diff options
Diffstat (limited to 'weed/credential/test/policy_test.go')
| -rw-r--r-- | weed/credential/test/policy_test.go | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/weed/credential/test/policy_test.go b/weed/credential/test/policy_test.go new file mode 100644 index 000000000..341a05003 --- /dev/null +++ b/weed/credential/test/policy_test.go @@ -0,0 +1,146 @@ +package test + +import ( + "context" + "testing" + + "github.com/seaweedfs/seaweedfs/weed/credential" + "github.com/seaweedfs/seaweedfs/weed/credential/memory" + + // Import all store implementations to register them + _ "github.com/seaweedfs/seaweedfs/weed/credential/filer_etc" + _ "github.com/seaweedfs/seaweedfs/weed/credential/memory" + _ "github.com/seaweedfs/seaweedfs/weed/credential/postgres" +) + +// TestPolicyManagement tests policy management across all credential stores +func TestPolicyManagement(t *testing.T) { + ctx := context.Background() + + // Test with memory store (easiest to test) + credentialManager, err := credential.NewCredentialManager(credential.StoreTypeMemory, nil, "") + if err != nil { + t.Fatalf("Failed to create credential manager: %v", err) + } + + // Test policy operations + testPolicyOperations(t, ctx, credentialManager) +} + +func testPolicyOperations(t *testing.T, ctx context.Context, credentialManager *credential.CredentialManager) { + store := credentialManager.GetStore() + + // Cast to memory store to access policy methods + memoryStore, ok := store.(*memory.MemoryStore) + if !ok { + t.Skip("Store is not a memory store") + } + + // Test GetPolicies (should be empty initially) + policies, err := memoryStore.GetPolicies(ctx) + if err != nil { + t.Fatalf("Failed to get policies: %v", err) + } + if len(policies) != 0 { + t.Errorf("Expected 0 policies, got %d", len(policies)) + } + + // Test CreatePolicy + testPolicy := credential.PolicyDocument{ + Version: "2012-10-17", + Statement: []*credential.PolicyStatement{ + { + Effect: "Allow", + Action: []string{"s3:GetObject"}, + Resource: []string{"arn:aws:s3:::test-bucket/*"}, + }, + }, + } + + err = memoryStore.CreatePolicy(ctx, "test-policy", testPolicy) + if err != nil { + t.Fatalf("Failed to create policy: %v", err) + } + + // Test GetPolicies (should have 1 policy now) + policies, err = memoryStore.GetPolicies(ctx) + if err != nil { + t.Fatalf("Failed to get policies: %v", err) + } + if len(policies) != 1 { + t.Errorf("Expected 1 policy, got %d", len(policies)) + } + + // Verify policy content + policy, exists := policies["test-policy"] + if !exists { + t.Error("test-policy not found") + } + if policy.Version != "2012-10-17" { + t.Errorf("Expected policy version '2012-10-17', got '%s'", policy.Version) + } + if len(policy.Statement) != 1 { + t.Errorf("Expected 1 statement, got %d", len(policy.Statement)) + } + + // Test UpdatePolicy + updatedPolicy := credential.PolicyDocument{ + Version: "2012-10-17", + Statement: []*credential.PolicyStatement{ + { + Effect: "Allow", + Action: []string{"s3:GetObject", "s3:PutObject"}, + Resource: []string{"arn:aws:s3:::test-bucket/*"}, + }, + }, + } + + err = memoryStore.UpdatePolicy(ctx, "test-policy", updatedPolicy) + if err != nil { + t.Fatalf("Failed to update policy: %v", err) + } + + // Verify the update + policies, err = memoryStore.GetPolicies(ctx) + if err != nil { + t.Fatalf("Failed to get policies after update: %v", err) + } + + updatedPolicyResult, exists := policies["test-policy"] + if !exists { + t.Error("test-policy not found after update") + } + if len(updatedPolicyResult.Statement) != 1 { + t.Errorf("Expected 1 statement after update, got %d", len(updatedPolicyResult.Statement)) + } + if len(updatedPolicyResult.Statement[0].Action) != 2 { + t.Errorf("Expected 2 actions after update, got %d", len(updatedPolicyResult.Statement[0].Action)) + } + + // Test DeletePolicy + err = memoryStore.DeletePolicy(ctx, "test-policy") + if err != nil { + t.Fatalf("Failed to delete policy: %v", err) + } + + // Verify deletion + policies, err = memoryStore.GetPolicies(ctx) + if err != nil { + t.Fatalf("Failed to get policies after deletion: %v", err) + } + if len(policies) != 0 { + t.Errorf("Expected 0 policies after deletion, got %d", len(policies)) + } +} + +// TestPolicyManagementWithFilerEtc tests policy management with filer_etc store +func TestPolicyManagementWithFilerEtc(t *testing.T) { + // Skip this test if we can't connect to a filer + t.Skip("Filer connection required for filer_etc store testing") +} + +// TestPolicyManagementWithPostgres tests policy management with postgres store +func TestPolicyManagementWithPostgres(t *testing.T) { + // Skip this test if we can't connect to PostgreSQL + t.Skip("PostgreSQL connection required for postgres store testing") +} |