diff options
| author | Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.com> | 2023-09-21 20:19:11 +0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-09-21 08:19:11 -0700 |
| commit | d8b424d123300aad13b934b25f5670506396da7b (patch) | |
| tree | 5755d2945590b7577e859f86dc50a4896cbd8fec /weed/s3api/auto_signature_v4_test.go | |
| parent | 411bdda08dc4e902246ee387ae3abe71309e4586 (diff) | |
| download | seaweedfs-d8b424d123300aad13b934b25f5670506396da7b.tar.xz seaweedfs-d8b424d123300aad13b934b25f5670506396da7b.zip | |
[s3] optimization iam lookup for reducing algorithm complexity (#4857)
optimization iam lookup for reducing algorithm complexity
https://github.com/seaweedfs/seaweedfs/issues/4519
Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co>
Diffstat (limited to 'weed/s3api/auto_signature_v4_test.go')
| -rw-r--r-- | weed/s3api/auto_signature_v4_test.go | 90 |
1 files changed, 63 insertions, 27 deletions
diff --git a/weed/s3api/auto_signature_v4_test.go b/weed/s3api/auto_signature_v4_test.go index 41b54db63..ccee8b885 100644 --- a/weed/s3api/auto_signature_v4_test.go +++ b/weed/s3api/auto_signature_v4_test.go @@ -8,8 +8,8 @@ import ( "encoding/hex" "errors" "fmt" - "google.golang.org/grpc" - "google.golang.org/grpc/credentials/insecure" + "github.com/seaweedfs/seaweedfs/weed/pb/iam_pb" + "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants" "io" "net/http" "net/url" @@ -60,22 +60,24 @@ func TestIsRequestPresignedSignatureV4(t *testing.T) { // Tests is requested authenticated function, tests replies for s3 errors. func TestIsReqAuthenticated(t *testing.T) { - option := S3ApiServerOption{ - GrpcDialOption: grpc.WithTransportCredentials(insecure.NewCredentials()), + iam := &IdentityAccessManagement{ + hashes: make(map[string]*sync.Pool), + hashCounters: make(map[string]*int32), } - iam := NewIdentityAccessManagement(&option) - iam.identities = []*Identity{ - { - Name: "someone", - Credentials: []*Credential{ - { - AccessKey: "access_key_1", - SecretKey: "secret_key_1", + _ = iam.loadS3ApiConfiguration(&iam_pb.S3ApiConfiguration{ + Identities: []*iam_pb.Identity{ + { + Name: "someone", + Credentials: []*iam_pb.Credential{ + { + AccessKey: "access_key_1", + SecretKey: "secret_key_1", + }, }, + Actions: []string{}, }, - Actions: nil, }, - } + }) // List of test cases for validating http request authentication. testCases := []struct { @@ -97,24 +99,58 @@ func TestIsReqAuthenticated(t *testing.T) { } } -func TestCheckAdminRequestAuthType(t *testing.T) { - option := S3ApiServerOption{ - GrpcDialOption: grpc.WithTransportCredentials(insecure.NewCredentials()), +func TestCheckaAnonymousRequestAuthType(t *testing.T) { + iam := &IdentityAccessManagement{ + hashes: make(map[string]*sync.Pool), + hashCounters: make(map[string]*int32), } - iam := NewIdentityAccessManagement(&option) - iam.identities = []*Identity{ - { - Name: "someone", - Credentials: []*Credential{ - { - AccessKey: "access_key_1", - SecretKey: "secret_key_1", - }, + _ = iam.loadS3ApiConfiguration(&iam_pb.S3ApiConfiguration{ + Identities: []*iam_pb.Identity{ + { + Name: "anonymous", + Actions: []string{s3_constants.ACTION_READ}, }, - Actions: nil, }, + }) + testCases := []struct { + Request *http.Request + ErrCode s3err.ErrorCode + Action Action + }{ + {Request: mustNewRequest("GET", "http://127.0.0.1:9000/bucket", 0, nil, t), ErrCode: s3err.ErrNone, Action: s3_constants.ACTION_READ}, + {Request: mustNewRequest("PUT", "http://127.0.0.1:9000/bucket", 0, nil, t), ErrCode: s3err.ErrAccessDenied, Action: s3_constants.ACTION_WRITE}, + } + for i, testCase := range testCases { + _, s3Error := iam.authRequest(testCase.Request, testCase.Action) + if s3Error != testCase.ErrCode { + t.Errorf("Test %d: Unexpected s3error returned wanted %d, got %d", i, testCase.ErrCode, s3Error) + } + if testCase.Request.Header.Get(s3_constants.AmzAuthType) != "Anonymous" { + t.Errorf("Test %d: Unexpected AuthType returned wanted %s, got %s", i, "Anonymous", testCase.Request.Header.Get(s3_constants.AmzAuthType)) + } } +} + +func TestCheckAdminRequestAuthType(t *testing.T) { + iam := &IdentityAccessManagement{ + hashes: make(map[string]*sync.Pool), + hashCounters: make(map[string]*int32), + } + _ = iam.loadS3ApiConfiguration(&iam_pb.S3ApiConfiguration{ + Identities: []*iam_pb.Identity{ + { + Name: "someone", + Credentials: []*iam_pb.Credential{ + { + AccessKey: "access_key_1", + SecretKey: "secret_key_1", + }, + }, + Actions: []string{}, + }, + }, + }) testCases := []struct { Request *http.Request ErrCode s3err.ErrorCode |