add more tests

Signed-off-by: lhy1024 <admin@liudos.us>
etcd-io · May 23, 2024 · 1681c7a · 1681c7a
1 parent 452059f
commit 1681c7a
Showing 1 changed file with 173 additions and 173 deletions.
diff --git a/tests/e2e/etcd_config_test.go b/tests/e2e/etcd_config_test.go
@@ -198,179 +198,179 @@ func TestEtcdPeerCNAuth(t *testing.T) {
 	}
 }
 
-// // TestEtcdPeerMultiCNAuth checks that the inter peer auth based on CN of cert is working correctly
-// // when there are multiple allowed values for the CN.
-// func TestEtcdPeerMultiCNAuth(t *testing.T) {
-// 	e2e.SkipInShortMode(t)
-
-// 	peers, tmpdirs := make([]string, 3), make([]string, 3)
-// 	for i := range peers {
-// 		peers[i] = fmt.Sprintf("e%d=https://127.0.0.1:%d", i, e2e.EtcdProcessBasePort+i)
-// 		d, err := os.MkdirTemp("", fmt.Sprintf("e%d.etcd", i))
-// 		if err != nil {
-// 			t.Fatal(err)
-// 		}
-// 		tmpdirs[i] = d
-// 	}
-// 	ic := strings.Join(peers, ",")
-
-// 	procs := make([]*expect.ExpectProcess, len(peers))
-// 	defer func() {
-// 		for i := range procs {
-// 			if procs[i] != nil {
-// 				procs[i].Stop()
-// 			}
-// 			os.RemoveAll(tmpdirs[i])
-// 		}
-// 	}()
-
-// 	// all nodes have unique certs with different CNs
-// 	// node 0 and 1 have a cert with one of the correct CNs, node 2 doesn't
-// 	for i := range procs {
-// 		commonArgs := []string{
-// 			e2e.BinPath.Etcd,
-// 			"--name", fmt.Sprintf("e%d", i),
-// 			"--listen-client-urls", "http://0.0.0.0:0",
-// 			"--data-dir", tmpdirs[i],
-// 			"--advertise-client-urls", "http://0.0.0.0:0",
-// 			"--listen-peer-urls", fmt.Sprintf("https://127.0.0.1:%d,https://127.0.0.1:%d", e2e.EtcdProcessBasePort+i, e2e.EtcdProcessBasePort+len(peers)+i),
-// 			"--initial-advertise-peer-urls", fmt.Sprintf("https://127.0.0.1:%d", e2e.EtcdProcessBasePort+i),
-// 			"--initial-cluster", ic,
-// 		}
-
-// 		var args []string
-// 		switch i {
-// 		case 0:
-// 			args = []string{
-// 				"--peer-cert-file", e2e.CertPath,
-// 				"--peer-key-file", e2e.PrivateKeyPath,
-// 				"--peer-client-cert-file", e2e.CertPath,
-// 				"--peer-client-key-file", e2e.PrivateKeyPath,
-// 				"--peer-trusted-ca-file", e2e.CaPath,
-// 				"--peer-client-cert-auth",
-// 				"--peer-cert-allowed-cn", "example.com,example2.com",
-// 			}
-// 		case 1:
-// 			args = []string{
-// 				"--peer-cert-file", e2e.CertPath2,
-// 				"--peer-key-file", e2e.PrivateKeyPath2,
-// 				"--peer-client-cert-file", e2e.CertPath2,
-// 				"--peer-client-key-file", e2e.PrivateKeyPath2,
-// 				"--peer-trusted-ca-file", e2e.CaPath,
-// 				"--peer-client-cert-auth",
-// 				"--peer-cert-allowed-cn", "example.com,example2.com",
-// 			}
-// 		default:
-// 			args = []string{
-// 				"--peer-cert-file", e2e.CertPath3,
-// 				"--peer-key-file", e2e.PrivateKeyPath3,
-// 				"--peer-client-cert-file", e2e.CertPath3,
-// 				"--peer-client-key-file", e2e.PrivateKeyPath3,
-// 				"--peer-trusted-ca-file", e2e.CaPath,
-// 				"--peer-client-cert-auth",
-// 				"--peer-cert-allowed-cn", "example.com,example2.com",
-// 			}
-// 		}
-
-// 		commonArgs = append(commonArgs, args...)
-
-// 		p, err := e2e.SpawnCmd(commonArgs, nil)
-// 		if err != nil {
-// 			t.Fatal(err)
-// 		}
-// 		procs[i] = p
-// 	}
-
-// 	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
-// 	defer cancel()
-// 	for i, p := range procs {
-// 		var expect []string
-// 		if i <= 1 {
-// 			expect = e2e.EtcdServerReadyLines
-// 		} else {
-// 			expect = []string{"remote error: tls: bad certificate"}
-// 		}
-// 		if err := e2e.WaitReadyExpectProc(ctx, p, expect); err != nil {
-// 			t.Fatal(err)
-// 		}
-// 	}
-// }
-
-// // TestEtcdPeerNameAuth checks that the inter peer auth based on cert name validation is working correctly.
-// func TestEtcdPeerNameAuth(t *testing.T) {
-// 	e2e.SkipInShortMode(t)
-
-// 	peers, tmpdirs := make([]string, 3), make([]string, 3)
-// 	for i := range peers {
-// 		peers[i] = fmt.Sprintf("e%d=https://127.0.0.1:%d", i, e2e.EtcdProcessBasePort+i)
-// 		tmpdirs[i] = t.TempDir()
-// 	}
-// 	ic := strings.Join(peers, ",")
-
-// 	procs := make([]*expect.ExpectProcess, len(peers))
-// 	defer func() {
-// 		for i := range procs {
-// 			if procs[i] != nil {
-// 				procs[i].Stop()
-// 				procs[i].Close()
-// 			}
-// 			os.RemoveAll(tmpdirs[i])
-// 		}
-// 	}()
-
-// 	// node 0 and 1 have a cert with the correct certificate name, node 2 doesn't
-// 	for i := range procs {
-// 		commonArgs := []string{
-// 			e2e.BinPath.Etcd,
-// 			"--name", fmt.Sprintf("e%d", i),
-// 			"--listen-client-urls", "http://0.0.0.0:0",
-// 			"--data-dir", tmpdirs[i],
-// 			"--advertise-client-urls", "http://0.0.0.0:0",
-// 			"--listen-peer-urls", fmt.Sprintf("https://127.0.0.1:%d,https://127.0.0.1:%d", e2e.EtcdProcessBasePort+i, e2e.EtcdProcessBasePort+len(peers)+i),
-// 			"--initial-advertise-peer-urls", fmt.Sprintf("https://127.0.0.1:%d", e2e.EtcdProcessBasePort+i),
-// 			"--initial-cluster", ic,
-// 		}
-
-// 		var args []string
-// 		if i <= 1 {
-// 			args = []string{
-// 				"--peer-cert-file", e2e.CertPath,
-// 				"--peer-key-file", e2e.PrivateKeyPath,
-// 				"--peer-trusted-ca-file", e2e.CaPath,
-// 				"--peer-client-cert-auth",
-// 				"--peer-cert-allowed-hostname", "localhost",
-// 			}
-// 		} else {
-// 			args = []string{
-// 				"--peer-cert-file", e2e.CertPath2,
-// 				"--peer-key-file", e2e.PrivateKeyPath2,
-// 				"--peer-trusted-ca-file", e2e.CaPath,
-// 				"--peer-client-cert-auth",
-// 				"--peer-cert-allowed-hostname", "example2.com",
-// 			}
-// 		}
-
-// 		commonArgs = append(commonArgs, args...)
-
-// 		p, err := e2e.SpawnCmd(commonArgs, nil)
-// 		if err != nil {
-// 			t.Fatal(err)
-// 		}
-// 		procs[i] = p
-// 	}
-
-// 	for i, p := range procs {
-// 		var expect []string
-// 		if i <= 1 {
-// 			expect = e2e.EtcdServerReadyLines
-// 		} else {
-// 			expect = []string{"client certificate authentication failed"}
-// 		}
-// 		if err := e2e.WaitReadyExpectProc(context.TODO(), p, expect); err != nil {
-// 			t.Fatal(err)
-// 		}
-// 	}
-// }
+// TestEtcdPeerMultiCNAuth checks that the inter peer auth based on CN of cert is working correctly
+// when there are multiple allowed values for the CN.
+func TestEtcdPeerMultiCNAuth(t *testing.T) {
+	e2e.SkipInShortMode(t)
+
+	peers, tmpdirs := make([]string, 3), make([]string, 3)
+	for i := range peers {
+		peers[i] = fmt.Sprintf("e%d=https://127.0.0.1:%d", i, e2e.EtcdProcessBasePort+i)
+		d, err := os.MkdirTemp("", fmt.Sprintf("e%d.etcd", i))
+		if err != nil {
+			t.Fatal(err)
+		}
+		tmpdirs[i] = d
+	}
+	ic := strings.Join(peers, ",")
+
+	procs := make([]*expect.ExpectProcess, len(peers))
+	defer func() {
+		for i := range procs {
+			if procs[i] != nil {
+				procs[i].Stop()
+			}
+			os.RemoveAll(tmpdirs[i])
+		}
+	}()
+
+	// all nodes have unique certs with different CNs
+	// node 0 and 1 have a cert with one of the correct CNs, node 2 doesn't
+	for i := range procs {
+		commonArgs := []string{
+			e2e.BinPath.Etcd,
+			"--name", fmt.Sprintf("e%d", i),
+			"--listen-client-urls", "http://0.0.0.0:0",
+			"--data-dir", tmpdirs[i],
+			"--advertise-client-urls", "http://0.0.0.0:0",
+			"--listen-peer-urls", fmt.Sprintf("https://127.0.0.1:%d,https://127.0.0.1:%d", e2e.EtcdProcessBasePort+i, e2e.EtcdProcessBasePort+len(peers)+i),
+			"--initial-advertise-peer-urls", fmt.Sprintf("https://127.0.0.1:%d", e2e.EtcdProcessBasePort+i),
+			"--initial-cluster", ic,
+		}
+
+		var args []string
+		switch i {
+		case 0:
+			args = []string{
+				"--peer-cert-file", e2e.CertPath,
