e2e: test auth enabled with CN name cert
parent
1d37154793
commit
f308a27e91
|
@ -280,6 +280,42 @@ func TestCtlV2Backup(t *testing.T) { // For https://github.com/coreos/etcd/issue
|
|||
}
|
||||
}
|
||||
|
||||
func TestCtlV2AuthWithCommonName(t *testing.T) {
|
||||
defer testutil.AfterTest(t)
|
||||
|
||||
copiedCfg := configClientTLS
|
||||
copiedCfg.clientCertAuthEnabled = true
|
||||
|
||||
epc := setupEtcdctlTest(t, &copiedCfg, false)
|
||||
defer func() {
|
||||
if err := epc.Close(); err != nil {
|
||||
t.Fatalf("error closing etcd processes (%v)", err)
|
||||
}
|
||||
}()
|
||||
|
||||
if err := etcdctlRoleAdd(epc, "testrole"); err != nil {
|
||||
t.Fatalf("failed to add role (%v)", err)
|
||||
}
|
||||
if err := etcdctlRoleGrant(epc, "testrole", "--rw", "--path=/foo"); err != nil {
|
||||
t.Fatalf("failed to grant role (%v)", err)
|
||||
}
|
||||
if err := etcdctlUserAdd(epc, "root", "123"); err != nil {
|
||||
t.Fatalf("failed to add user (%v)", err)
|
||||
}
|
||||
if err := etcdctlUserAdd(epc, "Autogenerated CA", "123"); err != nil {
|
||||
t.Fatalf("failed to add user (%v)", err)
|
||||
}
|
||||
if err := etcdctlUserGrant(epc, "Autogenerated CA", "testrole"); err != nil {
|
||||
t.Fatalf("failed to grant role (%v)", err)
|
||||
}
|
||||
if err := etcdctlAuthEnable(epc); err != nil {
|
||||
t.Fatalf("failed to enable auth (%v)", err)
|
||||
}
|
||||
if err := etcdctlSet(epc, "foo", "bar"); err != nil {
|
||||
t.Fatalf("failed to write (%v)", err)
|
||||
}
|
||||
}
|
||||
|
||||
func etcdctlPrefixArgs(clus *etcdProcessCluster) []string {
|
||||
endpoints := ""
|
||||
if proxies := clus.proxies(); len(proxies) != 0 {
|
||||
|
@ -352,6 +388,13 @@ func etcdctlRoleAdd(clus *etcdProcessCluster, role string) error {
|
|||
return spawnWithExpect(cmdArgs, role)
|
||||
}
|
||||
|
||||
func etcdctlRoleGrant(clus *etcdProcessCluster, role string, perms ...string) error {
|
||||
cmdArgs := append(etcdctlPrefixArgs(clus), "role", "grant")
|
||||
cmdArgs = append(cmdArgs, perms...)
|
||||
cmdArgs = append(cmdArgs, role)
|
||||
return spawnWithExpect(cmdArgs, role)
|
||||
}
|
||||
|
||||
func etcdctlRoleList(clus *etcdProcessCluster, expectedRole string) error {
|
||||
cmdArgs := append(etcdctlPrefixArgs(clus), "role", "list")
|
||||
return spawnWithExpect(cmdArgs, expectedRole)
|
||||
|
|
|
@ -149,13 +149,14 @@ type etcdProcessClusterConfig struct {
|
|||
|
||||
snapCount int // default is 10000
|
||||
|
||||
clientTLS clientConnType
|
||||
isPeerTLS bool
|
||||
isPeerAutoTLS bool
|
||||
isClientAutoTLS bool
|
||||
forceNewCluster bool
|
||||
initialToken string
|
||||
quotaBackendBytes int64
|
||||
clientTLS clientConnType
|
||||
clientCertAuthEnabled bool
|
||||
isPeerTLS bool
|
||||
isPeerAutoTLS bool
|
||||
isClientAutoTLS bool
|
||||
forceNewCluster bool
|
||||
initialToken string
|
||||
quotaBackendBytes int64
|
||||
}
|
||||
|
||||
// newEtcdProcessCluster launches a new cluster from etcd processes, returning
|
||||
|
@ -325,6 +326,10 @@ func (cfg *etcdProcessClusterConfig) tlsArgs() (args []string) {
|
|||
"--ca-file", caPath,
|
||||
}
|
||||
args = append(args, tlsClientArgs...)
|
||||
|
||||
if cfg.clientCertAuthEnabled {
|
||||
args = append(args, "--client-cert-auth")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue