Files
seaweedfs/weed/command/mini_admin_auth_test.go
T
Chris Lu 53342c9ba6 mini: resolve admin credentials from security.toml and env vars (#10021)
* mini: resolve admin credentials from security.toml and env vars

weed mini started the admin UI without resolving admin.user/admin.password
(and the read-only pair) from security.toml [admin] or WEED_ADMIN_* env vars,
so the only way to protect the UI was the -admin.password flag. The standalone
weed admin command applies these fallbacks in runAdmin via applyViperFallback;
the mini path calls startAdminServer directly and skipped it, leaving
authRequired false and the UI unauthenticated.

* mini: load admin.toml maintenance settings

The mini admin path runs ApplyMaintenanceConfigFromToml (via startAdminServer)
against the global viper, but runMini never merged admin.toml, so file-based
maintenance task settings ([maintenance.vacuum], .balance, .erasure_coding)
were ignored under mini while the standalone weed admin honored them. Load it
alongside master/volume config.

* mini: support -admin.urlPrefix for the admin UI

Expose the reverse-proxy subdirectory prefix that the standalone weed admin
already supports, so the mini admin UI can run under e.g. /seaweedfs. The
prefix is normalized the same way and passed through to startAdminServer.
2026-06-19 13:04:04 -07:00

42 lines
1.4 KiB
Go

package command
import "testing"
// weed mini must resolve admin credentials from security.toml [admin] /
// WEED_ADMIN_* env vars the same way the standalone `weed admin` command does.
// This exercises the production fallback so the flag-name -> viper-key mapping
// stays correct, in particular the read-only keys where the mini flag
// (admin.readOnlyUser) and viper key (admin.readonly.user) differ.
func TestApplyMiniAdminCredentialFallbackFromEnv(t *testing.T) {
adminUser, adminPassword, readOnlyUser, readOnlyPassword := "admin", "", "", ""
options := &AdminOptions{
adminUser: &adminUser,
adminPassword: &adminPassword,
readOnlyUser: &readOnlyUser,
readOnlyPassword: &readOnlyPassword,
}
t.Setenv("WEED_ADMIN_USER", "env-admin")
t.Setenv("WEED_ADMIN_PASSWORD", "env-secret")
t.Setenv("WEED_ADMIN_READONLY_USER", "env-ro")
t.Setenv("WEED_ADMIN_READONLY_PASSWORD", "env-ro-secret")
applyMiniAdminCredentialFallback(options)
checks := []struct {
name string
got string
want string
}{
{"adminUser", *options.adminUser, "env-admin"},
{"adminPassword", *options.adminPassword, "env-secret"},
{"readOnlyUser", *options.readOnlyUser, "env-ro"},
{"readOnlyPassword", *options.readOnlyPassword, "env-ro-secret"},
}
for _, c := range checks {
if c.got != c.want {
t.Errorf("%s = %q, want %q", c.name, c.got, c.want)
}
}
}