+				"--peer-key-file", e2e.PrivateKeyPath,
+				"--peer-client-cert-file", e2e.CertPath,
+				"--peer-client-key-file", e2e.PrivateKeyPath,
+				"--peer-trusted-ca-file", e2e.CaPath,
+				"--peer-client-cert-auth",
+				"--peer-cert-allowed-cn", "example.com,example2.com",
+			}
+		case 1:
+			args = []string{
+				"--peer-cert-file", e2e.CertPath2,
+				"--peer-key-file", e2e.PrivateKeyPath2,
+				"--peer-client-cert-file", e2e.CertPath2,
+				"--peer-client-key-file", e2e.PrivateKeyPath2,
+				"--peer-trusted-ca-file", e2e.CaPath,
+				"--peer-client-cert-auth",
+				"--peer-cert-allowed-cn", "example.com,example2.com",
+			}
+		default:
+			args = []string{
+				"--peer-cert-file", e2e.CertPath3,
+				"--peer-key-file", e2e.PrivateKeyPath3,
+				"--peer-client-cert-file", e2e.CertPath3,
+				"--peer-client-key-file", e2e.PrivateKeyPath3,
+				"--peer-trusted-ca-file", e2e.CaPath,
+				"--peer-client-cert-auth",
+				"--peer-cert-allowed-cn", "example.com,example2.com",
+			}
+		}
+
+		commonArgs = append(commonArgs, args...)
+
+		p, err := e2e.SpawnCmd(commonArgs, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		procs[i] = p
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
+	defer cancel()
+	for i, p := range procs {
+		var expect []string
+		if i <= 1 {
+			expect = e2e.EtcdServerReadyLines
+		} else {
+			expect = []string{"remote error: tls: bad certificate"}
+		}
+		if err := e2e.WaitReadyExpectProc(ctx, p, expect); err != nil {
+			t.Fatal(err)
+		}
+	}
+}
+
+// TestEtcdPeerNameAuth checks that the inter peer auth based on cert name validation is working correctly.
+func TestEtcdPeerNameAuth(t *testing.T) {
+	e2e.SkipInShortMode(t)
+
+	peers, tmpdirs := make([]string, 3), make([]string, 3)
+	for i := range peers {
+		peers[i] = fmt.Sprintf("e%d=https://127.0.0.1:%d", i, e2e.EtcdProcessBasePort+i)
+		tmpdirs[i] = t.TempDir()
+	}
+	ic := strings.Join(peers, ",")
+
+	procs := make([]*expect.ExpectProcess, len(peers))
+	defer func() {
+		for i := range procs {
+			if procs[i] != nil {
+				procs[i].Stop()
+				procs[i].Close()
+			}
+			os.RemoveAll(tmpdirs[i])
+		}
+	}()
+
+	// node 0 and 1 have a cert with the correct certificate name, node 2 doesn't
+	for i := range procs {
+		commonArgs := []string{
+			e2e.BinPath.Etcd,
+			"--name", fmt.Sprintf("e%d", i),
+			"--listen-client-urls", "http://0.0.0.0:0",
+			"--data-dir", tmpdirs[i],
+			"--advertise-client-urls", "http://0.0.0.0:0",
+			"--listen-peer-urls", fmt.Sprintf("https://127.0.0.1:%d,https://127.0.0.1:%d", e2e.EtcdProcessBasePort+i, e2e.EtcdProcessBasePort+len(peers)+i),
+			"--initial-advertise-peer-urls", fmt.Sprintf("https://127.0.0.1:%d", e2e.EtcdProcessBasePort+i),
+			"--initial-cluster", ic,
+		}
+
+		var args []string
+		if i <= 1 {
+			args = []string{
+				"--peer-cert-file", e2e.CertPath,
+				"--peer-key-file", e2e.PrivateKeyPath,
+				"--peer-trusted-ca-file", e2e.CaPath,
+				"--peer-client-cert-auth",
+				"--peer-cert-allowed-hostname", "localhost",
+			}
+		} else {
+			args = []string{
+				"--peer-cert-file", e2e.CertPath2,
+				"--peer-key-file", e2e.PrivateKeyPath2,
+				"--peer-trusted-ca-file", e2e.CaPath,
+				"--peer-client-cert-auth",
+				"--peer-cert-allowed-hostname", "example2.com",
+			}
+		}
+
+		commonArgs = append(commonArgs, args...)
+
+		p, err := e2e.SpawnCmd(commonArgs, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		procs[i] = p
+	}
+
+	for i, p := range procs {
+		var expect []string
+		if i <= 1 {
+			expect = e2e.EtcdServerReadyLines
+		} else {
+			expect = []string{"client certificate authentication failed"}
+		}
+		if err := e2e.WaitReadyExpectProc(context.TODO(), p, expect); err != nil {
+			t.Fatal(err)
+		}
+	}
+}
 
 func TestGrpcproxyAndCommonName(t *testing.T) {
 	e2e.SkipInShortMode(t)