Refactor: Extract common IAM logic into shared weed/iam package (#7747)
This resolves GitHub issue #7747 by extracting duplicated IAM code into a shared package that both the embedded S3 IAM and standalone IAM use. New shared package (weed/iam/): - constants.go: Common constants (charsets, action strings, error messages) - helpers.go: Shared helper functions (Hash, GenerateRandomString, GenerateAccessKeyId, GenerateSecretAccessKey, StringSlicesEqual, MapToStatementAction, MapToIdentitiesAction, MaskAccessKey) - responses.go: Common IAM response structs (CommonResponse, ListUsersResponse, CreateUserResponse, etc.) - helpers_test.go: Unit tests for shared helpers Updated files: - weed/s3api/s3api_embedded_iam.go: Use type aliases and function wrappers to the shared package, removing ~200 lines of duplicated code - weed/iamapi/iamapi_management_handlers.go: Use shared package for constants and helper functions, removing ~100 lines of duplicated code - weed/iamapi/iamapi_response.go: Re-export types from shared package for backwards compatibility Benefits: - Single source of truth for IAM constants and helpers - Easier maintenance - changes only need to be made in one place - Reduced risk of inconsistencies between embedded and standalone IAM - Better test coverage through shared test suite
This commit is contained in:
chrislu
135
weed/iam/helpers_test.go
Normal file
135
weed/iam/helpers_test.go
Normal file
@@ -0,0 +1,135 @@
|
||||
package iam
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestHash(t *testing.T) {
|
||||
input := "test"
|
||||
result := Hash(&input)
|
||||
assert.NotEmpty(t, result)
|
||||
assert.Len(t, result, 40) // SHA1 hex is 40 chars
|
||||
|
||||
// Same input should produce same hash
|
||||
result2 := Hash(&input)
|
||||
assert.Equal(t, result, result2)
|
||||
|
||||
// Different input should produce different hash
|
||||
different := "different"
|
||||
result3 := Hash(&different)
|
||||
assert.NotEqual(t, result, result3)
|
||||
}
|
||||
|
||||
func TestGenerateRandomString(t *testing.T) {
|
||||
// Valid generation
|
||||
result, err := GenerateRandomString(10, CharsetUpper)
|
||||
assert.NoError(t, err)
|
||||
assert.Len(t, result, 10)
|
||||
|
||||
// Different calls should produce different results (with high probability)
|
||||
result2, err := GenerateRandomString(10, CharsetUpper)
|
||||
assert.NoError(t, err)
|
||||
assert.NotEqual(t, result, result2)
|
||||
|
||||
// Invalid length
|
||||
_, err = GenerateRandomString(0, CharsetUpper)
|
||||
assert.Error(t, err)
|
||||
|
||||
_, err = GenerateRandomString(-1, CharsetUpper)
|
||||
assert.Error(t, err)
|
||||
|
||||
// Empty charset
|
||||
_, err = GenerateRandomString(10, "")
|
||||
assert.Error(t, err)
|
||||
}
|
||||
|
||||
func TestGenerateAccessKeyId(t *testing.T) {
|
||||
keyId, err := GenerateAccessKeyId()
|
||||
assert.NoError(t, err)
|
||||
assert.Len(t, keyId, AccessKeyIdLength)
|
||||
}
|
||||
|
||||
func TestGenerateSecretAccessKey(t *testing.T) {
|
||||
secretKey, err := GenerateSecretAccessKey()
|
||||
assert.NoError(t, err)
|
||||
assert.Len(t, secretKey, SecretAccessKeyLength)
|
||||
}
|
||||
|
||||
func TestStringSlicesEqual(t *testing.T) {
|
||||
tests := []struct {
|
||||
a []string
|
||||
b []string
|
||||
expected bool
|
||||
}{
|
||||
{[]string{"a", "b", "c"}, []string{"a", "b", "c"}, true},
|
||||
{[]string{"c", "b", "a"}, []string{"a", "b", "c"}, true}, // Order independent
|
||||
{[]string{"a", "b"}, []string{"a", "b", "c"}, false},
|
||||
{[]string{}, []string{}, true},
|
||||
{nil, nil, true},
|
||||
{[]string{"a"}, []string{"b"}, false},
|
||||
}
|
||||
|
||||
for _, test := range tests {
|
||||
result := StringSlicesEqual(test.a, test.b)
|
||||
assert.Equal(t, test.expected, result)
|
||||
}
|
||||
}
|
||||
|
||||
func TestMapToStatementAction(t *testing.T) {
|
||||
tests := []struct {
|
||||
input string
|
||||
expected string
|
||||
}{
|
||||
{StatementActionAdmin, s3_constants.ACTION_ADMIN},
|
||||
{StatementActionWrite, s3_constants.ACTION_WRITE},
|
||||
{StatementActionRead, s3_constants.ACTION_READ},
|
||||
{StatementActionList, s3_constants.ACTION_LIST},
|
||||
{StatementActionDelete, s3_constants.ACTION_DELETE_BUCKET},
|
||||
{"unknown", ""},
|
||||
}
|
||||
|
||||
for _, test := range tests {
|
||||
result := MapToStatementAction(test.input)
|
||||
assert.Equal(t, test.expected, result)
|
||||
}
|
||||
}
|
||||
|
||||
func TestMapToIdentitiesAction(t *testing.T) {
|
||||
tests := []struct {
|
||||
input string
|
||||
expected string
|
||||
}{
|
||||
{s3_constants.ACTION_ADMIN, StatementActionAdmin},
|
||||
{s3_constants.ACTION_WRITE, StatementActionWrite},
|
||||
{s3_constants.ACTION_READ, StatementActionRead},
|
||||
{s3_constants.ACTION_LIST, StatementActionList},
|
||||
{s3_constants.ACTION_DELETE_BUCKET, StatementActionDelete},
|
||||
{"unknown", ""},
|
||||
}
|
||||
|
||||
for _, test := range tests {
|
||||
result := MapToIdentitiesAction(test.input)
|
||||
assert.Equal(t, test.expected, result)
|
||||
}
|
||||
}
|
||||
|
||||
func TestMaskAccessKey(t *testing.T) {
|
||||
tests := []struct {
|
||||
input string
|
||||
expected string
|
||||
}{
|
||||
{"AKIAIOSFODNN7EXAMPLE", "AKIA***"},
|
||||
{"AKIA", "AKIA"},
|
||||
{"AKI", "AKI"},
|
||||
{"", ""},
|
||||
}
|
||||
|
||||
for _, test := range tests {
|
||||
result := MaskAccessKey(test.input)
|
||||
assert.Equal(t, test.expected, result)
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user