mirror of
https://github.com/minio/minio.git
synced 2024-12-24 06:05:55 -05:00
IAM: init IAM with Init() rather than InitStore() in tests (#13643)
- rename InitStore() to initStore() and fix tests - Use IAMSys.Lock() only when IAMSys struct is being mutated
This commit is contained in:
parent
087c1b98dc
commit
e8c6314770
@ -28,6 +28,7 @@ import (
|
|||||||
"net/url"
|
"net/url"
|
||||||
"sync"
|
"sync"
|
||||||
"testing"
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
"github.com/minio/madmin-go"
|
"github.com/minio/madmin-go"
|
||||||
@ -73,7 +74,7 @@ func prepareAdminErasureTestBed(ctx context.Context) (*adminErasureTestBed, erro
|
|||||||
|
|
||||||
initAllSubsystems(ctx, objLayer)
|
initAllSubsystems(ctx, objLayer)
|
||||||
|
|
||||||
globalIAMSys.InitStore(objLayer, globalEtcdClient)
|
globalIAMSys.Init(ctx, objLayer, globalEtcdClient, 2*time.Second)
|
||||||
|
|
||||||
// Setup admin mgmt REST API handlers.
|
// Setup admin mgmt REST API handlers.
|
||||||
adminRouter := mux.NewRouter()
|
adminRouter := mux.NewRouter()
|
||||||
|
@ -364,9 +364,12 @@ func TestIsReqAuthenticated(t *testing.T) {
|
|||||||
|
|
||||||
newAllSubsystems()
|
newAllSubsystems()
|
||||||
|
|
||||||
initAllSubsystems(context.Background(), objLayer)
|
ctx, cancel := context.WithCancel(context.Background())
|
||||||
|
defer cancel()
|
||||||
|
|
||||||
globalIAMSys.InitStore(objLayer, globalEtcdClient)
|
initAllSubsystems(ctx, objLayer)
|
||||||
|
|
||||||
|
globalIAMSys.Init(ctx, objLayer, globalEtcdClient, 2*time.Second)
|
||||||
|
|
||||||
creds, err := auth.CreateCredentials("myuser", "mypassword")
|
creds, err := auth.CreateCredentials("myuser", "mypassword")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -392,7 +395,6 @@ func TestIsReqAuthenticated(t *testing.T) {
|
|||||||
{mustNewSignedRequest(http.MethodGet, "http://127.0.0.1:9000", 0, nil, t), ErrNone},
|
{mustNewSignedRequest(http.MethodGet, "http://127.0.0.1:9000", 0, nil, t), ErrNone},
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx := context.Background()
|
|
||||||
// Validates all testcases.
|
// Validates all testcases.
|
||||||
for i, testCase := range testCases {
|
for i, testCase := range testCases {
|
||||||
s3Error := isReqAuthenticated(ctx, testCase.req, globalServerRegion, serviceS3)
|
s3Error := isReqAuthenticated(ctx, testCase.req, globalServerRegion, serviceS3)
|
||||||
@ -440,8 +442,8 @@ func TestCheckAdminRequestAuthType(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestValidateAdminSignature(t *testing.T) {
|
func TestValidateAdminSignature(t *testing.T) {
|
||||||
|
ctx, cancel := context.WithCancel(context.Background())
|
||||||
ctx := context.Background()
|
defer cancel()
|
||||||
|
|
||||||
objLayer, fsDir, err := prepareFS()
|
objLayer, fsDir, err := prepareFS()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -455,9 +457,9 @@ func TestValidateAdminSignature(t *testing.T) {
|
|||||||
|
|
||||||
newAllSubsystems()
|
newAllSubsystems()
|
||||||
|
|
||||||
initAllSubsystems(context.Background(), objLayer)
|
initAllSubsystems(ctx, objLayer)
|
||||||
|
|
||||||
globalIAMSys.InitStore(objLayer, globalEtcdClient)
|
globalIAMSys.Init(ctx, objLayer, globalEtcdClient, 2*time.Second)
|
||||||
|
|
||||||
creds, err := auth.CreateCredentials("admin", "mypassword")
|
creds, err := auth.CreateCredentials("admin", "mypassword")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
18
cmd/iam.go
18
cmd/iam.go
@ -143,11 +143,8 @@ func (sys *IAMSys) doIAMConfigMigration(ctx context.Context) error {
|
|||||||
return sys.store.migrateBackendFormat(ctx)
|
return sys.store.migrateBackendFormat(ctx)
|
||||||
}
|
}
|
||||||
|
|
||||||
// InitStore initializes IAM stores
|
// initStore initializes IAM stores
|
||||||
func (sys *IAMSys) InitStore(objAPI ObjectLayer, etcdClient *etcd.Client) {
|
func (sys *IAMSys) initStore(objAPI ObjectLayer, etcdClient *etcd.Client) {
|
||||||
sys.Lock()
|
|
||||||
defer sys.Unlock()
|
|
||||||
|
|
||||||
if globalLDAPConfig.Enabled {
|
if globalLDAPConfig.Enabled {
|
||||||
sys.EnableLDAPSys()
|
sys.EnableLDAPSys()
|
||||||
}
|
}
|
||||||
@ -175,7 +172,7 @@ func (sys *IAMSys) Initialized() bool {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Load - loads all credentials, policies and policy mappings.
