From 32c6b62932ebc5e91b48d20801a0f3eee830afc0 Mon Sep 17 00:00:00 2001 From: Bala FA Date: Tue, 31 Oct 2017 11:54:32 -0700 Subject: [PATCH] move credentials as separate package (#5115) --- cmd/admin-handlers.go | 4 +- cmd/admin-handlers_test.go | 3 +- cmd/api-errors.go | 5 +- cmd/auth-handler_test.go | 4 +- cmd/browser-peer-rpc.go | 6 +- cmd/browser-peer-rpc_test.go | 4 +- cmd/bucket-handlers_test.go | 14 +- cmd/bucket-notification-handlers_test.go | 10 +- cmd/bucket-policy-handlers_test.go | 7 +- cmd/common-main.go | 3 +- cmd/config-migrate.go | 3 +- cmd/config-old.go | 80 +++++------ cmd/config-v19.go | 13 +- cmd/credential_test.go | 100 -------------- cmd/gateway-b2.go | 3 +- cmd/globals.go | 3 +- cmd/jwt.go | 3 +- cmd/jwt_test.go | 12 +- cmd/lock-instrument.go | 11 +- cmd/lock-instrument_test.go | 19 --- cmd/object-handlers_test.go | 35 ++--- cmd/signature-v4-parser.go | 4 +- cmd/test-utils_test.go | 3 +- cmd/web-handlers.go | 9 +- cmd/credential.go => pkg/auth/credentials.go | 89 ++++++------ pkg/auth/credentials_test.go | 135 +++++++++++++++++++ 26 files changed, 306 insertions(+), 276 deletions(-) delete mode 100644 cmd/credential_test.go rename cmd/credential.go => pkg/auth/credentials.go (53%) create mode 100644 pkg/auth/credentials_test.go diff --git a/cmd/admin-handlers.go b/cmd/admin-handlers.go index 347689578..eae409186 100644 --- a/cmd/admin-handlers.go +++ b/cmd/admin-handlers.go @@ -28,6 +28,8 @@ import ( "strconv" "sync" "time" + + "github.com/minio/minio/pkg/auth" ) const ( @@ -168,7 +170,7 @@ func (adminAPI adminAPIHandlers) ServiceCredentialsHandler(w http.ResponseWriter return } - creds, err := createCredential(req.Username, req.Password) + creds, err := auth.CreateCredentials(req.Username, req.Password) if err != nil { writeErrorResponse(w, toAPIErrorCode(err), r.URL) return diff --git a/cmd/admin-handlers_test.go b/cmd/admin-handlers_test.go index 9f5f4c249..783716985 100644 --- a/cmd/admin-handlers_test.go +++ b/cmd/admin-handlers_test.go @@ -32,6 +32,7 @@ import ( "time" router "github.com/gorilla/mux" + "github.com/minio/minio/pkg/auth" ) var configJSON = []byte(`{ @@ -263,7 +264,7 @@ func testServiceSignalReceiver(cmd cmdType, t *testing.T) { // getServiceCmdRequest - Constructs a management REST API request for service // subcommands for a given cmdType value. -func getServiceCmdRequest(cmd cmdType, cred credential, body []byte) (*http.Request, error) { +func getServiceCmdRequest(cmd cmdType, cred auth.Credentials, body []byte) (*http.Request, error) { req, err := newTestRequest(cmd.apiMethod(), "/?service", 0, nil) if err != nil { return nil, err diff --git a/cmd/api-errors.go b/cmd/api-errors.go index 9ab9a51b7..339545afb 100644 --- a/cmd/api-errors.go +++ b/cmd/api-errors.go @@ -20,6 +20,7 @@ import ( "encoding/xml" "net/http" + "github.com/minio/minio/pkg/auth" "github.com/minio/minio/pkg/hash" ) @@ -687,9 +688,9 @@ func toAPIErrorCode(err error) (apiErr APIErrorCode) { apiErr = ErrEntityTooLarge case errDataTooSmall: apiErr = ErrEntityTooSmall - case errInvalidAccessKeyLength: + case auth.ErrInvalidAccessKeyLength: apiErr = ErrAdminInvalidAccessKey - case errInvalidSecretKeyLength: + case auth.ErrInvalidSecretKeyLength: apiErr = ErrAdminInvalidSecretKey } diff --git a/cmd/auth-handler_test.go b/cmd/auth-handler_test.go index 8071ce59f..c378d2154 100644 --- a/cmd/auth-handler_test.go +++ b/cmd/auth-handler_test.go @@ -23,6 +23,8 @@ import ( "net/url" "os" "testing" + + "github.com/minio/minio/pkg/auth" ) // Test get request auth type. @@ -327,7 +329,7 @@ func TestIsReqAuthenticated(t *testing.T) { } defer os.RemoveAll(path) - creds, err := createCredential("myuser", "mypassword") + creds, err := auth.CreateCredentials("myuser", "mypassword") if err != nil { t.Fatalf("unable create credential, %s", err) } diff --git a/cmd/browser-peer-rpc.go b/cmd/browser-peer-rpc.go index 6ae72900c..daace2eff 100644 --- a/cmd/browser-peer-rpc.go +++ b/cmd/browser-peer-rpc.go @@ -21,6 +21,8 @@ import ( "path" "sync" "time" + + "github.com/minio/minio/pkg/auth" ) // SetAuthPeerArgs - Arguments collection for SetAuth RPC call @@ -29,7 +31,7 @@ type SetAuthPeerArgs struct { AuthRPCArgs // New credentials that receiving peer should update to. - Creds credential + Creds auth.Credentials } // SetAuthPeer - Update to new credentials sent from a peer Minio @@ -64,7 +66,7 @@ func (br *browserPeerAPIHandlers) SetAuthPeer(args SetAuthPeerArgs, reply *AuthR } // Sends SetAuthPeer RPCs to all peers in the Minio cluster -func updateCredsOnPeers(creds credential) map[string]error { +func updateCredsOnPeers(creds auth.Credentials) map[string]error { // Get list of peer addresses (from globalS3Peers) peers := []string{} for _, p := range globalS3Peers { diff --git a/cmd/browser-peer-rpc_test.go b/cmd/browser-peer-rpc_test.go index f587bb330..cbaa01ebf 100644 --- a/cmd/browser-peer-rpc_test.go +++ b/cmd/browser-peer-rpc_test.go @@ -19,6 +19,8 @@ package cmd import ( "path" "testing" + + "github.com/minio/minio/pkg/auth" ) // API suite container common to both FS and XL. @@ -61,7 +63,7 @@ func TestBrowserPeerRPC(t *testing.T) { // Tests for browser peer rpc. func (s *TestRPCBrowserPeerSuite) testBrowserPeerRPC(t *testing.T) { // Construct RPC call arguments. - creds, err := createCredential("abcd1", "abcd1234") + creds, err := auth.CreateCredentials("abcd1", "abcd1234") if err != nil { t.Fatalf("unable to create credential. %v", err) } diff --git a/cmd/bucket-handlers_test.go b/cmd/bucket-handlers_test.go index a65ed5d95..4b3959314 100644 --- a/cmd/bucket-handlers_test.go +++ b/cmd/bucket-handlers_test.go @@ -24,6 +24,8 @@ import ( "net/http/httptest" "strconv" "testing" + + "github.com/minio/minio/pkg/auth" ) // Wrapper for calling GetBucketPolicy HTTP handler tests for both XL multiple disks and single node setup. @@ -32,7 +34,7 @@ func TestGetBucketLocationHandler(t *testing.T) { } func testGetBucketLocationHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { initBucketPolicies(obj) // test cases with sample input and expected output. @@ -177,7 +179,7 @@ func TestHeadBucketHandler(t *testing.T) { } func testHeadBucketHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { initBucketPolicies(obj) // test cases with sample input and expected output. @@ -284,7 +286,7 @@ func TestListMultipartUploadsHandler(t *testing.T) { // testListMultipartUploadsHandler - Tests validate listing of multipart uploads. func testListMultipartUploadsHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { initBucketPolicies(obj) // Collection of non-exhaustive ListMultipartUploads test cases, valid errors @@ -522,7 +524,7 @@ func TestListBucketsHandler(t *testing.T) { // testListBucketsHandler - Tests validate listing of buckets. func testListBucketsHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { testCases := []struct { bucketName string @@ -615,7 +617,7 @@ func TestAPIDeleteMultipleObjectsHandler(t *testing.T) { } func testAPIDeleteMultipleObjectsHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { initBucketPolicies(obj) var err error @@ -805,7 +807,7 @@ func TestIsBucketActionAllowed(t *testing.T) { } func testIsBucketActionAllowedHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { testCases := []struct { // input. diff --git a/cmd/bucket-notification-handlers_test.go b/cmd/bucket-notification-handlers_test.go index 1af07fc73..87cfd2205 100644 --- a/cmd/bucket-notification-handlers_test.go +++ b/cmd/bucket-notification-handlers_test.go @@ -28,6 +28,8 @@ import ( "os" "reflect" "testing" + + "github.com/minio/minio/pkg/auth" ) // Implement a dummy flush writer. @@ -181,7 +183,7 @@ func TestGetBucketNotificationHandler(t *testing.T) { } func testGetBucketNotificationHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { // declare sample configs filterRules := []filterRule{ { @@ -254,7 +256,7 @@ func TestPutBucketNotificationHandler(t *testing.T) { } func testPutBucketNotificationHandler(obj ObjectLayer, instanceType, - bucketName string, apiRouter http.Handler, credentials credential, + bucketName string, apiRouter http.Handler, credentials auth.Credentials, t *testing.T) { // declare sample configs @@ -344,7 +346,7 @@ func TestListenBucketNotificationNilHandler(t *testing.T) { } func testListenBucketNotificationNilHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { // get random bucket name. randBucket := getRandomBucketName() @@ -371,7 +373,7 @@ func testListenBucketNotificationNilHandler(obj ObjectLayer, instanceType, bucke } func testRemoveNotificationConfig(obj ObjectLayer, instanceType, - bucketName string, apiRouter http.Handler, credentials credential, + bucketName string, apiRouter http.Handler, credentials auth.Credentials, t *testing.T) { invalidBucket := "Invalid\\Bucket" diff --git a/cmd/bucket-policy-handlers_test.go b/cmd/bucket-policy-handlers_test.go index bdcf14c65..fefe9616f 100644 --- a/cmd/bucket-policy-handlers_test.go +++ b/cmd/bucket-policy-handlers_test.go @@ -27,6 +27,7 @@ import ( "github.com/minio/minio-go/pkg/policy" "github.com/minio/minio-go/pkg/set" + "github.com/minio/minio/pkg/auth" ) // Tests validate Bucket policy resource matcher. @@ -248,7 +249,7 @@ func TestPutBucketPolicyHandler(t *testing.T) { // testPutBucketPolicyHandler - Test for Bucket policy end point. func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { initBucketPolicies(obj) bucketName1 := fmt.Sprintf("%s-1", bucketName) @@ -455,7 +456,7 @@ func TestGetBucketPolicyHandler(t *testing.T) { // testGetBucketPolicyHandler - Test for end point which fetches the access policy json of the given bucket. func testGetBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { // initialize bucket policy. initBucketPolicies(obj) @@ -644,7 +645,7 @@ func TestDeleteBucketPolicyHandler(t *testing.T) { // testDeleteBucketPolicyHandler - Test for Delete bucket policy end point. func testDeleteBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { // initialize bucket policy. initBucketPolicies(obj) diff --git a/cmd/common-main.go b/cmd/common-main.go index 2640fd06e..c3f6fc1fb 100644 --- a/cmd/common-main.go +++ b/cmd/common-main.go @@ -24,6 +24,7 @@ import ( "time" "github.com/minio/cli" + "github.com/minio/minio/pkg/auth" ) // Check for updates and print a notification message @@ -95,7 +96,7 @@ func handleCommonEnvVars() { accessKey := os.Getenv("MINIO_ACCESS_KEY") secretKey := os.Getenv("MINIO_SECRET_KEY") if accessKey != "" && secretKey != "" { - cred, err := createCredential(accessKey, secretKey) + cred, err := auth.CreateCredentials(accessKey, secretKey) fatalIf(err, "Invalid access/secret Key set in environment.") // credential Envs are set globally. diff --git a/cmd/config-migrate.go b/cmd/config-migrate.go index 9380a854a..bda24047a 100644 --- a/cmd/config-migrate.go +++ b/cmd/config-migrate.go @@ -21,6 +21,7 @@ import ( "os" "path/filepath" + "github.com/minio/minio/pkg/auth" "github.com/minio/minio/pkg/quick" ) @@ -190,7 +191,7 @@ func migrateV2ToV3() error { return nil } - cred, err := createCredential(cv2.Credentials.AccessKey, cv2.Credentials.SecretKey) + cred, err := auth.CreateCredentials(cv2.Credentials.AccessKey, cv2.Credentials.SecretKey) if err != nil { return fmt.Errorf("Invalid credential in V2 configuration file. %v", err) } diff --git a/cmd/config-old.go b/cmd/config-old.go index f77b9e92c..e2919c9d9 100644 --- a/cmd/config-old.go +++ b/cmd/config-old.go @@ -16,7 +16,11 @@ package cmd -import "sync" +import ( + "sync" + + "github.com/minio/minio/pkg/auth" +) /////////////////// Config V1 /////////////////// type configV1 struct { @@ -92,8 +96,8 @@ type configV3 struct { Addr string `json:"address"` // S3 API configuration. - Credential credential `json:"credential"` - Region string `json:"region"` + Credential auth.Credentials `json:"credential"` + Region string `json:"region"` // Additional error logging configuration. Logger loggerV3 `json:"logger"` @@ -122,8 +126,8 @@ type configV4 struct { Version string `json:"version"` // S3 API configuration. - Credential credential `json:"credential"` - Region string `json:"region"` + Credential auth.Credentials `json:"credential"` + Region string `json:"region"` // Additional error logging configuration. Logger loggerV4 `json:"logger"` @@ -179,8 +183,8 @@ type configV5 struct { Version string `json:"version"` // S3 API configuration. - Credential credential `json:"credential"` - Region string `json:"region"` + Credential auth.Credentials `json:"credential"` + Region string `json:"region"` // Additional error logging configuration. Logger loggerV5 `json:"logger"` @@ -209,8 +213,8 @@ type configV6 struct { Version string `json:"version"` // S3 API configuration. - Credential credential `json:"credential"` - Region string `json:"region"` + Credential auth.Credentials `json:"credential"` + Region string `json:"region"` // Additional error logging configuration. Logger loggerV6 `json:"logger"` @@ -246,8 +250,8 @@ type serverConfigV7 struct { Version string `json:"version"` // S3 API configuration. - Credential credential `json:"credential"` - Region string `json:"region"` + Credential auth.Credentials `json:"credential"` + Region string `json:"region"` // Additional error logging configuration. Logger loggerV6 `json:"logger"` @@ -265,8 +269,8 @@ type serverConfigV8 struct { Version string `json:"version"` // S3 API configuration. - Credential credential `json:"credential"` - Region string `json:"region"` + Credential auth.Credentials `json:"credential"` + Region string `json:"region"` // Additional error logging configuration. Logger loggerV6 `json:"logger"` @@ -284,8 +288,8 @@ type serverConfigV9 struct { Version string `json:"version"` // S3 API configuration. - Credential credential `json:"credential"` - Region string `json:"region"` + Credential auth.Credentials `json:"credential"` + Region string `json:"region"` // Additional error logging configuration. Logger loggerV6 `json:"logger"` @@ -310,8 +314,8 @@ type serverConfigV10 struct { Version string `json:"version"` // S3 API configuration. - Credential credential `json:"credential"` - Region string `json:"region"` + Credential auth.Credentials `json:"credential"` + Region string `json:"region"` // Additional error logging configuration. Logger loggerV7 `json:"logger"` @@ -338,8 +342,8 @@ type serverConfigV11 struct { Version string `json:"version"` // S3 API configuration. - Credential credential `json:"credential"` - Region string `json:"region"` + Credential auth.Credentials `json:"credential"` + Region string `json:"region"` // Additional error logging configuration. Logger loggerV7 `json:"logger"` @@ -354,8 +358,8 @@ type serverConfigV12 struct { Version string `json:"version"` // S3 API configuration. - Credential credential `json:"credential"` - Region string `json:"region"` + Credential auth.Credentials `json:"credential"` + Region string `json:"region"` // Additional error logging configuration. Logger loggerV7 `json:"logger"` @@ -370,8 +374,8 @@ type serverConfigV13 struct { Version string `json:"version"` // S3 API configuration. - Credential credential `json:"credential"` - Region string `json:"region"` + Credential auth.Credentials `json:"credential"` + Region string `json:"region"` // Additional error logging configuration. Logger *loggerV7 `json:"logger"` @@ -386,9 +390,9 @@ type serverConfigV14 struct { Version string `json:"version"` // S3 API configuration. - Credential credential `json:"credential"` - Region string `json:"region"` - Browser BrowserFlag `json:"browser"` + Credential auth.Credentials `json:"credential"` + Region string `json:"region"` + Browser BrowserFlag `json:"browser"` // Additional error logging configuration. Logger *loggerV7 `json:"logger"` @@ -403,9 +407,9 @@ type serverConfigV15 struct { Version string `json:"version"` // S3 API configuration. - Credential credential `json:"credential"` - Region string `json:"region"` - Browser BrowserFlag `json:"browser"` + Credential auth.Credentials `json:"credential"` + Region string `json:"region"` + Browser BrowserFlag `json:"browser"` // Additional error logging configuration. Logger *loggerV7 `json:"logger"` @@ -420,9 +424,9 @@ type serverConfigV16 