Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10141 from essamhassan/9734_improve_auth_coverage

Browse Source 
9734 improve auth coverage
This commit is contained in:
Gyuho Lee 2018-10-01 15:37:38 -07:00 committed by GitHub
commit 051b119cd3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 126 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
auth/range_perm_cache_test.go
View File

@ -59,3 +59,44 @@ func TestRangePermission(t *testing.T) {
}
}
}
func TestKeyPermission(t *testing.T) {
tests := []struct {
perms []adt.Interval
key []byte
want bool
}{
{
[]adt.Interval{adt.NewBytesAffineInterval([]byte("a"), []byte("c")), adt.NewBytesAffineInterval([]byte("x"), []byte("z"))},
[]byte("f"),
false,
},
{
[]adt.Interval{adt.NewBytesAffineInterval([]byte("a"), []byte("f")), adt.NewBytesAffineInterval([]byte("c"), []byte("d")), adt.NewBytesAffineInterval([]byte("f"), []byte("z"))},
[]byte("b"),
true,
},
{
[]adt.Interval{adt.NewBytesAffineInterval([]byte("a"), []byte("d")), adt.NewBytesAffineInterval([]byte("a"), []byte("b")), adt.NewBytesAffineInterval([]byte("c"), []byte("f"))},
[]byte("d"),
true,
},
{
[]adt.Interval{adt.NewBytesAffineInterval([]byte("a"), []byte("d")), adt.NewBytesAffineInterval([]byte("a"), []byte("b")), adt.NewBytesAffineInterval([]byte("c"), []byte("f"))},
[]byte("f"),
false,
},
}
for i, tt := range tests {
readPerms := &adt.IntervalTree{}
for _, p := range tt.perms {
readPerms.Insert(p, struct{}{})
}
result := checkKeyPoint(zap.NewExample(), &unifiedRangePermissions{readPerms: readPerms}, tt.key, authpb.READ)
if result != tt.want {
t.Errorf("#%d: result=%t, want=%t", i, result, tt.want)
}
}
}

85
auth/store_test.go
View File

@ -167,6 +167,18 @@ func TestUserAdd(t *testing.T) {
}
}
func TestRecover(t *testing.T) {
as, tearDown := setupAuthStore(t)
defer tearDown(t)
as.enabled = false
as.Recover(as.be)
if !as.IsAuthEnabled() {
t.Fatalf("expected auth enabled got disabled")
}
}
func TestCheckPassword(t *testing.T) {
as, tearDown := setupAuthStore(t)
defer tearDown(t)
@ -279,6 +291,73 @@ func TestUserGrant(t *testing.T) {
}
}
func TestHasRole(t *testing.T) {
as, tearDown := setupAuthStore(t)
defer tearDown(t)
// grants a role to the user
_, err := as.UserGrantRole(&pb.AuthUserGrantRoleRequest{User: "foo", Role: "role-test"})
if err != nil {
t.Fatal(err)
}
// checks role reflects correctly
hr := as.HasRole("foo", "role-test")
if !hr {
t.Fatal("expected role granted, got false")
}
// checks non existent role
hr = as.HasRole("foo", "non-existent-role")
if hr {
t.Fatal("expected role not found, got true")
}
// checks non existent user
hr = as.HasRole("nouser", "role-test")
if hr {
t.Fatal("expected user not found got true")
}
}
func TestIsOpPermitted(t *testing.T) {
as, tearDown := setupAuthStore(t)
defer tearDown(t)
// add new role
_, err := as.RoleAdd(&pb.AuthRoleAddRequest{Name: "role-test-1"})
if err != nil {
t.Fatal(err)
}
perm := &authpb.Permission{
PermType: authpb.WRITE,
Key: []byte("Keys"),
RangeEnd: []byte("RangeEnd"),
}
_, err = as.RoleGrantPermission(&pb.AuthRoleGrantPermissionRequest{
Name: "role-test-1",
Perm: perm,
})
if err != nil {
t.Fatal(err)
}
// grants a role to the user
_, err = as.UserGrantRole(&pb.AuthUserGrantRoleRequest{User: "foo", Role: "role-test-1"})
if err != nil {
t.Fatal(err)
}
// check permission reflected to user
err = as.isOpPermitted("foo", as.Revision(), perm.Key, perm.RangeEnd, perm.PermType)
if err != nil {
t.Fatal(err)
}
}
func TestGetUser(t *testing.T) {
as, tearDown := setupAuthStore(t)
defer tearDown(t)
@ -299,6 +378,12 @@ func TestGetUser(t *testing.T) {
if !reflect.DeepEqual(expected, u.Roles) {
t.Errorf("expected %v, got %v", expected, u.Roles)
}
// check non existent user
_, err = as.UserGet(&pb.AuthUserGetRequest{Name: "nouser"})
if err == nil {
t.Errorf("expected %v, got %v", ErrUserNotFound, err)
}
}
func TestListUsers(t *testing.T) {