|
// Load - loads all credentials, policies and policy mappings.
|
||||||
func (sys *IAMSys) Load(ctx context.Context, store IAMStorageAPI) error {
|
func (sys *IAMSys) Load(ctx context.Context) error {
|
||||||
err := sys.store.LoadIAMCache(ctx)
|
err := sys.store.LoadIAMCache(ctx)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
@ -191,10 +188,13 @@ func (sys *IAMSys) Load(ctx context.Context, store IAMStorageAPI) error {
|
|||||||
|
|
||||||
// Init - initializes config system by reading entries from config/iam
|
// Init - initializes config system by reading entries from config/iam
|
||||||
func (sys *IAMSys) Init(ctx context.Context, objAPI ObjectLayer, etcdClient *etcd.Client, iamRefreshInterval time.Duration) {
|
func (sys *IAMSys) Init(ctx context.Context, objAPI ObjectLayer, etcdClient *etcd.Client, iamRefreshInterval time.Duration) {
|
||||||
|
sys.Lock()
|
||||||
|
defer sys.Unlock()
|
||||||
|
|
||||||
sys.iamRefreshInterval = iamRefreshInterval
|
sys.iamRefreshInterval = iamRefreshInterval
|
||||||
|
|
||||||
// Initialize IAM store
|
// Initialize IAM store
|
||||||
sys.InitStore(objAPI, etcdClient)
|
sys.initStore(objAPI, etcdClient)
|
||||||
|
|
||||||
retryCtx, cancel := context.WithCancel(ctx)
|
retryCtx, cancel := context.WithCancel(ctx)
|
||||||
|
|
||||||
@ -258,7 +258,7 @@ func (sys *IAMSys) Init(ctx context.Context, objAPI ObjectLayer, etcdClient *etc
|
|||||||
}
|
}
|
||||||
|
|
||||||
for {
|
for {
|
||||||
if err := sys.Load(retryCtx, sys.store); err != nil {
|
if err := sys.Load(retryCtx); err != nil {
|
||||||
if configRetriableErrors(err) {
|
if configRetriableErrors(err) {
|
||||||
logger.Info("Waiting for all MinIO IAM sub-system to be initialized.. possible cause (%v)", err)
|
logger.Info("Waiting for all MinIO IAM sub-system to be initialized.. possible cause (%v)", err)
|
||||||
time.Sleep(time.Duration(r.Float64() * float64(5*time.Second)))
|
time.Sleep(time.Duration(r.Float64() * float64(5*time.Second)))
|
||||||
@ -329,7 +329,7 @@ func (sys *IAMSys) watch(ctx context.Context) {
|
|||||||
for {
|
for {
|
||||||
select {
|
select {
|
||||||
case <-ticker.C:
|
case <-ticker.C:
|
||||||
if err := sys.Load(ctx, sys.store); err != nil {
|
if err := sys.Load(ctx); err != nil {
|
||||||
logger.LogIf(ctx, err)
|
logger.LogIf(ctx, err)
|
||||||
}
|
}
|
||||||
case <-ctx.Done():
|
case <-ctx.Done():
|
||||||
|
@ -22,6 +22,7 @@ import (
|
|||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
"testing"
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/minio/madmin-go"
|
"github.com/minio/madmin-go"
|
||||||
"github.com/minio/minio/internal/auth"
|
"github.com/minio/minio/internal/auth"
|
||||||
@ -29,6 +30,9 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func TestCheckValid(t *testing.T) {
|
func TestCheckValid(t *testing.T) {
|
||||||
|
ctx, cancel := context.WithCancel(context.Background())
|
||||||
|
defer cancel()
|
||||||
|
|
||||||
objLayer, fsDir, err := prepareFS()
|
objLayer, fsDir, err := prepareFS()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatal(err)
|
t.Fatal(err)
|
||||||
@ -40,9 +44,9 @@ func TestCheckValid(t *testing.T) {
|
|||||||
|
|
||||||
newAllSubsystems()
|
newAllSubsystems()
|
||||||
|
|
||||||
initAllSubsystems(context.Background(), objLayer)
|
initAllSubsystems(ctx, objLayer)
|
||||||
|
|
||||||
globalIAMSys.InitStore(objLayer, globalEtcdClient)
|
globalIAMSys.Init(ctx, objLayer, globalEtcdClient, 2*time.Second)
|
||||||
|
|
||||||
req, err := newTestRequest(http.MethodGet, "http://example.com:9000/bucket/object", 0, nil)
|
req, err := newTestRequest(http.MethodGet, "http://example.com:9000/bucket/object", 0, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -1477,10 +1477,6 @@ func newTestObjectLayer(ctx context.Context, endpointServerPools EndpointServerP
|
|||||||
|
|
||||||
newAllSubsystems()
|
newAllSubsystems()
|
||||||
|
|
||||||
initAllSubsystems(ctx, z)
|
|
||||||
|
|
||||||
globalIAMSys.InitStore(z, globalEtcdClient)
|
|
||||||
|
|
||||||
return z, nil
|
return z, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1522,12 +1518,12 @@ func removeDiskN(disks []string, n int) {
|
|||||||
// initializes the specified API endpoints for the tests.
|
// initializes the specified API endpoints for the tests.
|
||||||
// initialies the root and returns its path.
|
// initialies the root and returns its path.
|
||||||
// return credentials.
|
// return credentials.
|
||||||
func initAPIHandlerTest(obj ObjectLayer, endpoints []string) (string, http.Handler, error) {
|
func initAPIHandlerTest(ctx context.Context, obj ObjectLayer, endpoints []string) (string, http.Handler, error) {
|
||||||
newAllSubsystems()
|
newAllSubsystems()
|
||||||
|
|
||||||
initAllSubsystems(context.Background(), obj)
|
initAllSubsystems(ctx, obj)
|
||||||
|
|
||||||
globalIAMSys.InitStore(obj, globalEtcdClient)
|
globalIAMSys.Init(ctx, obj, globalEtcdClient, 2*time.Second)
|
||||||
|
|
||||||
// get random bucket name.
|
// get random bucket name.
|
||||||
bucketName := getRandomBucketName()
|
bucketName := getRandomBucketName()
|
||||||
@ -1736,7 +1732,7 @@ func ExecObjectLayerAPITest(t *testing.T, objAPITest objAPITestType, endpoints [
|
|||||||
t.Fatalf("Initialization of object layer failed for single node setup: %s", err)
|
t.Fatalf("Initialization of object layer failed for single node setup: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
bucketFS, fsAPIRouter, err := initAPIHandlerTest(objLayer, endpoints)
|
bucketFS, fsAPIRouter, err := initAPIHandlerTest(ctx, objLayer, endpoints)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Initialization of API handler tests failed: <ERROR> %s", err)
|
t.Fatalf("Initialization of API handler tests failed: <ERROR> %s", err)
|
||||||
}
|
}
|
||||||
@ -1758,7 +1754,7 @@ func ExecObjectLayerAPITest(t *testing.T, objAPITest objAPITestType, endpoints [
|
|||||||
}
|
}
|
||||||
defer objLayer.Shutdown(ctx)
|
defer objLayer.Shutdown(ctx)
|
||||||
|
|
||||||
bucketErasure, erAPIRouter, err := initAPIHandlerTest(objLayer, endpoints)
|
bucketErasure, erAPIRouter, err := initAPIHandlerTest(ctx, objLayer, endpoints)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("Initialzation of API handler tests failed: <ERROR> %s", err)
|
t.Fatalf("Initialzation of API handler tests failed: <ERROR> %s", err)
|
||||||
}
|
}
|
||||||
@ -1793,59 +1789,63 @@ type objTestDiskNotFoundType func(obj ObjectLayer, instanceType string, dirs []s
|
|||||||
// ExecObjectLayerTest - executes object layer tests.
|
// ExecObjectLayerTest - executes object layer tests.
|
||||||
// Creates single node and Erasure ObjectLayer instance and runs test for both the layers.
|
// Creates single node and Erasure ObjectLayer instance and runs test for both the layers.
|
||||||
func ExecObjectLayerTest(t TestErrHandler, objTest objTestType) {
|
func ExecObjectLayerTest(t TestErrHandler, objTest objTestType) {
|
||||||
ctx, cancel := context.WithCancel(context.Background())
|
{
|
||||||
defer cancel()
|
ctx, cancel := context.WithCancel(context.Background())
|
||||||
|
if localMetacacheMgr != nil {
|
||||||
|
localMetacacheMgr.deleteAll()
|
||||||
|
}
|
||||||
|
|
||||||
if localMetacacheMgr != nil {
|
objLayer, fsDir, err := prepareFS()
|
||||||
localMetacacheMgr.deleteAll()
|
if err != nil {
|
||||||
}
|
t.Fatalf("Initialization of object layer failed for single node setup: %s", err)
|
||||||
defer setObjectLayer(newObjectLayerFn())
|
}
|
||||||
|
setObjectLayer(objLayer)
|
||||||
|
|
||||||
objLayer, fsDir, err := prepareFS()
|
newAllSubsystems()
|
||||||
if err != nil {
|
|
||||||
t.Fatalf("Initialization of object layer failed for single node setup: %s", err)
|
|
||||||
}
|
|
||||||
setObjectLayer(objLayer)
|
|
||||||
|
|
||||||
newAllSubsystems()
|
// initialize the server and obtain the credentials and root.
