feat: i guess it works locally

Author: florianow

seaweedfs.tf

@@ -1,3 +1,12 @@
+data "kubernetes_service" "bunkerweb_external" {
+  metadata {
+    name      = "bunkerweb-external"
+    namespace = var.namespace
+  }
+
+  depends_on = [helm_release.bunkerweb]
+}
+
 resource "kubernetes_secret" "seaweedfs_iam" {
   metadata {
     name      = "seaweedfs-iam-config"
@@ -187,6 +196,11 @@ resource "kubernetes_deployment" "seaweedfs" {
           ]
         }
 
+        host_aliases {
+          ip        = data.kubernetes_service.bunkerweb_external.spec[0].cluster_ip
+          hostnames = [var.keycloak_domain, var.seaweedfs_domain]
+        }
+
         container {
           name  = "seaweedfs"
           image = var.seaweedfs_image

test-s3.sh

@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ENDPOINT="http://localhost:18333"
+BUNKERWEB="http://localhost:8080"
+
+CLIENT_SECRET=$(kubectl get secret keycloak-credentials -o jsonpath='{.data.client-secret}' | base64 -d)
+echo "Got client secret"
+
+ID_TOKEN=$(curl -s -X POST \
+  -H "Host: auth.localhost" \
+  "$BUNKERWEB/realms/seaweedfs/protocol/openid-connect/token" \
+  -d "grant_type=password" \
+  -d "client_id=seaweedfs-client" \
+  -d "client_secret=$CLIENT_SECRET" \
+  -d "username=testuser" \
+  -d "password=password" \
+  -d "scope=openid" | jq -r '.id_token')
+
+if [ "$ID_TOKEN" = "null" ] || [ -z "$ID_TOKEN" ]; then
+  echo "ERROR: Failed to get ID token"
+  exit 1
+fi
+echo "Got ID token"
+
+STS_RESULT=$(curl -s "$BUNKERWEB" \
+  -H "Host: s3.localhost" \
+  --data-urlencode "Action=AssumeRoleWithWebIdentity" \
+  --data-urlencode "WebIdentityToken=$ID_TOKEN" \
+  --data-urlencode "RoleArn=arn:aws:iam::role/S3WriteRole" \
+  --data-urlencode "RoleSessionName=testuser-session" \
+  --data-urlencode "Version=2011-06-15")
+
+export AWS_ACCESS_KEY_ID=$(echo "$STS_RESULT" | xmllint --xpath '//*[local-name()="AccessKeyId"]/text()' -)
+export AWS_SECRET_ACCESS_KEY=$(echo "$STS_RESULT" | xmllint --xpath '//*[local-name()="SecretAccessKey"]/text()' -)
+export AWS_SESSION_TOKEN=$(echo "$STS_RESULT" | xmllint --xpath '//*[local-name()="SessionToken"]/text()' -)
+echo "Got STS credentials (AccessKeyId: $AWS_ACCESS_KEY_ID)"
+
+echo ""
+echo "=== List buckets ==="
+aws --endpoint-url "$ENDPOINT" s3 ls
+
+BUCKET="test-bucket-$(date +%s)"
+echo ""
+echo "=== Create bucket: $BUCKET ==="
+aws --endpoint-url "$ENDPOINT" s3 mb "s3://$BUCKET"
+
+echo "hello from SeaweedFS STS test" > /tmp/seaweed-test.txt
+echo ""
+echo "=== Upload file ==="
+aws --endpoint-url "$ENDPOINT" s3 cp /tmp/seaweed-test.txt "s3://$BUCKET/test.txt"
+
+echo ""
+echo "=== List bucket contents ==="
+aws --endpoint-url "$ENDPOINT" s3 ls "s3://$BUCKET/"
+
+echo ""
+echo "=== Download file ==="
+aws --endpoint-url "$ENDPOINT" s3 cp "s3://$BUCKET/test.txt" /tmp/seaweed-download.txt
+echo "Downloaded content: $(cat /tmp/seaweed-download.txt)"
+
+echo ""
+echo "=== Delete file ==="
+aws --endpoint-url "$ENDPOINT" s3 rm "s3://$BUCKET/test.txt"
+
+echo ""
+echo "=== Delete bucket ==="
+aws --endpoint-url "$ENDPOINT" s3 rb "s3://$BUCKET"
+
+echo ""
+echo "All tests passed!"