Admin UI: Add policies (#6968)

* add policies to UI, accessing filer directly * view, edit policies * add back buttons for "users" page * remove unused * fix ui dark mode when modal is closed * bucket view details button * fix browser buttons * filer action button works * clean up masters page * fix volume servers action buttons * fix collections page action button * fix properties page * more obvious * fix directory creation file mode * Update file_browser_handlers.go * directory permission
2025-11-24 08:46:54 +08:00 · 2025-07-12 01:13:11 -07:00
parent 49d43003e1
commit 687a6a6c1d
41 changed files with 4941 additions and 2383 deletions
--- a/weed/credential/test/policy_test.go
+++ b/weed/credential/test/policy_test.go
@@ -0,0 +1,146 @@
+package test
+
+import (
+	"context"
+	"testing"
+
+	"github.com/seaweedfs/seaweedfs/weed/credential"
+	"github.com/seaweedfs/seaweedfs/weed/credential/memory"
+
+	// Import all store implementations to register them
+	_ "github.com/seaweedfs/seaweedfs/weed/credential/filer_etc"
+	_ "github.com/seaweedfs/seaweedfs/weed/credential/memory"
+	_ "github.com/seaweedfs/seaweedfs/weed/credential/postgres"
+)
+
+// TestPolicyManagement tests policy management across all credential stores
+func TestPolicyManagement(t *testing.T) {
+	ctx := context.Background()
+
+	// Test with memory store (easiest to test)
+	credentialManager, err := credential.NewCredentialManager(credential.StoreTypeMemory, nil, "")
+	if err != nil {
+		t.Fatalf("Failed to create credential manager: %v", err)
+	}
+
+	// Test policy operations
+	testPolicyOperations(t, ctx, credentialManager)
+}
+
+func testPolicyOperations(t *testing.T, ctx context.Context, credentialManager *credential.CredentialManager) {
+	store := credentialManager.GetStore()
+
+	// Cast to memory store to access policy methods
+	memoryStore, ok := store.(*memory.MemoryStore)
+	if !ok {
+		t.Skip("Store is not a memory store")
+	}
+
+	// Test GetPolicies (should be empty initially)
+	policies, err := memoryStore.GetPolicies(ctx)
+	if err != nil {
+		t.Fatalf("Failed to get policies: %v", err)
+	}
+	if len(policies) != 0 {
+		t.Errorf("Expected 0 policies, got %d", len(policies))
+	}
+
+	// Test CreatePolicy
+	testPolicy := credential.PolicyDocument{
+		Version: "2012-10-17",
+		Statement: []*credential.PolicyStatement{
+			{
+				Effect:   "Allow",
+				Action:   []string{"s3:GetObject"},
+				Resource: []string{"arn:aws:s3:::test-bucket/*"},
+			},
+		},
+	}
+
+	err = memoryStore.CreatePolicy(ctx, "test-policy", testPolicy)
+	if err != nil {
+		t.Fatalf("Failed to create policy: %v", err)
+	}
+
+	// Test GetPolicies (should have 1 policy now)
+	policies, err = memoryStore.GetPolicies(ctx)
+	if err != nil {
+		t.Fatalf("Failed to get policies: %v", err)
+	}
+	if len(policies) != 1 {
+		t.Errorf("Expected 1 policy, got %d", len(policies))
+	}
+
+	// Verify policy content
+	policy, exists := policies["test-policy"]
+	if !exists {
+		t.Error("test-policy not found")
+	}
+	if policy.Version != "2012-10-17" {
+		t.Errorf("Expected policy version '2012-10-17', got '%s'", policy.Version)
+	}
+	if len(policy.Statement) != 1 {
+		t.Errorf("Expected 1 statement, got %d", len(policy.Statement))
+	}
+
+	// Test UpdatePolicy
+	updatedPolicy := credential.PolicyDocument{
+		Version: "2012-10-17",
+		Statement: []*credential.PolicyStatement{
+			{
+				Effect:   "Allow",
+				Action:   []string{"s3:GetObject", "s3:PutObject"},
+				Resource: []string{"arn:aws:s3:::test-bucket/*"},
+			},
+		},
+	}
+
+	err = memoryStore.UpdatePolicy(ctx, "test-policy", updatedPolicy)
+	if err != nil {
+		t.Fatalf("Failed to update policy: %v", err)
+	}
+
+	// Verify the update
+	policies, err = memoryStore.GetPolicies(ctx)
+	if err != nil {
+		t.Fatalf("Failed to get policies after update: %v", err)
+	}
+
+	updatedPolicyResult, exists := policies["test-policy"]
+	if !exists {
+		t.Error("test-policy not found after update")
+	}
+	if len(updatedPolicyResult.Statement) != 1 {
+		t.Errorf("Expected 1 statement after update, got %d", len(updatedPolicyResult.Statement))
+	}
+	if len(updatedPolicyResult.Statement[0].Action) != 2 {
+		t.Errorf("Expected 2 actions after update, got %d", len(updatedPolicyResult.Statement[0].Action))
+	}
+
+	// Test DeletePolicy
+	err = memoryStore.DeletePolicy(ctx, "test-policy")
+	if err != nil {
+		t.Fatalf("Failed to delete policy: %v", err)
+	}
+
+	// Verify deletion
+	policies, err = memoryStore.GetPolicies(ctx)
+	if err != nil {
+		t.Fatalf("Failed to get policies after deletion: %v", err)
+	}
+	if len(policies) != 0 {
+		t.Errorf("Expected 0 policies after deletion, got %d", len(policies))
+	}
+}
+
+// TestPolicyManagementWithFilerEtc tests policy management with filer_etc store
+func TestPolicyManagementWithFilerEtc(t *testing.T) {
+	// Skip this test if we can't connect to a filer
+	t.Skip("Filer connection required for filer_etc store testing")
+}
+
+// TestPolicyManagementWithPostgres tests policy management with postgres store
+func TestPolicyManagementWithPostgres(t *testing.T) {
+	// Skip this test if we can't connect to PostgreSQL
+	t.Skip("PostgreSQL connection required for postgres store testing")
+}