iamapi_test.go 7.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216
  1. package iamapi
  2. import (
  3. "encoding/xml"
  4. "net/http"
  5. "net/http/httptest"
  6. "net/url"
  7. "testing"
  8. "github.com/aws/aws-sdk-go/aws"
  9. "github.com/aws/aws-sdk-go/aws/session"
  10. "github.com/aws/aws-sdk-go/service/iam"
  11. "github.com/gorilla/mux"
  12. "github.com/jinzhu/copier"
  13. "github.com/seaweedfs/seaweedfs/weed/pb/iam_pb"
  14. "github.com/stretchr/testify/assert"
  15. )
  16. var GetS3ApiConfiguration func(s3cfg *iam_pb.S3ApiConfiguration) (err error)
  17. var PutS3ApiConfiguration func(s3cfg *iam_pb.S3ApiConfiguration) (err error)
  18. var GetPolicies func(policies *Policies) (err error)
  19. var PutPolicies func(policies *Policies) (err error)
  20. var s3config = iam_pb.S3ApiConfiguration{}
  21. var policiesFile = Policies{Policies: make(map[string]PolicyDocument)}
  22. var ias = IamApiServer{s3ApiConfig: iamS3ApiConfigureMock{}}
  23. type iamS3ApiConfigureMock struct{}
  24. func (iam iamS3ApiConfigureMock) GetS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error) {
  25. _ = copier.Copy(&s3cfg.Identities, &s3config.Identities)
  26. return nil
  27. }
  28. func (iam iamS3ApiConfigureMock) PutS3ApiConfiguration(s3cfg *iam_pb.S3ApiConfiguration) (err error) {
  29. _ = copier.Copy(&s3config.Identities, &s3cfg.Identities)
  30. return nil
  31. }
  32. func (iam iamS3ApiConfigureMock) GetPolicies(policies *Policies) (err error) {
  33. _ = copier.Copy(&policies, &policiesFile)
  34. return nil
  35. }
  36. func (iam iamS3ApiConfigureMock) PutPolicies(policies *Policies) (err error) {
  37. _ = copier.Copy(&policiesFile, &policies)
  38. return nil
  39. }
  40. func TestCreateUser(t *testing.T) {
  41. userName := aws.String("Test")
  42. params := &iam.CreateUserInput{UserName: userName}
  43. req, _ := iam.New(session.New()).CreateUserRequest(params)
  44. _ = req.Build()
  45. out := CreateUserResponse{}
  46. response, err := executeRequest(req.HTTPRequest, out)
  47. assert.Equal(t, nil, err)
  48. assert.Equal(t, http.StatusOK, response.Code)
  49. //assert.Equal(t, out.XMLName, "lol")
  50. }
  51. func TestListUsers(t *testing.T) {
  52. params := &iam.ListUsersInput{}
  53. req, _ := iam.New(session.New()).ListUsersRequest(params)
  54. _ = req.Build()
  55. out := ListUsersResponse{}
  56. response, err := executeRequest(req.HTTPRequest, out)
  57. assert.Equal(t, nil, err)
  58. assert.Equal(t, http.StatusOK, response.Code)
  59. }
  60. func TestListAccessKeys(t *testing.T) {
  61. svc := iam.New(session.New())
  62. params := &iam.ListAccessKeysInput{}
  63. req, _ := svc.ListAccessKeysRequest(params)
  64. _ = req.Build()
  65. out := ListAccessKeysResponse{}
  66. response, err := executeRequest(req.HTTPRequest, out)
  67. assert.Equal(t, nil, err)
  68. assert.Equal(t, http.StatusOK, response.Code)
  69. }
  70. func TestGetUser(t *testing.T) {
  71. userName := aws.String("Test")
  72. params := &iam.GetUserInput{UserName: userName}
  73. req, _ := iam.New(session.New()).GetUserRequest(params)
  74. _ = req.Build()
  75. out := GetUserResponse{}
  76. response, err := executeRequest(req.HTTPRequest, out)
  77. assert.Equal(t, nil, err)
  78. assert.Equal(t, http.StatusOK, response.Code)
  79. }
  80. // Todo flat statement
  81. func TestCreatePolicy(t *testing.T) {
  82. params := &iam.CreatePolicyInput{
  83. PolicyName: aws.String("S3-read-only-example-bucket"),
  84. PolicyDocument: aws.String(`
  85. {
  86. "Version": "2012-10-17",
  87. "Statement": [
  88. {
  89. "Effect": "Allow",
  90. "Action": [
  91. "s3:Get*",
  92. "s3:List*"
  93. ],
  94. "Resource": [
  95. "arn:aws:s3:::EXAMPLE-BUCKET",
  96. "arn:aws:s3:::EXAMPLE-BUCKET/*"
  97. ]
  98. }
  99. ]
  100. }`),
  101. }
  102. req, _ := iam.New(session.New()).CreatePolicyRequest(params)
  103. _ = req.Build()
  104. out := CreatePolicyResponse{}
  105. response, err := executeRequest(req.HTTPRequest, out)
  106. assert.Equal(t, nil, err)
  107. assert.Equal(t, http.StatusOK, response.Code)
  108. }
  109. func TestPutUserPolicy(t *testing.T) {
