vitalif
/
etcd
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix review 

Signed-off-by: Marcondes Viana <marju10@gmail.com>
storage-doc
Marcondes Viana 2023-04-16 17:40:33 -03:00
parent 8fb839eac1
commit a1a2f43f2f
1 changed files with 189 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

204
server/etcdserver/txn/txn_test.go
View File

@ -159,7 +159,7 @@ func TestCheckTxnAuth(t *testing.T) {
err error err error
}{ }{
{ {
name: "Out of range compare is unathorized", name: "Out of range compare is unauthorized",
txnRequest: &pb.TxnRequest{ txnRequest: &pb.TxnRequest{
Compare: []*pb.Compare{ Compare: []*pb.Compare{
{ {
@ -170,6 +170,18 @@ func TestCheckTxnAuth(t *testing.T) {
}, },
err: auth.ErrPermissionDenied, err: auth.ErrPermissionDenied,
}, },
{
name: "In range compare is authorized",
txnRequest: &pb.TxnRequest{
Compare: []*pb.Compare{
{
Key: []byte("foo"),
},
},
Success: []*pb.RequestOp{},
},
err: nil,
},
{ {
name: "Nil request range is always authorized", name: "Nil request range is always authorized",
txnRequest: &pb.TxnRequest{ txnRequest: &pb.TxnRequest{
@ -184,7 +196,7 @@ func TestCheckTxnAuth(t *testing.T) {
err: nil, err: nil,
}, },
{ {
name: "Range request in range is authorised", name: "Range request in range is authorized",
txnRequest: &pb.TxnRequest{ txnRequest: &pb.TxnRequest{
Success: []*pb.RequestOp{ Success: []*pb.RequestOp{
{ {
@ -196,11 +208,21 @@ func TestCheckTxnAuth(t *testing.T) {
}, },
}, },
}, },
Failure: []*pb.RequestOp{
{
Request: &pb.RequestOp_RequestRange{
RequestRange: &pb.RangeRequest{
Key: []byte("foo"),
RangeEnd: []byte("zoo"),
},
},
},
},
}, },
err: nil, err: nil,
}, },
{ {
name: "Range request out of range is unauthorized", name: "Range request out of range success case is unauthorized",
txnRequest: &pb.TxnRequest{ txnRequest: &pb.TxnRequest{
Success: []*pb.RequestOp{ Success: []*pb.RequestOp{
{ {
@ -212,11 +234,47 @@ func TestCheckTxnAuth(t *testing.T) {
}, },
}, },
}, },
Failure: []*pb.RequestOp{
{
Request: &pb.RequestOp_RequestRange{
RequestRange: &pb.RangeRequest{
Key: []byte("foo"),
RangeEnd: []byte("zoo"),
},
},
},
},
},
err: auth.ErrPermissionDenied,
},
{
name: "Range request out of range failure case is unauthorized",
txnRequest: &pb.TxnRequest{
Success: []*pb.RequestOp{
{
Request: &pb.RequestOp_RequestRange{
RequestRange: &pb.RangeRequest{
Key: []byte("foo"),
RangeEnd: []byte("zoo"),
},
},
},
},
Failure: []*pb.RequestOp{
{
Request: &pb.RequestOp_RequestRange{
RequestRange: &pb.RangeRequest{
Key: []byte("boo"),
RangeEnd: []byte("zoo"),
},
},
},
},
}, },
err: auth.ErrPermissionDenied, err: auth.ErrPermissionDenied,
}, },
{ {
name: "Nil Put request is authorized", name: "Nil Put request is always authorized",
txnRequest: &pb.TxnRequest{ txnRequest: &pb.TxnRequest{
Success: []*pb.RequestOp{ Success: []*pb.RequestOp{
{ {
@ -240,11 +298,20 @@ func TestCheckTxnAuth(t *testing.T) {
}, },
}, },
}, },
Failure: []*pb.RequestOp{
{
Request: &pb.RequestOp_RequestPut{
RequestPut: &pb.PutRequest{
Key: []byte("foo"),
},
},
},
},
}, },
err: nil, err: nil,
}, },
{ {
name: "Put request out of range is unauthorized", name: "Put request out of range success case is unauthorized",
txnRequest: &pb.TxnRequest{ txnRequest: &pb.TxnRequest{
Success: []*pb.RequestOp{ Success: []*pb.RequestOp{
{ {
@ -255,6 +322,39 @@ func TestCheckTxnAuth(t *testing.T) {
}, },
}, },
}, },
Failure: []*pb.RequestOp{
{
Request: &pb.RequestOp_RequestPut{
RequestPut: &pb.PutRequest{
Key: []byte("foo"),
},
},
},
},
},
err: auth.ErrPermissionDenied,
},
{
name: "Put request out of range failure case is unauthorized",
txnRequest: &pb.TxnRequest{
