames {
+		if string(storeName) == string(StoreTypeFilerEtc) {
+			filerEtcStoreFound = true
+		}
+		if string(storeName) == string(StoreTypeMemory) {
+			memoryStoreFound = true
+		}
+	}
+	if !filerEtcStoreFound {
+		t.Error("FilerEtc store should always be available")
+	}
+	if !memoryStoreFound {
+		t.Error("Memory store should always be available")
+	}
+}
+
+func TestCredentialManagerCreation(t *testing.T) {
+	config := util.GetViper()
+
+	// Test creating credential manager with invalid store
+	_, err := NewCredentialManager(CredentialStoreTypeName("nonexistent"), config, "test.")
+	if err == nil {
+		t.Error("Expected error for nonexistent store")
+	}
+
+	// Skip store-specific tests if no stores are registered
+	if len(Stores) == 0 {
+		t.Skip("No credential stores registered - skipping store-specific tests")
+	}
+
+	// Test creating credential manager with available stores
+	availableStores := GetAvailableStores()
+	if len(availableStores) == 0 {
+		t.Skip("No stores available for testing")
+	}
+
+	// Test with the first available store
+	storeName := availableStores[0]
+	cm, err := NewCredentialManager(storeName, config, "test.")
+	if err != nil {
+		t.Fatalf("Failed to create credential manager with store %s: %v", storeName, err)
+	}
+	if cm == nil {
+		t.Error("Credential manager should not be nil")
+	}
+	defer cm.Shutdown()
+
+	// Test that the store is of the correct type
+	if cm.GetStore().GetName() != storeName {
+		t.Errorf("Expected %s store, got %s", storeName, cm.GetStore().GetName())
+	}
+}
+
+func TestCredentialInterface(t *testing.T) {
+	// Skip if no stores are registered
+	if len(Stores) == 0 {
+		t.Skip("No credential stores registered - for full testing see test/ package")
+	}
+
+	// Test the interface with the first available store
+	availableStores := GetAvailableStores()
+	if len(availableStores) == 0 {
+		t.Skip("No stores available for testing")
+	}
+
+	testCredentialInterfaceWithStore(t, availableStores[0])
+}
+
+func testCredentialInterfaceWithStore(t *testing.T, storeName CredentialStoreTypeName) {
+	// Create a test identity
+	testIdentity := &iam_pb.Identity{
+		Name:    "testuser",
+		Actions: []string{"Read", "Write"},
+		Account: &iam_pb.Account{
+			Id:           "123456789012",
+			DisplayName:  "Test User",
+			EmailAddress: "test@example.com",
+		},
+		Credentials: []*iam_pb.Credential{
+			{
+				AccessKey: "AKIAIOSFODNN7EXAMPLE",
+				SecretKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
+			},
+		},
+	}
+
+	// Test the interface methods exist (compile-time check)
+	config := util.GetViper()
+	cm, err := NewCredentialManager(storeName, config, "test.")
+	if err != nil {
+		t.Fatalf("Failed to create credential manager: %v", err)
+	}
+	defer cm.Shutdown()
+
+	ctx := context.Background()
+
+	// Test LoadConfiguration
+	_, err = cm.LoadConfiguration(ctx)
+	if err != nil {
+		t.Fatalf("LoadConfiguration failed: %v", err)
+	}
+
+	// Test CreateUser
+	err = cm.CreateUser(ctx, testIdentity)
+	if err != nil {
+		t.Fatalf("CreateUser failed: %v", err)
+	}
+
+	// Test GetUser
+	user, err := cm.GetUser(ctx, "testuser")
+	if err != nil {
+		t.Fatalf("GetUser failed: %v", err)
+	}
+	if user.Name != "testuser" {
+		t.Errorf("Expected user name 'testuser', got %s", user.Name)
+	}
+
+	// Test ListUsers
+	users, err := cm.ListUsers(ctx)
+	if err != nil {
+		t.Fatalf("ListUsers failed: %v", err)
+	}
+	if len(users) != 1 || users[0] != "testuser" {
+		t.Errorf("Expected ['testuser'], got %v", users)
+	}
+
+	// Test GetUserByAccessKey
+	userByKey, err := cm.GetUserByAccessKey(ctx, "AKIAIOSFODNN7EXAMPLE")
+	if err != nil {
+		t.Fatalf("GetUserByAccessKey failed: %v", err)
+	}
+	if userByKey.Name != "testuser" {
+		t.Errorf("Expected user name 'testuser', got %s", userByKey.Name)
+	}
+}
+
+func TestCredentialManagerIntegration(t *testing.T) {
+	// Skip if no stores are registered
+	if len(Stores) == 0 {
+		t.Skip("No credential stores registered - for full testing see test/ package")
+	}
+
+	// Test with the first available store
+	availableStores := GetAvailableStores()
+	if len(availableStores) == 0 {
+		t.Skip("No stores available for testing")
+	}
+
+	storeName := availableStores[0]
+	config := util.GetViper()
+	cm, err := NewCredentialManager(storeName, config, "test.")
+	if err != nil {
+		t.Fatalf("Failed to create credential manager: %v", err)
+	}
+	defer cm.Shutdown()
+
+	ctx := context.Background()
+
+	// Test complete workflow
+	user1 := &iam_pb.Identity{
+		Name:    "user1",
+		Actions: []string{"Read"},
+		Account: &iam_pb.Account{
+			Id:           "111111111111",
+			DisplayName:  "User One",
+			EmailAddress: "user1@example.com",
+		},
+		Credentials: []*iam_pb.Credential{
+			{
+				AccessKey: "AKIAUSER1",
+				SecretKey: "secret1",
+			},
+		},
+	}
+
+	user2 := &iam_pb.Identity{
+		Name:    "user2",
+		Actions: []string{"Write"},
+		Account: &iam_pb.Account{
+			Id:           "222222222222",
+			DisplayName:  "User Two",
+			EmailAddress: "user2@example.com",
+		},
+		Credentials: []*iam_pb.Credential{
+			{
+				AccessKey: "AKIAUSER2",
+				SecretKey: "secret2",
+			},
+		},
+	}
+
+	// Create users
+	err = cm.CreateUser(ctx, user1)
+	if err != nil {
+		t.Fatalf("Failed to create user1: %v", err)
+	}
+
+	err = cm.CreateUser(ctx, user2)
+	if err != nil {
+		t.Fatalf("Failed to create user2: %v", err)
+	}
+
+	// List users
+	users, err := cm.ListUsers(ctx)
+	if err != nil {
+		t.Fatalf("Failed to list users: %v", err)
+	}
+
+	if len(users) != 2 {
+		t.Errorf("Expected 2 users, got %d", len(users))
+	}
+
+	// Test access key lookup
+	foundUser, err := cm.GetUserByAccessKey(ctx, "AKIAUSER1")
+	if err != nil {
+		t.Fatalf("Failed to get user by access key: %v", err)
+	}
+	if foundUser.Name != "user1" {
+		t.Errorf("Expected user1, got %s", foundUser.Name)
+	}
+
+	// Delete user
+	err = cm.DeleteUser(ctx, "user1")
+	if err != nil {
+		t.Fatalf("Failed to delete user: %v", err)
+	}
+
+	// Verify user is deleted
+	_, err = cm.GetUser(ctx, "user1")
+	if err != ErrUserNotFound {
+		t.Errorf("Expected ErrUserNotFound, got %v", err)
+	}
+
+	// Clean up
+	err = cm.DeleteUser(ctx, "user2")
+	if err != nil {
+		t.Fatalf("Failed to delete user2: %v", err)
+	}
+}
+
+// TestErrorTypes tests that the custom error types are defined correctly
+func TestErrorTypes(t *testing.T) {
+	// Test that error types are defined
+	if ErrUserNotFound == nil {
+		t.Error("ErrUserNotFound should be defined")
+	}
+	if ErrUserAlreadyExists == nil {
+		t.Error("ErrUserAlreadyExists should be defined")
+	}
+	if ErrAccessKeyNotFound == nil {
+		t.Error("ErrAccessKeyNotFound should be defined")
+	}
+
+	// Test error messages
+	if ErrUserNotFound.Error() != "user not found" {
+		t.Errorf("Expected 'user not found', got '%s'", ErrUserNotFound.Error())
+	}
+	if ErrUserAlreadyExists.Error() != "user already exists" {
+		t.Errorf("Expected 'user already exists', got '%s'", ErrUserAlreadyExists.Error())
+	}
+	if ErrAccessKeyNotFound.Error() != "access key not found" {
+		t.Errorf("Expected 'access key not found', got '%s'", ErrAccessKeyNotFound.Error())
+	}
+}
+
+// TestGetAvailableStores tests the store discovery function
+func TestGetAvailableStores(t *testing.T) {
+	stores := GetAvailableStores()
+	if len(stores) == 0 {
+		t.Skip("No stores available for testing")
+	}
+
+	// Convert to strings for comparison
+	storeNames := make([]string, len(stores))
+	for i, store := range stores {
+		storeNames[i] = string(store)
+	}
+
+	t.Logf("Available stores: %v (count: %d)", storeNames, len(storeNames))
+
+	// We expect at least memory and filer_etc stores to be available
+	expectedStores := []string{string(StoreTypeFilerEtc), string(StoreTypeMemory)}
+
+	// Add SQLite and PostgreSQL if they're available (build tags dependent)
+	for _, storeName := range storeNames {
+		found := false
+		for _, expected := range append(expectedStores, string(StoreTypeSQLite), string(StoreTypePostgres)) {
+			if storeName == expected {
+				found = true
+				break
+			}
+		}
+		if !found {
+			t.Errorf("Unexpected store found: %s", storeName)
+		}
+	}
+
+	// Test that filer_etc store is always available
+	filerEtcStoreFound := false
+	memoryStoreFound := false
+	for _, storeName := range storeNames {
+		if storeName == string(StoreTypeFilerEtc) {
+			filerEtcStoreFound = true
+		}
+		if storeName == string(StoreTypeMemory) {
+			memoryStoreFound = true
+		}
+	}
+	if !filerEtcStoreFound {
+		t.Error("FilerEtc store should always be available")
+	}
+	if !memoryStoreFound {
+		t.Error("Memory store should always be available")
+	}
+}