1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
package test
import (
"context"
"testing"
"github.com/seaweedfs/seaweedfs/weed/credential"
"github.com/seaweedfs/seaweedfs/weed/credential/memory"
// Import all store implementations to register them
_ "github.com/seaweedfs/seaweedfs/weed/credential/filer_etc"
_ "github.com/seaweedfs/seaweedfs/weed/credential/memory"
_ "github.com/seaweedfs/seaweedfs/weed/credential/postgres"
)
// TestPolicyManagement tests policy management across all credential stores
func TestPolicyManagement(t *testing.T) {
ctx := context.Background()
// Test with memory store (easiest to test)
credentialManager, err := credential.NewCredentialManager(credential.StoreTypeMemory, nil, "")
if err != nil {
t.Fatalf("Failed to create credential manager: %v", err)
}
// Test policy operations
testPolicyOperations(t, ctx, credentialManager)
}
func testPolicyOperations(t *testing.T, ctx context.Context, credentialManager *credential.CredentialManager) {
store := credentialManager.GetStore()
// Cast to memory store to access policy methods
memoryStore, ok := store.(*memory.MemoryStore)
if !ok {
t.Skip("Store is not a memory store")
}
// Test GetPolicies (should be empty initially)
policies, err := memoryStore.GetPolicies(ctx)
if err != nil {
t.Fatalf("Failed to get policies: %v", err)
}
if len(policies) != 0 {
t.Errorf("Expected 0 policies, got %d", len(policies))
}
// Test CreatePolicy
testPolicy := credential.PolicyDocument{
Version: "2012-10-17",
Statement: []*credential.PolicyStatement{
{
Effect: "Allow",
Action: []string{"s3:GetObject"},
Resource: []string{"arn:aws:s3:::test-bucket/*"},
},
},
}
err = memoryStore.CreatePolicy(ctx, "test-policy", testPolicy)
if err != nil {
t.Fatalf("Failed to create policy: %v", err)
}
// Test GetPolicies (should have 1 policy now)
policies, err = memoryStore.GetPolicies(ctx)
if err != nil {
t.Fatalf("Failed to get policies: %v", err)
}
if len(policies) != 1 {
t.Errorf("Expected 1 policy, got %d", len(policies))
}
// Verify policy content
policy, exists := policies["test-policy"]
if !exists {
t.Error("test-policy not found")
}
if policy.Version != "2012-10-17" {
t.Errorf("Expected policy version '2012-10-17', got '%s'", policy.Version)
}
if len(policy.Statement) != 1 {
t.Errorf("Expected 1 statement, got %d", len(policy.Statement))
}
// Test UpdatePolicy
updatedPolicy := credential.PolicyDocument{
Version: "2012-10-17",
Statement: []*credential.PolicyStatement{
{
Effect: "Allow",
Action: []string{"s3:GetObject", "s3:PutObject"},
Resource: []string{"arn:aws:s3:::test-bucket/*"},
},
},
}
err = memoryStore.UpdatePolicy(ctx, "test-policy", updatedPolicy)
if err != nil {
t.Fatalf("Failed to update policy: %v", err)
}
// Verify the update
policies, err = memoryStore.GetPolicies(ctx)
if err != nil {
t.Fatalf("Failed to get policies after update: %v", err)
}
updatedPolicyResult, exists := policies["test-policy"]
if !exists {
t.Error("test-policy not found after update")
}
if len(updatedPolicyResult.Statement) != 1 {
t.Errorf("Expected 1 statement after update, got %d", len(updatedPolicyResult.Statement))
}
if len(updatedPolicyResult.Statement[0].Action) != 2 {
t.Errorf("Expected 2 actions after update, got %d", len(updatedPolicyResult.Statement[0].Action))
}
// Test DeletePolicy
err = memoryStore.DeletePolicy(ctx, "test-policy")
if err != nil {
t.Fatalf("Failed to delete policy: %v", err)
}
// Verify deletion
policies, err = memoryStore.GetPolicies(ctx)
if err != nil {
t.Fatalf("Failed to get policies after deletion: %v", err)
}
if len(policies) != 0 {
t.Errorf("Expected 0 policies after deletion, got %d", len(policies))
}
}
// TestPolicyManagementWithFilerEtc tests policy management with filer_etc store
func TestPolicyManagementWithFilerEtc(t *testing.T) {
// Skip this test if we can't connect to a filer
t.Skip("Filer connection required for filer_etc store testing")
}
// TestPolicyManagementWithPostgres tests policy management with postgres store
func TestPolicyManagementWithPostgres(t *testing.T) {
// Skip this test if we can't connect to PostgreSQL
t.Skip("PostgreSQL connection required for postgres store testing")
}
|
