e2e: add a test case of JWT token expiration

2017-10-11 11:50:10 +09:00 · 2017-10-11 11:50:10 +09:00 · 2a54e32819
parent 8fd01f56d6
commit 2a54e32819
2 changed files with 34 additions and 0 deletions
--- a/e2e/cluster_test.go
+++ b/e2e/cluster_test.go
@ -78,6 +78,11 @@ var (
 		initialToken:          "new",
 		clientCertAuthEnabled: true,
 	}
+	configJWT = etcdProcessClusterConfig{
+		clusterSize:   1,
+		initialToken:  "new",
+		authTokenOpts: "jwt,pub-key=../integration/fixtures/server.crt,priv-key=../integration/fixtures/server.key.insecure,sign-method=RS256,ttl=1s",
+	}
 )

 func configStandalone(cfg etcdProcessClusterConfig) *etcdProcessClusterConfig {
@ -117,6 +122,7 @@ type etcdProcessClusterConfig struct {
 	quotaBackendBytes   int64
 	noStrictReconfig    bool
 	initialCorruptCheck bool
+	authTokenOpts       string
 }

 // newEtcdProcessCluster launches a new cluster from etcd processes, returning
@ -238,6 +244,11 @@ func (cfg *etcdProcessClusterConfig) etcdServerProcessConfigs() []*etcdServerPro
 		}

 		args = append(args, cfg.tlsArgs()...)
+
+		if cfg.authTokenOpts != "" {
+			args = append(args, "--auth-token", cfg.authTokenOpts)
+		}
+
 		etcdCfgs[i] = &etcdServerProcessConfig{
 			execPath:     cfg.execPath,
 			args:         args,
--- a/e2e/ctl_v3_auth_test.go
+++ b/e2e/ctl_v3_auth_test.go
@ -18,6 +18,7 @@ import (
 	"fmt"
 	"os"
 	"testing"
+	"time"

 	"github.com/coreos/etcd/clientv3"
 )
@ -58,6 +59,7 @@ func TestCtlV3AuthSnapshot(t *testing.T) { testCtl(t, authTestSnapshot) }
 func TestCtlV3AuthCertCNAndUsername(t *testing.T) {
 	testCtl(t, authTestCertCNAndUsername, withCfg(configClientTLSCertAuth))
 }
+func TestCtlV3AuthJWTExpire(t *testing.T) { testCtl(t, authTestJWTExpire, withCfg(configJWT)) }

 func authEnableTest(cx ctlCtx) {
 	if err := authEnable(cx); err != nil {
@ -1073,3 +1075,24 @@ func authTestCertCNAndUsername(cx ctlCtx) {
 		cx.t.Error(err)
 	}
 }
+
+func authTestJWTExpire(cx ctlCtx) {
+	if err := authEnable(cx); err != nil {
+		cx.t.Fatal(err)
+	}
+
+	cx.user, cx.pass = "root", "root"
+	authSetupTestUser(cx)
+
+	// try a granted key
+	if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
+		cx.t.Error(err)
+	}
+
+	// wait an expiration of my JWT token
+	<-time.After(3 * time.Second)
+
+	if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
+		cx.t.Error(err)
+	}
+}