2e98902f29
* fix(s3): use URL-safe secret keys for admin dashboard users and service accounts The dashboard's generateSecretKey() used base64.StdEncoding which produces +, /, and = characters that break S3 signature authentication. Reuse the IAM package's GenerateSecretAccessKey() which was already fixed in #7990. Fixes #8898 * fix: handle error from GenerateSecretAccessKey instead of ignoring it
117 lines
3.2 KiB
Go
117 lines
3.2 KiB
Go
package dash
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/seaweedfs/seaweedfs/weed/credential"
|
|
_ "github.com/seaweedfs/seaweedfs/weed/credential/filer_etc" // Import to register filer_etc store
|
|
"github.com/seaweedfs/seaweedfs/weed/pb"
|
|
"google.golang.org/grpc"
|
|
)
|
|
|
|
// TestFilerAddressFunctionInterface tests that the filer_etc store
|
|
// implements the correct SetFilerAddressFunc interface (issue #7575)
|
|
func TestFilerAddressFunctionInterface(t *testing.T) {
|
|
// Create credential manager with filer_etc store
|
|
credentialManager, err := credential.NewCredentialManagerWithDefaults("")
|
|
if err != nil {
|
|
t.Fatalf("Failed to initialize credential manager: %v", err)
|
|
}
|
|
|
|
store := credentialManager.GetStore()
|
|
if store == nil {
|
|
t.Fatal("Credential store is nil")
|
|
}
|
|
|
|
// Check if store is filer_etc type
|
|
if store.GetName() != credential.StoreTypeFilerEtc {
|
|
t.Skipf("Skipping test - store is not filer_etc (got: %s)", store.GetName())
|
|
}
|
|
|
|
// Check if store implements SetFilerAddressFunc interface
|
|
// This is the critical check for bug #7575
|
|
filerFuncSetter, ok := store.(interface {
|
|
SetFilerAddressFunc(func() pb.ServerAddress, grpc.DialOption)
|
|
})
|
|
if !ok {
|
|
t.Fatal("FilerEtcStore does not implement SetFilerAddressFunc interface - bug #7575")
|
|
}
|
|
|
|
// Verify we can call the method without panic
|
|
mockFilerAddress := pb.ServerAddress("localhost:8888")
|
|
filerFuncSetter.SetFilerAddressFunc(func() pb.ServerAddress {
|
|
return mockFilerAddress
|
|
}, grpc.WithInsecure())
|
|
|
|
t.Log("FilerEtcStore correctly implements SetFilerAddressFunc interface")
|
|
}
|
|
|
|
// TestGenerateAccessKey tests the access key generation function
|
|
func TestGenerateAccessKey(t *testing.T) {
|
|
key1 := generateAccessKey()
|
|
key2 := generateAccessKey()
|
|
|
|
// Check length
|
|
if len(key1) != 20 {
|
|
t.Errorf("Expected access key length 20, got %d", len(key1))
|
|
}
|
|
|
|
// Check uniqueness
|
|
if key1 == key2 {
|
|
t.Error("Generated access keys should be unique")
|
|
}
|
|
|
|
// Check character set
|
|
for _, c := range key1 {
|
|
if !((c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9')) {
|
|
t.Errorf("Access key contains invalid character: %c", c)
|
|
}
|
|
}
|
|
}
|
|
|
|
// TestGenerateSecretKey tests the secret key generation function
|
|
func TestGenerateSecretKey(t *testing.T) {
|
|
key1 := generateSecretKey()
|
|
key2 := generateSecretKey()
|
|
|
|
// Check length (IAM standard secret key length)
|
|
if len(key1) != 42 {
|
|
t.Errorf("Expected secret key length 42, got %d", len(key1))
|
|
}
|
|
|
|
// Check that key contains only URL-safe characters (no +, /)
|
|
for _, c := range key1 {
|
|
if c == '+' || c == '/' || c == '=' {
|
|
t.Errorf("Secret key contains non-URL-safe character: %c", c)
|
|
}
|
|
}
|
|
|
|
// Check uniqueness
|
|
if key1 == key2 {
|
|
t.Error("Generated secret keys should be unique")
|
|
}
|
|
}
|
|
|
|
// TestGenerateAccountId tests the account ID generation function
|
|
func TestGenerateAccountId(t *testing.T) {
|
|
id1 := generateAccountId()
|
|
id2 := generateAccountId()
|
|
|
|
// Check length
|
|
if len(id1) != 12 {
|
|
t.Errorf("Expected account ID length 12, got %d", len(id1))
|
|
}
|
|
|
|
// Check that it's a number
|
|
for _, c := range id1 {
|
|
if c < '0' || c > '9' {
|
|
t.Errorf("Account ID contains non-digit character: %c", c)
|
|
}
|
|
}
|
|
|
|
// Check uniqueness (they should usually be different)
|
|
if id1 == id2 {
|
|
t.Log("Warning: Generated account IDs are the same (rare but possible)")
|
|
}
|
|
}
|