struct { Version string `json:"version"` // S3 API configuration. - Credential credential `json:"credential"` - Region string `json:"region"` - Browser BrowserFlag `json:"browser"` + Credential auth.Credentials `json:"credential"` + Region string `json:"region"` + Browser BrowserFlag `json:"browser"` // Additional error logging configuration. Logger *loggers `json:"logger"` @@ -439,9 +443,9 @@ type serverConfigV17 struct { Version string `json:"version"` // S3 API configuration. - Credential credential `json:"credential"` - Region string `json:"region"` - Browser BrowserFlag `json:"browser"` + Credential auth.Credentials `json:"credential"` + Region string `json:"region"` + Browser BrowserFlag `json:"browser"` // Additional error logging configuration. Logger *loggers `json:"logger"` @@ -458,9 +462,9 @@ type serverConfigV18 struct { Version string `json:"version"` // S3 API configuration. - Credential credential `json:"credential"` - Region string `json:"region"` - Browser BrowserFlag `json:"browser"` + Credential auth.Credentials `json:"credential"` + Region string `json:"region"` + Browser BrowserFlag `json:"browser"` // Additional error logging configuration. Logger *loggers `json:"logger"` diff --git a/cmd/config-v19.go b/cmd/config-v19.go index 1045db1cf..c81e836c1 100644 --- a/cmd/config-v19.go +++ b/cmd/config-v19.go @@ -22,6 +22,7 @@ import ( "io/ioutil" "sync" + "github.com/minio/minio/pkg/auth" "github.com/minio/minio/pkg/quick" "github.com/tidwall/gjson" ) @@ -42,9 +43,9 @@ type serverConfigV19 struct { Version string `json:"version"` // S3 API configuration. - Credential credential `json:"credential"` - Region string `json:"region"` - Browser BrowserFlag `json:"browser"` + Credential auth.Credentials `json:"credential"` + Region string `json:"region"` + Browser BrowserFlag `json:"browser"` // Additional error logging configuration. Logger *loggers `json:"logger"` @@ -79,7 +80,7 @@ func (s *serverConfigV19) GetRegion() string { } // SetCredentials set new credentials. SetCredential returns the previous credential. -func (s *serverConfigV19) SetCredential(creds credential) (prevCred credential) { +func (s *serverConfigV19) SetCredential(creds auth.Credentials) (prevCred auth.Credentials) { s.Lock() defer s.Unlock() @@ -94,7 +95,7 @@ func (s *serverConfigV19) SetCredential(creds credential) (prevCred credential) } // GetCredentials get current credentials. -func (s *serverConfigV19) GetCredential() credential { +func (s *serverConfigV19) GetCredential() auth.Credentials { s.RLock() defer s.RUnlock() @@ -130,7 +131,7 @@ func (s *serverConfigV19) Save() error { func newServerConfigV19() *serverConfigV19 { srvCfg := &serverConfigV19{ Version: v19, - Credential: mustGetNewCredential(), + Credential: auth.MustGetNewCredentials(), Region: globalMinioDefaultRegion, Browser: true, Logger: &loggers{}, diff --git a/cmd/credential_test.go b/cmd/credential_test.go deleted file mode 100644 index ac04c66ce..000000000 --- a/cmd/credential_test.go +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Minio Cloud Storage, (C) 2017 Minio, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package cmd - -import "testing" - -func TestMustGetNewCredential(t *testing.T) { - cred := mustGetNewCredential() - if !cred.IsValid() { - t.Fatalf("Failed to get new valid credential") - } - if len(cred.SecretKey) != secretKeyMaxLen { - t.Fatalf("Invalid length %d of the secretKey credential generated, expected %d", len(cred.SecretKey), secretKeyMaxLen) - } -} - -func TestCreateCredential(t *testing.T) { - cred := mustGetNewCredential() - testCases := []struct { - accessKey string - secretKey string - expectedResult bool - expectedErr error - }{ - // Access key too small (min 5 chars). - {"user", "pass", false, errInvalidAccessKeyLength}, - // Long access key is ok. - {"user123456789012345678901234567890", "password", true, nil}, - // Secret key too small (min 8 chars). - {"myuser", "pass", false, errInvalidSecretKeyLength}, - // Long secret key is ok. - {"myuser", "pass1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890", true, nil}, - {"myuser", "mypassword", true, nil}, - {cred.AccessKey, cred.SecretKey, true, nil}, - } - - for _, testCase := range testCases { - cred, err := createCredential(testCase.accessKey, testCase.secretKey) - if testCase.expectedErr == nil { - if err != nil { - t.Fatalf("error: expected = , got = %v", err) - } - } else if err == nil { - t.Fatalf("error: expected = %v, got = ", testCase.expectedErr) - } else if testCase.expectedErr.Error() != err.Error() { - t.Fatalf("error: expected = %v, got = %v", testCase.expectedErr, err) - } - - if testCase.expectedResult != cred.IsValid() { - t.Fatalf("cred: expected: %v, got: %v", testCase.expectedResult, cred.IsValid()) - } - } -} - -func TestCredentialEqual(t *testing.T) { - cred := mustGetNewCredential() - testCases := []struct { - cred credential - ccred credential - expectedResult bool - }{ - // Empty compare credential - {cred, credential{}, false}, - // Empty credential - {credential{}, cred, false}, - // Two different credentials - {cred, mustGetNewCredential(), false}, - // Access key is different in compare credential. - {cred, credential{AccessKey: "myuser", SecretKey: cred.SecretKey}, false}, - // Secret key is different in compare credential. - {cred, credential{AccessKey: cred.AccessKey, SecretKey: "mypassword"}, false}, - // secretHashKey is missing in compare credential. - {cred, credential{AccessKey: cred.AccessKey, SecretKey: cred.SecretKey}, true}, - // secretHashKey is missing in credential. - {credential{AccessKey: cred.AccessKey, SecretKey: cred.SecretKey}, cred, true}, - // Same credentials. - {cred, cred, true}, - } - - for _, testCase := range testCases { - result := testCase.cred.Equal(testCase.ccred) - if result != testCase.expectedResult { - t.Fatalf("cred: expected: %v, got: %v", testCase.expectedResult, result) - } - } -} diff --git a/cmd/gateway-b2.go b/cmd/gateway-b2.go index 044650ebe..58c4a2f96 100644 --- a/cmd/gateway-b2.go +++ b/cmd/gateway-b2.go @@ -31,6 +31,7 @@ import ( b2 "github.com/minio/blazer/base" "github.com/minio/cli" "github.com/minio/minio-go/pkg/policy" + "github.com/minio/minio/pkg/auth" h2 "github.com/minio/minio/pkg/hash" ) @@ -101,7 +102,7 @@ func (g *B2Gateway) NewGatewayLayer() (GatewayLayer, error) { type b2Objects struct { gatewayUnsupported mu sync.Mutex - creds credential + creds auth.Credentials b2Client *b2.B2 anonClient *http.Client ctx context.Context diff --git a/cmd/globals.go b/cmd/globals.go index 08a8d8316..d38eda338 100644 --- a/cmd/globals.go +++ b/cmd/globals.go @@ -25,6 +25,7 @@ import ( humanize "github.com/dustin/go-humanize" "github.com/fatih/color" + "github.com/minio/minio/pkg/auth" miniohttp "github.com/minio/minio/pkg/http" ) @@ -142,7 +143,7 @@ var ( // Time when object layer was initialized on start up. globalBootTime time.Time - globalActiveCred credential + globalActiveCred auth.Credentials globalPublicCerts []*x509.Certificate globalXLObjCacheDisabled bool // Add new variable global values here. diff --git a/cmd/jwt.go b/cmd/jwt.go index de1dc491a..06617d448 100644 --- a/cmd/jwt.go +++ b/cmd/jwt.go @@ -24,6 +24,7 @@ import ( jwtgo "github.com/dgrijalva/jwt-go" jwtreq "github.com/dgrijalva/jwt-go/request" + "github.com/minio/minio/pkg/auth" ) const ( @@ -47,7 +48,7 @@ var ( ) func authenticateJWT(accessKey, secretKey string, expiry time.Duration) (string, error) { - passedCredential, err := createCredential(accessKey, secretKey) + passedCredential, err := auth.CreateCredentials(accessKey, secretKey) if err != nil { return "", err } diff --git a/cmd/jwt_test.go b/cmd/jwt_test.go index f7b2efe10..e612deaed 100644 --- a/cmd/jwt_test.go +++ b/cmd/jwt_test.go @@ -20,6 +20,8 @@ import ( "net/http" "os" "testing" + + "github.com/minio/minio/pkg/auth" ) func testAuthenticate(authType string, t *testing.T) { @@ -28,11 +30,7 @@ func testAuthenticate(authType string, t *testing.T) { t.Fatalf("unable initialize config file, %s", err) } defer os.RemoveAll(testPath) - // Create access and secret keys in length, 300 and 600 - cred, err := getNewCredential(300, 600) - if err != nil { - t.Fatalf("unable to get new credential, %v", err) - } + cred := auth.MustGetNewCredentials() serverConfig.SetCredential(cred) // Define test cases. @@ -42,9 +40,9 @@ func testAuthenticate(authType string, t *testing.T) { expectedErr error }{ // Access key (less than 5 chrs) too small. - {"user", cred.SecretKey, errInvalidAccessKeyLength}, + {"user", cred.SecretKey, auth.ErrInvalidAccessKeyLength}, // Secret key (less than 8 chrs) too small. - {cred.AccessKey, "pass", errInvalidSecretKeyLength}, + {cred.AccessKey, "pass", auth.ErrInvalidSecretKeyLength}, // Authentication error. {"myuser", "mypassword", errInvalidAccessKeyID}, // Authentication error. diff --git a/cmd/lock-instrument.go b/cmd/lock-instrument.go index 926bc0fc7..8161d3f8e 100644 --- a/cmd/lock-instrument.go +++ b/cmd/lock-instrument.go @@ -17,7 +17,6 @@ package cmd import ( - "crypto/rand" "fmt" "time" ) @@ -258,13 +257,5 @@ func (n *nsLockMap) deleteLockInfoEntryForOps(param nsParam, opsID string) error // Return randomly generated string ID func getOpsID() string { - const opsIDLen = 16 - opsIDBytes := make([]byte, opsIDLen) - if _, err := rand.Read(opsIDBytes); err != nil { - panic(err) - } - for i := 0; i < opsIDLen; i++ { - opsIDBytes[i] = alphaNumericTable[opsIDBytes[i]%alphaNumericTableLen] - } - return string(opsIDBytes) + return mustGetUUID() } diff --git a/cmd/lock-instrument_test.go b/cmd/lock-instrument_test.go index 8e2f8f1e9..8d973e02b 100644 --- a/cmd/lock-instrument_test.go +++ b/cmd/lock-instrument_test.go @@ -179,25 +179,6 @@ func verifyLockState(l lockStateCase, t *testing.T, testNum int) { verifyLockStats(l, t, testNum) } -func TestGetOpsID(t *testing.T) { - // Ensure that it returns an alphanumeric result of length 16. - var id = getOpsID() - - if len(id) != 16 { - t.Fail() - } - - var e rune - for _, char := range id { - e = rune(char) - - // Ensure that it is alphanumeric, in this case, between 0-9 and A-Z. - if !(('0' <= e && e <= '9') || ('A' <= e && e <= 'Z')) { - t.Fail() - } - } -} - // TestNewDebugLockInfoPerVolumePath - Validates the values initialized by newDebugLockInfoPerVolumePath(). func TestNewDebugLockInfoPerVolumePath(t *testing.T) { lockInfo := &debugLockInfoPerVolumePath{ diff --git a/cmd/object-handlers_test.go b/cmd/object-handlers_test.go index 82a7ea7ce..95ff9d3d6 100644 --- a/cmd/object-handlers_test.go +++ b/cmd/object-handlers_test.go @@ -30,6 +30,7 @@ import ( "testing" humanize "github.com/dustin/go-humanize" + "github.com/minio/minio/pkg/auth" ) // Type to capture different modifications to API request to simulate failure cases. @@ -51,7 +52,7 @@ func TestAPIHeadObjectHandler(t *testing.T) { } func testAPIHeadObjectHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { objectName := "test-object" // set of byte data for PutObject. // object has to be created before running tests for HeadObject. @@ -197,7 +198,7 @@ func TestAPIGetObjectHandler(t *testing.T) { } func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { objectName := "test-object" // set of byte data for PutObject. // object has to be created before running tests for GetObject. @@ -470,7 +471,7 @@ func TestAPIPutObjectStreamSigV4Handler(t *testing.T) { } func testAPIPutObjectStreamSigV4Handler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { objectName := "test-object" bytesDataLen := 65 * humanize.KiByte @@ -784,7 +785,7 @@ func TestAPIPutObjectHandler(t *testing.T) { } func testAPIPutObjectHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { // register event notifier. err := initEventNotifier(obj) @@ -1023,7 +1024,7 @@ func TestAPICopyObjectPartHandlerSanity(t *testing.T) { } func testAPICopyObjectPartHandlerSanity(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { objectName := "test-object" // register event notifier. @@ -1138,7 +1139,7 @@ func TestAPICopyObjectPartHandler(t *testing.T) { } func testAPICopyObjectPartHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { objectName := "test-object" // register event notifier. @@ -1468,7 +1469,7 @@ func TestAPICopyObjectHandler(t *testing.T) { } func testAPICopyObjectHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { objectName := "test-object" // object used for anonymous HTTP request test. @@ -1886,7 +1887,7 @@ func TestAPINewMultipartHandler(t *testing.T) { } func testAPINewMultipartHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { objectName := "test-object-new-multipart" rec := httptest.NewRecorder() @@ -2032,7 +2033,7 @@ func TestAPINewMultipartHandlerParallel(t *testing.T) { } func testAPINewMultipartHandlerParallel(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { // used for storing the uploadID's parsed on concurrent HTTP requests for NewMultipart upload on the same object. testUploads := struct { sync.Mutex @@ -2092,7 +2093,7 @@ func TestAPICompleteMultipartHandler(t *testing.T) { } func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { var err error // register event notifier. @@ -2447,7 +2448,7 @@ func TestAPIAbortMultipartHandler(t *testing.T) { } func testAPIAbortMultipartHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { var err error // register event notifier. @@ -2616,7 +2617,7 @@ func TestAPIDeleteObjectHandler(t *testing.T) { } func testAPIDeleteObjectHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { // register event notifier. err := initEventNotifier(obj) @@ -2783,7 +2784,7 @@ func TestAPIPutObjectPartHandlerPreSign(t *testing.T) { } func testAPIPutObjectPartHandlerPreSign(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { testObject := "testobject" rec := httptest.NewRecorder() req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, "testobject"), @@ -2850,7 +2851,7 @@ func TestAPIPutObjectPartHandlerStreaming(t *testing.T) { } func testAPIPutObjectPartHandlerStreaming(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { testObject := "testobject" rec := httptest.NewRecorder() req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, "testobject"), @@ -2938,7 +2939,7 @@ func TestAPIPutObjectPartHandler(t *testing.T) { } func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { // Initiate Multipart upload for testing PutObjectPartHandler. testObject := "testobject" @@ -3255,7 +3256,7 @@ func TestAPIListObjectPartsHandlerPreSign(t *testing.T) { } func testAPIListObjectPartsHandlerPreSign(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { testObject := "testobject" rec := httptest.NewRecorder() req, err := newTestSignedRequestV4("POST", getNewMultipartURL("", bucketName, testObject), @@ -3343,7 +3344,7 @@ func TestAPIListObjectPartsHandler(t *testing.T) { } func testAPIListObjectPartsHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler, - credentials credential, t *testing.T) { + credentials auth.Credentials, t *testing.T) { testObject := "testobject" // PutObjectPart API HTTP Handler has to be tested in isolation, diff --git a/cmd/signature-v4-parser.go b/cmd/signature-v4-parser.go index de2e10ede..a2bf19601 100644 --- a/cmd/signature-v4-parser.go +++ b/cmd/signature-v4-parser.go @@ -20,6 +20,8 @@ import ( "net/url" "strings" "time" + + "github.com/minio/minio/pkg/auth" ) // credentialHeader data type represents structured form of Credential @@ -57,7 +59,7 @@ func parseCredentialHeader(credElement string) (ch credentialHeader, aec APIErro if len(credElements) != 5 { return ch, ErrCredMalformed } - if !isAccessKeyValid(credElements[0]) { + if !auth.IsAccessKeyValid(credElements[0]) { return ch, ErrInvalidAccessKeyID } // Save access key id. diff --git a/cmd/test-utils_test.go b/cmd/test-utils_test.go index 79b40e987..cd2239571 100644 --- a/cmd/test-utils_test.go +++ b/cmd/test-utils_test.go @@ -54,6 +54,7 @@ import ( router "github.com/gorilla/mux" "github.com/minio/minio-go/pkg/policy" "github.com/minio/minio-go/pkg/s3signer" + "github.com/minio/minio/pkg/auth" "github.com/minio/minio/pkg/hash" ) @@ -1962,7 +1963,7 @@ func ExecObjectLayerAPITest(t *testing.T, objAPITest objAPITestType, endpoints [ // function to be passed to ExecObjectLayerAPITest, for executing object layr API handler tests. type objAPITestType func(obj ObjectLayer, instanceType string, bucketName string, - apiRouter http.Handler, credentials credential, t *testing.T) + apiRouter http.Handler, credentials auth.Credentials, t *testing.T) // Regular object test type. type objTestType func(obj ObjectLayer, instanceType string, t TestErrHandler) diff --git a/cmd/web-handlers.go b/cmd/web-handlers.go index 9e888e4df..b419761a7 100644 --- a/cmd/web-handlers.go +++ b/cmd/web-handlers.go @@ -36,6 +36,7 @@ import ( "github.com/gorilla/rpc/v2/json2" "github.com/minio/minio-go/pkg/policy" "github.com/minio/minio/browser" + "github.com/minio/minio/pkg/auth" "github.com/minio/minio/pkg/hash" ) @@ -368,7 +369,7 @@ func (web webAPIHandlers) GenerateAuth(r *http.Request, args *WebGenericArgs, re if !isHTTPRequestValid(r) { return toJSONError(errAuthentication) } - cred := mustGetNewCredential() + cred := auth.MustGetNewCredentials() reply.AccessKey = cred.AccessKey reply.SecretKey = cred.SecretKey reply.UIVersion = browser.UIVersion @@ -399,7 +400,7 @@ func (web *webAPIHandlers) SetAuth(r *http.Request, args *SetAuthArgs, reply *Se return toJSONError(errChangeCredNotAllowed) } - creds, err := createCredential(args.AccessKey, args.SecretKey) + creds, err := auth.CreateCredentials(args.AccessKey, args.SecretKey) if err != nil { return toJSONError(err) } @@ -1016,13 +1017,13 @@ func toWebAPIError(err error) APIError { HTTPStatusCode: http.StatusServiceUnavailable, Description: err.Error(), } - } else if err == errInvalidAccessKeyLength { + } else if err == auth.ErrInvalidAccessKeyLength { return APIError{ Code: "AccessDenied", HTTPStatusCode: http.StatusForbidden, Description: err.Error(), } - } else if err == errInvalidSecretKeyLength { + } else if err == auth.ErrInvalidSecretKeyLength { return APIError{ Code: "AccessDenied", HTTPStatusCode: http.StatusForbidden, diff --git a/cmd/credential.go b/pkg/auth/credentials.go similarity index 53% rename from cmd/credential.go rename to pkg/auth/credentials.go index c68759b2b..57e2d2e7f 100644 --- a/cmd/credential.go +++ b/pkg/auth/credentials.go @@ -14,13 +14,13 @@ * limitations under the License. */ -package cmd +package auth import ( "crypto/rand" "crypto/subtle" "encoding/base64" - "errors" + "fmt" ) const ( @@ -48,12 +48,12 @@ const ( // Common errors generated for access and secret key validation. var ( - errInvalidAccessKeyLength = errors.New("Invalid access key, access key should be minimum 5 characters in length") - errInvalidSecretKeyLength = errors.New("Invalid secret key, secret key should be minimum 8 characters in length") + ErrInvalidAccessKeyLength = fmt.Errorf("access key must be minimum %v or more characters long", accessKeyMinLen) + ErrInvalidSecretKeyLength = fmt.Errorf("secret key must be minimum %v or more characters long", secretKeyMinLen) ) -// isAccessKeyValid - validate access key for right length. -func isAccessKeyValid(accessKey string) bool { +// IsAccessKeyValid - validate access key for right length. +func IsAccessKeyValid(accessKey string) bool { return len(accessKey) >= accessKeyMinLen } @@ -62,67 +62,62 @@ func isSecretKeyValid(secretKey string) bool { return len(secretKey) >= secretKeyMinLen } -// credential container for access and secret keys. -type credential struct { +// Credentials holds access and secret keys. +type Credentials struct { AccessKey string `json:"accessKey,omitempty"` SecretKey string `json:"secretKey,omitempty"` } // IsValid - returns whether credential is valid or not. -func (cred credential) IsValid() bool { - return isAccessKeyValid(cred.AccessKey) && isSecretKeyValid(cred.SecretKey) +func (cred Credentials) IsValid() bool { + return IsAccessKeyValid(cred.AccessKey) && isSecretKeyValid(cred.SecretKey) } -// Equals - returns whether two credentials are equal or not. -func (cred credential) Equal(ccred credential) bool { +// Equal - returns whether two credentials are equal or not. +func (cred Credentials) Equal(ccred Credentials) bool { if !ccred.IsValid() { return false } return cred.AccessKey == ccred.AccessKey && subtle.ConstantTimeCompare([]byte(cred.SecretKey), []byte(ccred.SecretKey)) == 1 } -// createCredential returns new credentials from the given access key and secret key. -// It returns an error if the access key or secret key are too long or short. -func createCredential(accessKey, secretKey string) (credential, error) { - if !isAccessKeyValid(accessKey) { - return credential{}, errInvalidAccessKeyLength +// MustGetNewCredentials generates and returns new credential. +func MustGetNewCredentials() (cred Credentials) { + readBytes := func(size int) (data []byte) { + data = make([]byte, size) + if n, err := rand.Read(data); err != nil { + panic(err) + } else if n != size { + panic(fmt.Errorf("not enough data read. expected: %v, got: %v", size, n)) + } + return } - if !isSecretKeyValid(secretKey) { - return credential{}, errInvalidSecretKeyLength - } - return credential{ - AccessKey: accessKey, - SecretKey: secretKey, - }, nil -} -// Initialize a new credential object -func getNewCredential(accessKeyLen, secretKeyLen int) (cred credential, err error) { - keyBytes := make([]byte, accessKeyLen) - _, err = rand.Read(keyBytes) - if err != nil { - return cred, err - } - for i := 0; i < accessKeyLen; i++ { + // Generate access key. + keyBytes := readBytes(accessKeyMaxLen) + for i := 0; i < accessKeyMaxLen; i++ { keyBytes[i] = alphaNumericTable[keyBytes[i]%alphaNumericTableLen] } - accessKey := string(keyBytes) + cred.AccessKey = string(keyBytes) // Generate secret key. - keyBytes = make([]byte, secretKeyLen) - _, err = rand.Read(keyBytes) - if err != nil { - return cred, err - } - secretKey := string([]byte(base64.StdEncoding.EncodeToString(keyBytes))[:secretKeyLen]) - cred, err = createCredential(accessKey, secretKey) + keyBytes = readBytes(secretKeyMaxLen) + cred.SecretKey = string([]byte(base64.StdEncoding.EncodeToString(keyBytes))[:secretKeyMaxLen]) - return cred, err + return cred } -func mustGetNewCredential() credential { - // Generate Minio credentials with Minio key max lengths. - cred, err := getNewCredential(accessKeyMaxLen, secretKeyMaxLen) - fatalIf(err, "Unable to generate new credentials.") - return cred +// CreateCredentials returns new credential with the given access key and secret key. +// Error is returned if given access key or secret key are invalid length. +func CreateCredentials(accessKey, secretKey string) (cred Credentials, err error) { + if !IsAccessKeyValid(accessKey) { + return cred, ErrInvalidAccessKeyLength + } + if !isSecretKeyValid(secretKey) { + return cred, ErrInvalidSecretKeyLength + } + + cred.AccessKey = accessKey + cred.SecretKey = secretKey + return cred, nil } diff --git a/pkg/auth/credentials_test.go b/pkg/auth/credentials_test.go new file mode 100644 index 000000000..ac592349e --- /dev/null +++ b/pkg/auth/credentials_test.go @@ -0,0 +1,135 @@ +/* + * Minio Cloud Storage, (C) 2017 Minio, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package auth + +import "testing" + +func TestIsAccessKeyValid(t *testing.T) { + testCases := []struct { + accessKey string + expectedResult bool + }{ + {alphaNumericTable[:accessKeyMinLen], true}, + {alphaNumericTable[:accessKeyMinLen+1], true}, + {alphaNumericTable[:accessKeyMinLen-1], false}, + } + + for i, testCase := range testCases { + result := IsAccessKeyValid(testCase.accessKey) + if result != testCase.expectedResult { + t.Fatalf("test %v: expected: %v, got: %v", i+1, testCase.expectedResult, result) + } + } +} + +func TestIsSecretKeyValid(t *testing.T) { + testCases := []struct { + secretKey string + expectedResult bool + }{ + {alphaNumericTable[:secretKeyMinLen], true}, + {alphaNumericTable[:secretKeyMinLen+1], true}, + {alphaNumericTable[:secretKeyMinLen-1], false}, + } + + for i, testCase := range testCases { + result := isSecretKeyValid(testCase.secretKey) + if result != testCase.expectedResult { + t.Fatalf("test %v: expected: %v, got: %v", i+1, testCase.expectedResult, result) + } + } +} + +func TestMustGetNewCredentials(t *testing.T) { + cred := MustGetNewCredentials() + if !cred.IsValid() { + t.Fatalf("Failed to get new valid credential") + } + if len(cred.AccessKey) != accessKeyMaxLen { + t.Fatalf("access key length: expected: %v, got: %v", secretKeyMaxLen, len(cred.AccessKey)) + } + if len(cred.SecretKey) != secretKeyMaxLen { + t.Fatalf("secret key length: expected: %v, got: %v", secretKeyMaxLen, len(cred.SecretKey)) + } +} + +func TestCreateCredentials(t *testing.T) { + testCases := []struct { + accessKey string + secretKey string + valid bool + expectedErr error + }{ + // Valid access and secret keys with minimum length. + {alphaNumericTable[:accessKeyMinLen], alphaNumericTable[:secretKeyMinLen], true, nil}, + // Valid access and/or secret keys are longer than minimum length. + {alphaNumericTable[:accessKeyMinLen+1], alphaNumericTable[:secretKeyMinLen+1], true, nil}, + // Smaller access key. + {alphaNumericTable[:accessKeyMinLen-1], alphaNumericTable[:secretKeyMinLen], false, ErrInvalidAccessKeyLength}, + // Smaller secret key. + {alphaNumericTable[:accessKeyMinLen], alphaNumericTable[:secretKeyMinLen-1], false, ErrInvalidSecretKeyLength}, + } + + for i, testCase := range testCases { + cred, err := CreateCredentials(testCase.accessKey, testCase.secretKey) + + if err != nil { + if testCase.expectedErr == nil { + t.Fatalf("test %v: error: expected = , got = %v", i+1, err) + } + if testCase.expectedErr.Error() != err.Error() { + t.Fatalf("test %v: error: expected = %v, got = %v", i+1, testCase.expectedErr, err) + } + } else { + if testCase.expectedErr != nil { + t.Fatalf("test %v: error: expected = %v, got = ", i+1, testCase.expectedErr) + } + if !cred.IsValid() { + t.Fatalf("test %v: got invalid credentials", i+1) + } + } + } +} + +func TestCredentialsEqual(t *testing.T) { + cred := MustGetNewCredentials() + testCases := []struct { + cred Credentials + ccred Credentials + expectedResult bool + }{ + // Same Credentialss. + {cred, cred, true}, + // Empty credentials to compare. + {cred, Credentials{}, false}, + // Empty credentials. + {Credentials{}, cred, false}, + // Two different credentialss + {cred, MustGetNewCredentials(), false}, + // Access key is different in credentials to compare. + {cred, Credentials{AccessKey: "myuser", SecretKey: cred.SecretKey}, false}, + // Secret key is different in credentials to compare. + {cred, Credentials{AccessKey: cred.AccessKey, SecretKey: "mypassword"}, false}, + } + + for i, testCase := range testCases { + result := testCase.cred.Equal(testCase.ccred) + if result != testCase.expectedResult { + t.Fatalf("test %v: expected: %v, got: %v", i+1, testCase.expectedResult, result) + } + } +}