diff options
| author | chrislu <chris.lu@gmail.com> | 2025-08-31 23:31:28 -0700 |
|---|---|---|
| committer | chrislu <chris.lu@gmail.com> | 2025-08-31 23:31:28 -0700 |
| commit | 76452ab593995ab52b75e681de5b221de1e3f006 (patch) | |
| tree | c1a1700d8336695739d51e561db8aa07e4f48b33 | |
| parent | 4569875a49652a9444ffd9e96e78b0f07c92a687 (diff) | |
| download | seaweedfs-3.97.tar.xz seaweedfs-3.97.zip | |
Delete test_utils_test.go3.97
| -rw-r--r-- | weed/iam/sts/test_utils_test.go | 53 |
1 files changed, 0 insertions, 53 deletions
diff --git a/weed/iam/sts/test_utils_test.go b/weed/iam/sts/test_utils_test.go deleted file mode 100644 index 58de592dc..000000000 --- a/weed/iam/sts/test_utils_test.go +++ /dev/null @@ -1,53 +0,0 @@ -package sts - -import ( - "context" - "fmt" - "strings" - - "github.com/seaweedfs/seaweedfs/weed/iam/providers" -) - -// MockTrustPolicyValidator is a simple mock for testing STS functionality -type MockTrustPolicyValidator struct{} - -// ValidateTrustPolicyForWebIdentity allows valid JWT test tokens for STS testing -func (m *MockTrustPolicyValidator) ValidateTrustPolicyForWebIdentity(ctx context.Context, roleArn string, webIdentityToken string) error { - // Reject non-existent roles for testing - if strings.Contains(roleArn, "NonExistentRole") { - return fmt.Errorf("trust policy validation failed: role does not exist") - } - - // For STS unit tests, allow JWT tokens that look valid (contain dots for JWT structure) - // In real implementation, this would validate against actual trust policies - if len(webIdentityToken) > 20 && strings.Count(webIdentityToken, ".") >= 2 { - // This appears to be a JWT token - allow it for testing - return nil - } - - // Legacy support for specific test tokens during migration - if webIdentityToken == "valid_test_token" || webIdentityToken == "valid-oidc-token" { - return nil - } - - // Reject invalid tokens - if webIdentityToken == "invalid_token" || webIdentityToken == "expired_token" || webIdentityToken == "invalid-token" { - return fmt.Errorf("trust policy denies token") - } - - return nil -} - -// ValidateTrustPolicyForCredentials allows valid test identities for STS testing -func (m *MockTrustPolicyValidator) ValidateTrustPolicyForCredentials(ctx context.Context, roleArn string, identity *providers.ExternalIdentity) error { - // Reject non-existent roles for testing - if strings.Contains(roleArn, "NonExistentRole") { - return fmt.Errorf("trust policy validation failed: role does not exist") - } - - // For STS unit tests, allow test identities - if identity != nil && identity.UserID != "" { - return nil - } - return fmt.Errorf("invalid identity for role assumption") -} |