Success: []*pb.RequestOp{
{
Request: &pb.RequestOp_RequestPut{
RequestPut: &pb.PutRequest{
Key: []byte("foo"),
},
},
},
},
Failure: []*pb.RequestOp{
{
Request: &pb.RequestOp_RequestPut{
RequestPut: &pb.PutRequest{
Key: []byte("boo"),
},
},
},
},
}, },
err: auth.ErrPermissionDenied, err: auth.ErrPermissionDenied,
}, },
@ -272,14 +372,20 @@ func TestCheckTxnAuth(t *testing.T) {
err: nil, err: nil,
}, },
{ {
name: "Authorize delete range in range compare and rerquest", name: "Delete range request in range is authorized",
txnRequest: &pb.TxnRequest{ txnRequest: &pb.TxnRequest{
Compare: []*pb.Compare{ Success: []*pb.RequestOp{
{ {
Key: []byte("foo"), Request: &pb.RequestOp_RequestDeleteRange{
RequestDeleteRange: &pb.DeleteRangeRequest{
Key: []byte("foo"),
RangeEnd: []byte("zoo"),
PrevKv: true,
},
},
}, },
}, },
Success: []*pb.RequestOp{ Failure: []*pb.RequestOp{
{ {
Request: &pb.RequestOp_RequestDeleteRange{ Request: &pb.RequestOp_RequestDeleteRange{
RequestDeleteRange: &pb.DeleteRangeRequest{ RequestDeleteRange: &pb.DeleteRangeRequest{
@ -294,14 +400,48 @@ func TestCheckTxnAuth(t *testing.T) {
err: nil, err: nil,
}, },
{ {
name: "Unauthorize delete range out of range keys", name: "Delete range request out of range success case is unauthorized",
txnRequest: &pb.TxnRequest{ txnRequest: &pb.TxnRequest{
Compare: []*pb.Compare{ Success: []*pb.RequestOp{
{ {
Key: []byte("foo"), Request: &pb.RequestOp_RequestDeleteRange{
RequestDeleteRange: &pb.DeleteRangeRequest{
Key: []byte("boo"),
RangeEnd: []byte("zoo"),
PrevKv: true,
},
},
}, },
}, },
Failure: []*pb.RequestOp{
{
Request: &pb.RequestOp_RequestDeleteRange{
RequestDeleteRange: &pb.DeleteRangeRequest{
Key: []byte("foo"),
RangeEnd: []byte("zoo"),
PrevKv: true,
},
},
},
},
},
err: auth.ErrPermissionDenied,
},
{
name: "Delete range request out of range failure case is unauthorized",
txnRequest: &pb.TxnRequest{
Success: []*pb.RequestOp{ Success: []*pb.RequestOp{
{
Request: &pb.RequestOp_RequestDeleteRange{
RequestDeleteRange: &pb.DeleteRangeRequest{
Key: []byte("foo"),
RangeEnd: []byte("zoo"),
PrevKv: true,
},
},
},
},
Failure: []*pb.RequestOp{
{ {
Request: &pb.RequestOp_RequestDeleteRange{ Request: &pb.RequestOp_RequestDeleteRange{
RequestDeleteRange: &pb.DeleteRangeRequest{ RequestDeleteRange: &pb.DeleteRangeRequest{
@ -316,14 +456,48 @@ func TestCheckTxnAuth(t *testing.T) {
err: auth.ErrPermissionDenied, err: auth.ErrPermissionDenied,
}, },
{ {
name: "Unauthorize delete range out of range keys and PrevKv false", name: "Delete range request out of range and PrevKv false success case is unauthorized",
txnRequest: &pb.TxnRequest{ txnRequest: &pb.TxnRequest{
Compare: []*pb.Compare{ Success: []*pb.RequestOp{
{ {
Key: []byte("foo"), Request: &pb.RequestOp_RequestDeleteRange{
RequestDeleteRange: &pb.DeleteRangeRequest{
Key: []byte("boo"),
RangeEnd: []byte("zoo"),
PrevKv: false,
},
},
}, },
}, },
Failure: []*pb.RequestOp{
{
Request: &pb.RequestOp_RequestDeleteRange{
RequestDeleteRange: &pb.DeleteRangeRequest{
Key: []byte("foo"),
RangeEnd: []byte("zoo"),
PrevKv: true,
},
},
},
},
},
err: auth.ErrPermissionDenied,
},
{
name: "Delete range request out of range and PrevKv false failure case is unauthorized",
txnRequest: &pb.TxnRequest{
Success: []*pb.RequestOp{ Success: []*pb.RequestOp{
{
Request: &pb.RequestOp_RequestDeleteRange{
RequestDeleteRange: &pb.DeleteRangeRequest{
Key: []byte("foo"),
RangeEnd: []byte("zoo"),
PrevKv: true,
},
},
},
},
Failure: []*pb.RequestOp{
{ {
Request: &pb.RequestOp_RequestDeleteRange{ Request: &pb.RequestOp_RequestDeleteRange{
RequestDeleteRange: &pb.DeleteRangeRequest{ RequestDeleteRange: &pb.DeleteRangeRequest{