2023-06-01 11:30:49 +00:00
|
|
|
package auth
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"strings"
|
|
|
|
"testing"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/accessbox"
|
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/creds/tokens"
|
|
|
|
apistatus "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/client/status"
|
|
|
|
cid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/container/id"
|
2024-04-16 08:20:35 +00:00
|
|
|
"git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object"
|
2023-06-01 11:30:49 +00:00
|
|
|
oid "git.frostfs.info/TrueCloudLab/frostfs-sdk-go/object/id"
|
|
|
|
"github.com/aws/aws-sdk-go/aws/credentials"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
)
|
|
|
|
|
|
|
|
var _ tokens.Credentials = (*credentialsMock)(nil)
|
|
|
|
|
|
|
|
type credentialsMock struct {
|
|
|
|
boxes map[string]*accessbox.Box
|
|
|
|
}
|
|
|
|
|
|
|
|
func newTokensFrostfsMock() *credentialsMock {
|
|
|
|
return &credentialsMock{
|
|
|
|
boxes: make(map[string]*accessbox.Box),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (m credentialsMock) addBox(addr oid.Address, box *accessbox.Box) {
|
2024-10-11 08:32:36 +00:00
|
|
|
m.boxes[getAccessKeyID(addr)] = box
|
2023-06-01 11:30:49 +00:00
|
|
|
}
|
|
|
|
|
2024-10-11 08:32:36 +00:00
|
|
|
func (m credentialsMock) GetBox(_ context.Context, _ cid.ID, accessKeyID string) (*accessbox.Box, []object.Attribute, error) {
|
|
|
|
box, ok := m.boxes[accessKeyID]
|
2023-06-01 11:30:49 +00:00
|
|
|
if !ok {
|
2024-04-16 08:20:35 +00:00
|
|
|
return nil, nil, &apistatus.ObjectNotFound{}
|
2023-06-01 11:30:49 +00:00
|
|
|
}
|
|
|
|
|
2024-04-16 08:20:35 +00:00
|
|
|
return box, nil, nil
|
2023-06-01 11:30:49 +00:00
|
|
|
}
|
|
|
|
|
2024-10-11 08:32:36 +00:00
|
|
|
func (m credentialsMock) Put(context.Context, tokens.CredentialsParam) (oid.Address, error) {
|
2023-06-01 11:30:49 +00:00
|
|
|
return oid.Address{}, nil
|
|
|
|
}
|
|
|
|
|
2024-10-11 08:32:36 +00:00
|
|
|
func (m credentialsMock) Update(context.Context, tokens.CredentialsParam) (oid.Address, error) {
|
2023-06-13 09:35:40 +00:00
|
|
|
return oid.Address{}, nil
|
|
|
|
}
|
|
|
|
|
2023-06-01 11:30:49 +00:00
|
|
|
func TestCheckSign(t *testing.T) {
|
|
|
|
var accessKeyAddr oid.Address
|
|
|
|
err := accessKeyAddr.DecodeString("8N7CYBY74kxZXoyvA5UNdmovaXqFpwNfvEPsqaN81es2/3tDwq5tR8fByrJcyJwyiuYX7Dae8tyDT7pd8oaL1MBto")
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
accessKeyID := strings.ReplaceAll(accessKeyAddr.String(), "/", "0")
|
|
|
|
secretKey := "713d0a0b9efc7d22923e17b0402a6a89b4273bc711c8bacb2da1b643d0006aeb"
|
|
|
|
awsCreds := credentials.NewStaticCredentials(accessKeyID, secretKey, "")
|
|
|
|
|
|
|
|
reqData := RequestData{
|
|
|
|
Method: "GET",
|
|
|
|
Endpoint: "http://localhost:8084",
|
|
|
|
Bucket: "my-bucket",
|
|
|
|
Object: "@obj/name",
|
|
|
|
}
|
|
|
|
presignData := PresignData{
|
|
|
|
Service: "s3",
|
|
|
|
Region: "spb",
|
|
|
|
Lifetime: 10 * time.Minute,
|
|
|
|
SignTime: time.Now().UTC(),
|
|
|
|
}
|
|
|
|
|
|
|
|
req, err := PresignRequest(awsCreds, reqData, presignData)
|
|
|
|
require.NoError(t, err)
|
|
|
|
|
|
|
|
expBox := &accessbox.Box{
|
|
|
|
Gate: &accessbox.GateData{
|
2023-10-02 09:42:02 +00:00
|
|
|
SecretKey: secretKey,
|
2023-06-01 11:30:49 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
mock := newTokensFrostfsMock()
|
|
|
|
mock.addBox(accessKeyAddr, expBox)
|
|
|
|
|
2023-10-05 08:05:21 +00:00
|
|
|
c := &Center{
|
2024-10-11 08:32:36 +00:00
|
|
|
cli: mock,
|
|
|
|
reg: NewRegexpMatcher(AuthorizationFieldRegexp),
|
|
|
|
postReg: NewRegexpMatcher(postPolicyCredentialRegexp),
|
|
|
|
settings: ¢erSettingsMock{},
|
2023-06-01 11:30:49 +00:00
|
|
|
}
|
|
|
|
box, err := c.Authenticate(req)
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.EqualValues(t, expBox, box.AccessBox)
|
|
|
|
}
|