  110. userName := aws.String("Test")
  111. params := &iam.PutUserPolicyInput{
  112. UserName: userName,
  113. PolicyName: aws.String("S3-read-only-example-bucket"),
  114. PolicyDocument: aws.String(
  115. `{
  116. "Version": "2012-10-17",
  117. "Statement": [
  118. {
  119. "Effect": "Allow",
  120. "Action": [
  121. "s3:Get*",
  122. "s3:List*"
  123. ],
  124. "Resource": [
  125. "arn:aws:s3:::EXAMPLE-BUCKET",
  126. "arn:aws:s3:::EXAMPLE-BUCKET/*"
  127. ]
  128. }
  129. ]
  130. }`),
  131. }
  132. req, _ := iam.New(session.New()).PutUserPolicyRequest(params)
  133. _ = req.Build()
  134. out := PutUserPolicyResponse{}
  135. response, err := executeRequest(req.HTTPRequest, out)
  136. assert.Equal(t, nil, err)
  137. assert.Equal(t, http.StatusOK, response.Code)
  138. }
  139. func TestGetUserPolicy(t *testing.T) {
  140. userName := aws.String("Test")
  141. params := &iam.GetUserPolicyInput{UserName: userName, PolicyName: aws.String("S3-read-only-example-bucket")}
  142. req, _ := iam.New(session.New()).GetUserPolicyRequest(params)
  143. _ = req.Build()
  144. out := GetUserPolicyResponse{}
  145. response, err := executeRequest(req.HTTPRequest, out)
  146. assert.Equal(t, nil, err)
  147. assert.Equal(t, http.StatusOK, response.Code)
  148. }
  149. func TestUpdateUser(t *testing.T) {
  150. userName := aws.String("Test")
  151. newUserName := aws.String("Test-New")
  152. params := &iam.UpdateUserInput{NewUserName: newUserName, UserName: userName}
  153. req, _ := iam.New(session.New()).UpdateUserRequest(params)
  154. _ = req.Build()
  155. out := UpdateUserResponse{}
  156. response, err := executeRequest(req.HTTPRequest, out)
  157. assert.Equal(t, nil, err)
  158. assert.Equal(t, http.StatusOK, response.Code)
  159. }
  160. func TestDeleteUser(t *testing.T) {
  161. userName := aws.String("Test-New")
  162. params := &iam.DeleteUserInput{UserName: userName}
  163. req, _ := iam.New(session.New()).DeleteUserRequest(params)
  164. _ = req.Build()
  165. out := DeleteUserResponse{}
  166. response, err := executeRequest(req.HTTPRequest, out)
  167. assert.Equal(t, nil, err)
  168. assert.Equal(t, http.StatusOK, response.Code)
  169. }
  170. func executeRequest(req *http.Request, v interface{}) (*httptest.ResponseRecorder, error) {
  171. rr := httptest.NewRecorder()
  172. apiRouter := mux.NewRouter().SkipClean(true)
  173. apiRouter.Path("/").Methods(http.MethodPost).HandlerFunc(ias.DoActions)
  174. apiRouter.ServeHTTP(rr, req)
  175. return rr, xml.Unmarshal(rr.Body.Bytes(), &v)
  176. }
  177. func TestHandleImplicitUsername(t *testing.T) {
  178. var tests = []struct {
  179. r *http.Request
  180. values url.Values
  181. userName string
  182. }{
  183. {&http.Request{}, url.Values{}, ""},
  184. {&http.Request{Header: http.Header{"Authorization": []string{"AWS4-HMAC-SHA256 Credential=197FSAQ7HHTA48X64O3A/20220420/test1/iam/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=6757dc6b3d7534d67e17842760310e99ee695408497f6edc4fdb84770c252dc8"}}}, url.Values{}, "test1"},
  185. {&http.Request{Header: http.Header{"Authorization": []string{"AWS4-HMAC-SHA256 =197FSAQ7HHTA48X64O3A/20220420/test1/iam/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=6757dc6b3d7534d67e17842760310e99ee695408497f6edc4fdb84770c252dc8"}}}, url.Values{}, ""},
  186. {&http.Request{Header: http.Header{"Authorization": []string{"AWS4-HMAC-SHA256 Credential=197FSAQ7HHTA48X64O3A/20220420/test1/iam/aws4_request SignedHeaders=content-type;host;x-amz-date Signature=6757dc6b3d7534d67e17842760310e99ee695408497f6edc4fdb84770c252dc8"}}}, url.Values{}, ""},
  187. {&http.Request{Header: http.Header{"Authorization": []string{"AWS4-HMAC-SHA256 Credential=197FSAQ7HHTA48X64O3A/20220420/test1/iam, SignedHeaders=content-type;host;x-amz-date, Signature=6757dc6b3d7534d67e17842760310e99ee695408497f6edc4fdb84770c252dc8"}}}, url.Values{}, ""},
  188. }
  189. for i, test := range tests {
  190. handleImplicitUsername(test.r, test.values)
  191. if un := test.values.Get("UserName"); un != test.userName {
  192. t.Errorf("No.%d: Got: %v, Expected: %v", i, un, test.userName)
  193. }
  194. }
  195. }