|
||||||
|
// credentials are necessary to sign the HTTP request.
|
||||||
|
if err = newTestConfig(globalMinioDefaultRegion, objLayer); err != nil {
|
||||||
|
t.Fatal("Unexpected error", err)
|
||||||
|
}
|
||||||
|
initAllSubsystems(ctx, objLayer)
|
||||||
|
globalIAMSys.Init(ctx, objLayer, globalEtcdClient, 2*time.Second)
|
||||||
|
|
||||||
// initialize the server and obtain the credentials and root.
|
// Executing the object layer tests for single node setup.
|
||||||
// credentials are necessary to sign the HTTP request.
|
objTest(objLayer, FSTestStr, t)
|
||||||
if err = newTestConfig(globalMinioDefaultRegion, objLayer); err != nil {
|
|
||||||
t.Fatal("Unexpected error", err)
|
// Call clean up functions
|
||||||
|
cancel()
|
||||||
|
setObjectLayer(newObjectLayerFn())
|
||||||
|
removeRoots([]string{fsDir})
|
||||||
}
|
}
|
||||||
|
|
||||||
initAllSubsystems(ctx, objLayer)
|
{
|
||||||
|
ctx, cancel := context.WithCancel(context.Background())
|
||||||
|
|
||||||
globalIAMSys.InitStore(objLayer, globalEtcdClient)
|
if localMetacacheMgr != nil {
|
||||||
|
localMetacacheMgr.deleteAll()
|
||||||
|
}
|
||||||
|
|
||||||
// Executing the object layer tests for single node setup.
|
newAllSubsystems()
|
||||||
objTest(objLayer, FSTestStr, t)
|
objLayer, fsDirs, err := prepareErasureSets32(ctx)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("Initialization of object layer failed for Erasure setup: %s", err)
|
||||||
|
}
|
||||||
|
setObjectLayer(objLayer)
|
||||||
|
initAllSubsystems(ctx, objLayer)
|
||||||
|
globalIAMSys.Init(ctx, objLayer, globalEtcdClient, 2*time.Second)
|
||||||
|
|
||||||
if localMetacacheMgr != nil {
|
// Executing the object layer tests for Erasure.
|
||||||
localMetacacheMgr.deleteAll()
|
objTest(objLayer, ErasureTestStr, t)
|
||||||
}
|
|
||||||
defer setObjectLayer(newObjectLayerFn())
|
|
||||||
|
|
||||||
newAllSubsystems()
|
objLayer.Shutdown(context.Background())
|
||||||
objLayer, fsDirs, err := prepareErasureSets32(ctx)
|
if localMetacacheMgr != nil {
|
||||||
if err != nil {
|
localMetacacheMgr.deleteAll()
|
||||||
t.Fatalf("Initialization of object layer failed for Erasure setup: %s", err)
|
}
|
||||||
}
|
setObjectLayer(newObjectLayerFn())
|
||||||
setObjectLayer(objLayer)
|
cancel()
|
||||||
|
removeRoots(fsDirs)
|
||||||
defer objLayer.Shutdown(context.Background())
|
|
||||||
|
|
||||||
initAllSubsystems(ctx, objLayer)
|
|
||||||
|
|
||||||
globalIAMSys.InitStore(objLayer, globalEtcdClient)
|
|
||||||
|
|
||||||
defer removeRoots(append(fsDirs, fsDir))
|
|
||||||
// Executing the object layer tests for Erasure.
|
|
||||||
objTest(objLayer, ErasureTestStr, t)
|
|
||||||
|
|
||||||
if localMetacacheMgr != nil {
|
|
||||||
localMetacacheMgr.deleteAll()
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
2
go.mod
2
go.mod
@ -85,7 +85,7 @@ require (
|
|||||||
go.uber.org/atomic v1.9.0
|
go.uber.org/atomic v1.9.0
|
||||||
go.uber.org/zap v1.19.1
|
go.uber.org/zap v1.19.1
|
||||||
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519
|
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519
|
||||||
golang.org/x/net v0.0.0-20211020060615-d418f374d309
|
golang.org/x/net v0.0.0-20211020060615-d418f374d309 // indirect
|
||||||
golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f
|
golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f
|
||||||
golang.org/x/sys v0.0.0-20211020174200-9d6173849985
|
golang.org/x/sys v0.0.0-20211020174200-9d6173849985
|
||||||
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
|
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
|
||||||
|
Loading…
Reference in New Issue
Block a user