-
Notifications
You must be signed in to change notification settings - Fork 9.6k
/
ctl_v3_auth_cluster_test.go
109 lines (93 loc) · 3.4 KB
/
ctl_v3_auth_cluster_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
package e2e
import (
"context"
"fmt"
"testing"
"time"
"github.com/stretchr/testify/assert"
clientv3 "go.etcd.io/etcd/client/v3"
"go.etcd.io/etcd/tests/v3/framework/config"
"go.etcd.io/etcd/tests/v3/framework/e2e"
)
func TestAuthCluster(t *testing.T) {
e2e.BeforeTest(t)
cfg := &e2e.EtcdProcessClusterConfig{
ClusterSize: 1,
InitialToken: "new",
SnapshotCount: 2,
}
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
epc, err := e2e.NewEtcdProcessCluster(ctx, t, cfg)
if err != nil {
t.Fatalf("could not start etcd process cluster (%v)", err)
}
defer func() {
if err := epc.Close(); err != nil {
t.Fatalf("could not close test cluster (%v)", err)
}
}()
epcClient := epc.Client()
createUsers(ctx, t, epcClient)
if err := epcClient.AuthEnable(ctx); err != nil {
t.Fatalf("could not enable Auth: (%v)", err)
}
testUserClientOpts := e2e.WithAuth("test", "testPassword")
rootUserClientOpts := e2e.WithAuth("root", "rootPassword")
// write more than SnapshotCount keys to single leader to make sure snapshot is created
for i := 0; i <= 10; i++ {
if err := epc.Client(testUserClientOpts).Put(ctx, fmt.Sprintf("/test/%d", i), "test", config.PutOptions{}); err != nil {
t.Fatalf("failed to Put (%v)", err)
}
}
// start second process
if err := epc.StartNewProc(ctx, t, rootUserClientOpts); err != nil {
t.Fatalf("could not start second etcd process (%v)", err)
}
// make sure writes to both endpoints are successful
endpoints := epc.EndpointsV3()
assert.Equal(t, len(endpoints), 2)
for _, endpoint := range epc.EndpointsV3() {
if err := epc.Client(testUserClientOpts, e2e.WithEndpoints([]string{endpoint})).Put(ctx, "/test/key", endpoint, config.PutOptions{}); err != nil {
t.Fatalf("failed to write to Put to %q (%v)", endpoint, err)
}
}
// verify all nodes have exact same revision and hash
assert.Eventually(t, func() bool {
hashKvs, err := epc.Client(rootUserClientOpts).HashKV(ctx, 0)
if err != nil {
t.Errorf("failed to get HashKV: %v", err)
return false
}
assert.Equal(t, 2, len(hashKvs))
if hashKvs[0].Header.Revision != hashKvs[1].Header.Revision {
t.Errorf("The two members' revision (%d, %d) are not equal", hashKvs[0].Header.Revision, hashKvs[1].Header.Revision)
return false
}
assert.Equal(t, hashKvs[0].Hash, hashKvs[1].Hash)
return true
}, time.Second*5, time.Millisecond*100)
}
func createUsers(ctx context.Context, t *testing.T, client *e2e.EtcdctlV3) {
if _, err := client.UserAdd(ctx, "root", "rootPassword", config.UserAddOptions{}); err != nil {
t.Fatalf("could not add root user (%v)", err)
}
if _, err := client.RoleAdd(ctx, "root"); err != nil {
t.Fatalf("could not create 'root' role (%v)", err)
}
if _, err := client.UserGrantRole(ctx, "root", "root"); err != nil {
t.Fatalf("could not grant root role to root user (%v)", err)
}
if _, err := client.RoleAdd(ctx, "test"); err != nil {
t.Fatalf("could not create 'test' role (%v)", err)
}
if _, err := client.RoleGrantPermission(ctx, "test", "/test/", "/test0", clientv3.PermissionType(clientv3.PermReadWrite)); err != nil {
t.Fatalf("could not RoleGrantPermission (%v)", err)
}
if _, err := client.UserAdd(ctx, "test", "testPassword", config.UserAddOptions{}); err != nil {
t.Fatalf("could not add user test (%v)", err)
}
if _, err := client.UserGrantRole(ctx, "test", "test"); err != nil {
t.Fatalf("could not grant test role user (%v)", err)
}
}