Xiang Li
GitHub
commit
8e9097d0c0
|
|
@ -184,6 +184,10 @@ func (as *authStore) AuthDisable() {
|
|||
as.enabled = false
|
||||
as.enabledMu.Unlock()
|
||||
|
||||
as.simpleTokensMu.Lock()
|
||||
as.simpleTokens = make(map[string]string) // invalidate all tokens
|
||||
as.simpleTokensMu.Unlock()
|
||||
|
||||
plog.Noticef("Authentication disabled")
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -52,9 +52,44 @@ func ctlV3AuthEnable(cx ctlCtx) error {
|
|||
}
|
||||
|
||||
func authDisableTest(cx ctlCtx) {
|
||||
// a key that isn't granted to test-user
|
||||
if err := ctlV3Put(cx, "hoo", "a", ""); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
|
||||
if err := authEnable(cx); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
|
||||
cx.user, cx.pass = "root", "root"
|
||||
authSetupTestUser(cx)
|
||||
|
||||
// test-user doesn't have the permission, it must fail
|
||||
cx.user, cx.pass = "test-user", "pass"
|
||||
if err := ctlV3PutFailPerm(cx, "hoo", "bar"); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
|
||||
cx.user, cx.pass = "root", "root"
|
||||
if err := ctlV3AuthDisable(cx); err != nil {
|
||||
cx.t.Fatalf("authDisableTest ctlV3AuthDisable error (%v)", err)
|
||||
}
|
||||
|
||||
// now auth fails unconditionally, note that failed RPC is Authenticate(), not Put()
|
||||
cx.user, cx.pass = "test-user", "pass"
|
||||
if err := ctlV3PutFailAuthDisabled(cx, "hoo", "bar"); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
|
||||
// now the key can be accessed
|
||||
cx.user, cx.pass = "", ""
|
||||
if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
// confirm put succeeded
|
||||
if err := ctlV3Get(cx, []string{"hoo"}, []kv{{"hoo", "bar"}}...); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
func ctlV3AuthDisable(cx ctlCtx) error {
|
||||
|
|
@ -282,6 +317,10 @@ func ctlV3PutFailPerm(cx ctlCtx, key, val string) error {
|
|||
return spawnWithExpect(append(cx.PrefixArgs(), "put", key, val), "permission denied")
|
||||
}
|
||||
|
||||
func ctlV3PutFailAuthDisabled(cx ctlCtx, key, val string) error {
|
||||
return spawnWithExpect(append(cx.PrefixArgs(), "put", key, val), "authentication is not enabled")
|
||||
}
|
||||
|
||||
func ctlV3GetFailPerm(cx ctlCtx, key string) error {
|
||||
return spawnWithExpect(append(cx.PrefixArgs(), "get", key), "permission denied")
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue