mirror of
https://github.com/seaweedfs/seaweedfs.git
synced 2026-06-09 18:32:43 +00:00
53342c9ba6
* mini: resolve admin credentials from security.toml and env vars weed mini started the admin UI without resolving admin.user/admin.password (and the read-only pair) from security.toml [admin] or WEED_ADMIN_* env vars, so the only way to protect the UI was the -admin.password flag. The standalone weed admin command applies these fallbacks in runAdmin via applyViperFallback; the mini path calls startAdminServer directly and skipped it, leaving authRequired false and the UI unauthenticated. * mini: load admin.toml maintenance settings The mini admin path runs ApplyMaintenanceConfigFromToml (via startAdminServer) against the global viper, but runMini never merged admin.toml, so file-based maintenance task settings ([maintenance.vacuum], .balance, .erasure_coding) were ignored under mini while the standalone weed admin honored them. Load it alongside master/volume config. * mini: support -admin.urlPrefix for the admin UI Expose the reverse-proxy subdirectory prefix that the standalone weed admin already supports, so the mini admin UI can run under e.g. /seaweedfs. The prefix is normalized the same way and passed through to startAdminServer.
42 lines
1.4 KiB
Go
42 lines
1.4 KiB
Go
package command
|
|
|
|
import "testing"
|
|
|
|
// weed mini must resolve admin credentials from security.toml [admin] /
|
|
// WEED_ADMIN_* env vars the same way the standalone `weed admin` command does.
|
|
// This exercises the production fallback so the flag-name -> viper-key mapping
|
|
// stays correct, in particular the read-only keys where the mini flag
|
|
// (admin.readOnlyUser) and viper key (admin.readonly.user) differ.
|
|
func TestApplyMiniAdminCredentialFallbackFromEnv(t *testing.T) {
|
|
adminUser, adminPassword, readOnlyUser, readOnlyPassword := "admin", "", "", ""
|
|
options := &AdminOptions{
|
|
adminUser: &adminUser,
|
|
adminPassword: &adminPassword,
|
|
readOnlyUser: &readOnlyUser,
|
|
readOnlyPassword: &readOnlyPassword,
|
|
}
|
|
|
|
t.Setenv("WEED_ADMIN_USER", "env-admin")
|
|
t.Setenv("WEED_ADMIN_PASSWORD", "env-secret")
|
|
t.Setenv("WEED_ADMIN_READONLY_USER", "env-ro")
|
|
t.Setenv("WEED_ADMIN_READONLY_PASSWORD", "env-ro-secret")
|
|
|
|
applyMiniAdminCredentialFallback(options)
|
|
|
|
checks := []struct {
|
|
name string
|
|
got string
|
|
want string
|
|
}{
|
|
{"adminUser", *options.adminUser, "env-admin"},
|
|
{"adminPassword", *options.adminPassword, "env-secret"},
|
|
{"readOnlyUser", *options.readOnlyUser, "env-ro"},
|
|
{"readOnlyPassword", *options.readOnlyPassword, "env-ro-secret"},
|
|
}
|
|
for _, c := range checks {
|
|
if c.got != c.want {
|
|
t.Errorf("%s = %q, want %q", c.name, c.got, c.want)
|
|
}
|
|
}
|
|
}
|