github.com/minio/mc@v0.0.0-20240503112107-b471de8d1882/cmd/client-sts_test.go (about) 1 // Copyright (c) 2015-2023 MinIO, Inc. 2 // 3 // This file is part of MinIO Object Storage stack 4 // 5 // This program is free software: you can redistribute it and/or modify 6 // it under the terms of the GNU Affero General Public License as published by 7 // the Free Software Foundation, either version 3 of the License, or 8 // (at your option) any later version. 9 // 10 // This program is distributed in the hope that it will be useful 11 // but WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 // GNU Affero General Public License for more details. 14 // 15 // You should have received a copy of the GNU Affero General Public License 16 // along with this program. If not, see <http://www.gnu.org/licenses/>. 17 18 package cmd 19 20 import ( 21 "bytes" 22 "context" 23 "io" 24 "log" 25 "net/http/httptest" 26 "os" 27 "testing" 28 ) 29 30 func TestSTSS3Operation(t *testing.T) { 31 sts := stsHandler{ 32 endpoint: "/", 33 jwt: []byte("eyJhbGciOiJSUzI1NiIsImtpZCI6Inc0dFNjMEc5Tk0wQWhGaWJYaWIzbkpRZkRKeDc1dURRTUVpOTNvTHJ0OWcifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzMxMTIyNjg0LCJpYXQiOjE2OTk1ODY2ODQsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJtaW5pby10ZW5hbnQtMSIsInBvZCI6eyJuYW1lIjoic2V0dXAtYnVja2V0LXJ4aHhiIiwidWlkIjoiNmNhMzhjMmItYTdkMC00M2Y0LWE0NjMtZjdlNjU4MGUyZDdiIn0sInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJtYy1qb2Itc2EiLCJ1aWQiOiI3OTc4NzJjZC1kMjkwLTRlM2EtYjYyMC00ZGFkYzZhNzUyMTYifSwid2FybmFmdGVyIjoxNjk5NTkwMjkxfSwibmJmIjoxNjk5NTg2Njg0LCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6bWluaW8tdGVuYW50LTE6bWMtam9iLXNhIn0.fBJckmoQFyJ9bUgKZv6jzBESd9ccX_HFPPBZ17Gz_CsQ5wXrMqnvoMs1mcv6QKWsDsvSnWnw_tcW0cjvVkXb2mKmioKLzqV4ihGbiWzwk2e1xDohn8fizdQkf64bXpncjGdEGv8oi9A4300jfLMfg53POriMyEAQMeIDKPOI9qx913xjGni2w2H49mjLfnFnRaj9osvy17425dNIrMC6GDFq3rcq6Z_cdDmL18Jwsjy1xDsAhUzmOclr-VI3AeSnuD4fbf6jhbKE14qVUjLmIBf__B5NhESiaFNwxFYjonZyi357Nx93CD1wai28tNRSODx7BiPHLxk8SyzY0CP0sQ"), 34 } 35 36 tmpfile, errFs := os.CreateTemp("", "jwt") 37 if errFs != nil { 38 log.Fatal(errFs) 39 } 40 defer os.Remove(tmpfile.Name()) // clean up 41 42 if _, errFs := tmpfile.Write(sts.jwt); errFs != nil { 43 log.Fatal(errFs) 44 } 45 if errFs := tmpfile.Close(); errFs != nil { 46 log.Fatal(errFs) 47 } 48 49 stsServer := httptest.NewServer(sts) 50 defer stsServer.Close() 51 t.Setenv("MC_STS_ENDPOINT_test", stsServer.URL+sts.endpoint) 52 t.Setenv("MC_WEB_IDENTITY_TOKEN_FILE_test", tmpfile.Name()) 53 object := objectHandler{ 54 resource: "/bucket/object", 55 data: []byte("Hello, World"), 56 } 57 server := httptest.NewServer(object) 58 defer server.Close() 59 60 conf := new(Config) 61 conf.Alias = "test" 62 conf.HostURL = server.URL + object.resource 63 s3c, err := S3New(conf) 64 if err != nil { 65 t.Fatal(err) 66 } 67 68 var reader io.Reader 69 reader = bytes.NewReader(object.data) 70 n, err := s3c.Put(context.Background(), reader, int64(len(object.data)), nil, PutOptions{ 71 metadata: map[string]string{ 72 "Content-Type": "application/octet-stream", 73 }, 74 }) 75 if err != nil { 76 t.Fatal(err) 77 } 78 if n != int64(len(object.data)) { 79 t.Fatalf("expected %d, got %d", n, len(object.data)) 80 } 81 } 82 83 func TestAdminSTSOperation(t *testing.T) { 84 sts := stsHandler{ 85 endpoint: "/", 86 jwt: []byte("eyJhbGciOiJSUzI1NiIsImtpZCI6Inc0dFNjMEc5Tk0wQWhGaWJYaWIzbkpRZkRKeDc1dURRTUVpOTNvTHJ0OWcifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzMxMTg3NzEwLCJpYXQiOjE2OTk2NTE3MTAsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJtaW5pby10ZW5hbnQtMSIsInBvZCI6eyJuYW1lIjoic2V0dXAtYnVja2V0LXQ4eGdjIiwidWlkIjoiNjZhYjlkZWItNzkwMC00YTFlLTgzMDgtMTkwODIwZmQ3NDY5In0sInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJtYy1qb2Itc2EiLCJ1aWQiOiI3OTc4NzJjZC1kMjkwLTRlM2EtYjYyMC00ZGFkYzZhNzUyMTYifSwid2FybmFmdGVyIjoxNjk5NjU1MzE3fSwibmJmIjoxNjk5NjUxNzEwLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6bWluaW8tdGVuYW50LTE6bWMtam9iLXNhIn0.rY7dpAh8GBTViH9Ges7tRhgyihdFWEN0DwXchelmZg58VOI526S-YfbCqrxksTs8Iu0fp1rmk1cUj7FGDh3AOv2RphHjoWci1802zKkHgH0iOEbKMp3jHXwfyHda8CyrSCPycGzClueCf1ae91wd_0lgK9lOR1qqY1HuDeXqSEAUIGrfh1VcP2n95Zc07EY-Uh3XjJE4drtgusACEK5n3P3WtN9s0m0GomEGQzF5ZJczxLGpHBKMQ5VDhMksVKdBAsx9xHgSx84aUhKQViYilAL-8PRj-RZA9s_IpEymAh5R37dKzAO8Fqq0nG7fVbH_ifzw3xhHiG92BhHldBDqEQ"), 87 } 88 89 tmpfile, errFs := os.CreateTemp("", "jwt") 90 if errFs != nil { 91 log.Fatal(errFs) 92 } 93 defer os.Remove(tmpfile.Name()) // clean up 94 95 if _, errFs := tmpfile.Write(sts.jwt); errFs != nil { 96 log.Fatal(errFs) 97 } 98 if errFs := tmpfile.Close(); errFs != nil { 99 log.Fatal(errFs) 100 } 101 102 stsServer := httptest.NewServer(sts) 103 defer stsServer.Close() 104 t.Setenv("MC_STS_ENDPOINT_test", stsServer.URL+sts.endpoint) 105 t.Setenv("MC_WEB_IDENTITY_TOKEN_FILE_test", tmpfile.Name()) 106 handler := adminPolicyHandler{ 107 endpoint: "/minio/admin/v3/add-canned-policy?name=", 108 name: "test", 109 policy: []byte(` 110 { 111 "Version": "2012-10-17", 112 "Statement": [ 113 { 114 "Effect": "Allow", 115 "Action": [ 116 "s3:*" 117 ], 118 "Resource": [ 119 "arn:aws:s3:::test-bucket", 120 "arn:aws:s3:::test-bucket/*" 121 ] 122 } 123 ] 124 125 }`), 126 } 127 server := httptest.NewServer(handler) 128 defer server.Close() 129 130 conf := new(Config) 131 conf.Alias = "test" 132 conf.Debug = true 133 conf.Insecure = true 134 conf.HostURL = server.URL + handler.endpoint + handler.name 135 s3c, err := s3AdminNew(conf) 136 if err != nil { 137 t.Fatal(err) 138 } 139 140 e := s3c.AddCannedPolicy(context.Background(), handler.name, handler.policy) 141 if e != nil { 142 t.Fatal(e) 143 } 144 }