e2e: test auth is respected for Puts
parent
b3a0b0502c
commit
1e22137a9a
|
@ -14,24 +14,33 @@
|
|||
|
||||
package e2e
|
||||
|
||||
import "testing"
|
||||
import (
|
||||
"fmt"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestCtlV3AuthEnable(t *testing.T) { testCtl(t, authEnableTest) }
|
||||
func TestCtlV3AuthDisable(t *testing.T) { testCtl(t, authDisableTest) }
|
||||
func TestCtlV3AuthEnable(t *testing.T) { testCtl(t, authEnableTest) }
|
||||
func TestCtlV3AuthDisable(t *testing.T) { testCtl(t, authDisableTest) }
|
||||
func TestCtlV3AuthWriteKey(t *testing.T) { testCtl(t, authCredWriteKeyTest) }
|
||||
|
||||
func authEnableTest(cx ctlCtx) {
|
||||
if err := authEnable(cx); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func authEnable(cx ctlCtx) error {
|
||||
// create root user with root role
|
||||
if err := ctlV3User(cx, []string{"add", "root", "--interactive=false"}, "User root created", []string{"root"}); err != nil {
|
||||
cx.t.Fatalf("failed to create root user %v", err)
|
||||
return fmt.Errorf("failed to create root user %v", err)
|
||||
}
|
||||
|
||||
if err := ctlV3User(cx, []string{"grant-role", "root", "root"}, "Role root is granted to user root", nil); err != nil {
|
||||
cx.t.Fatalf("failed to grant root user root role %v", err)
|
||||
return fmt.Errorf("failed to grant root user root role %v", err)
|
||||
}
|
||||
|
||||
if err := ctlV3AuthEnable(cx); err != nil {
|
||||
cx.t.Fatalf("authEnableTest ctlV3AuthEnable error (%v)", err)
|
||||
return fmt.Errorf("authEnableTest ctlV3AuthEnable error (%v)", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func ctlV3AuthEnable(cx ctlCtx) error {
|
||||
|
@ -49,3 +58,85 @@ func ctlV3AuthDisable(cx ctlCtx) error {
|
|||
cmdArgs := append(cx.PrefixArgs(), "auth", "disable")
|
||||
return spawnWithExpect(cmdArgs, "Authentication Disabled")
|
||||
}
|
||||
|
||||
func authCredWriteKeyTest(cx ctlCtx) {
|
||||
// baseline key to check for failed puts
|
||||
if err := ctlV3Put(cx, "foo", "a", ""); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
|
||||
if err := authEnable(cx); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
|
||||
cx.user, cx.pass = "root", "root"
|
||||
authSetupTestUser(cx)
|
||||
|
||||
// confirm root role doesn't grant access to all keys
|
||||
if err := ctlV3PutFailPerm(cx, "foo", "bar"); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
if err := ctlV3GetFailPerm(cx, "foo"); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
|
||||
// try invalid user
|
||||
cx.user, cx.pass = "a", "b"
|
||||
if err := ctlV3PutFailAuth(cx, "foo", "bar"); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
// confirm put failed
|
||||
cx.user, cx.pass = "test-user", "pass"
|
||||
if err := ctlV3Get(cx, []string{"foo"}, []kv{{"foo", "a"}}...); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
|
||||
// try good user
|
||||
cx.user, cx.pass = "test-user", "pass"
|
||||
if err := ctlV3Put(cx, "foo", "bar", ""); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
// confirm put succeeded
|
||||
if err := ctlV3Get(cx, []string{"foo"}, []kv{{"foo", "bar"}}...); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
|
||||
// try bad password
|
||||
cx.user, cx.pass = "test-user", "badpass"
|
||||
if err := ctlV3PutFailAuth(cx, "foo", "baz"); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
// confirm put failed
|
||||
cx.user, cx.pass = "test-user", "pass"
|
||||
if err := ctlV3Get(cx, []string{"foo"}, []kv{{"foo", "bar"}}...); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func ctlV3PutFailAuth(cx ctlCtx, key, val string) error {
|
||||
return spawnWithExpect(append(cx.PrefixArgs(), "put", key, val), "authentication failed")
|
||||
}
|
||||
|
||||
func ctlV3PutFailPerm(cx ctlCtx, key, val string) error {
|
||||
return spawnWithExpect(append(cx.PrefixArgs(), "put", key, val), "permission denied")
|
||||
}
|
||||
|
||||
func ctlV3GetFailPerm(cx ctlCtx, key string) error {
|
||||
return spawnWithExpect(append(cx.PrefixArgs(), "get", key), "permission denied")
|
||||
}
|
||||
|
||||
func authSetupTestUser(cx ctlCtx) {
|
||||
if err := ctlV3User(cx, []string{"add", "test-user", "--interactive=false"}, "User test-user created", []string{"pass"}); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
if err := spawnWithExpect(append(cx.PrefixArgs(), "role", "add", "test-role"), "Role test-role created"); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
if err := ctlV3User(cx, []string{"grant-role", "test-user", "test-role"}, "Role test-role is granted to user test-user", nil); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
cmd := append(cx.PrefixArgs(), "role", "grant-permission", "test-role", "readwrite", "foo")
|
||||
if err := spawnWithExpect(cmd, "Role test-role updated"); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -48,6 +48,9 @@ type ctlCtx struct {
|
|||
|
||||
quorum bool // if true, set up 3-node cluster and linearizable read
|
||||
interactive bool
|
||||
|
||||
user string
|
||||
pass string
|
||||
}
|
||||
|
||||
type ctlOption func(*ctlCtx)
|
||||
|
@ -147,6 +150,10 @@ func (cx *ctlCtx) PrefixArgs() []string {
|
|||
}
|
||||
}
|
||||
|
||||
if cx.user != "" {
|
||||
cmdArgs = append(cmdArgs, "--user="+cx.user+":"+cx.pass)
|
||||
}
|
||||
|
||||
return cmdArgs
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue