test: add test case to cover the CommonName based authentication

Refer to https://github.com/etcd-io/etcd/issues/14764 Signed-off-by: Benjamin Wang <wachao@vmware.com>
2024-09-27 06:25:44 +00:00 · 2022-11-16 14:59:18 +08:00 · 2022-11-16 14:59:18 +08:00 · 0c1901466f
commit 0c1901466f
parent 585054e448
2 changed files with 131 additions and 1 deletions
--- a/tests/e2e/ctl_v3_auth_cluster_test.go
+++ b/tests/e2e/ctl_v3_auth_cluster_test.go
@ -17,6 +17,7 @@ package e2e
 import (
 	"context"
 	"fmt"
+	"path/filepath"
 	"testing"
 	"time"

@ -97,6 +98,28 @@ func TestAuthCluster(t *testing.T) {

 }

+func applyTLSWithRootCommonName() func() {
+	var (
+		oldCertPath       = e2e.CertPath
+		oldPrivateKeyPath = e2e.PrivateKeyPath
+		oldCaPath         = e2e.CaPath
+
+		newCertPath       = filepath.Join(e2e.FixturesDir, "CommonName-root.crt")
+		newPrivateKeyPath = filepath.Join(e2e.FixturesDir, "CommonName-root.key")
+		newCaPath         = filepath.Join(e2e.FixturesDir, "CommonName-root.crt")
+	)
+
+	e2e.CertPath = newCertPath
+	e2e.PrivateKeyPath = newPrivateKeyPath
+	e2e.CaPath = newCaPath
+
+	return func() {
+		e2e.CertPath = oldCertPath
+		e2e.PrivateKeyPath = oldPrivateKeyPath
+		e2e.CaPath = oldCaPath
+	}
+}
+
 func createUsers(ctx context.Context, t *testing.T, client *e2e.EtcdctlV3) {
 	if _, err := client.UserAdd(ctx, "root", "rootPassword", config.UserAddOptions{}); err != nil {
 		t.Fatalf("could not add root user (%v)", err)
--- a/tests/e2e/ctl_v3_auth_no_proxy_test.go
+++ b/tests/e2e/ctl_v3_auth_no_proxy_test.go
@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

-// These tests depends on certificate-based authentication that is NOT supported
+// These tests depend on certificate-based authentication that is NOT supported
 // by gRPC proxy.
 //go:build !cluster_proxy
 // +build !cluster_proxy
@ -20,8 +20,13 @@
 package e2e

 import (
+	"context"
+	"fmt"
+	"sync"
 	"testing"
+	"time"

+	"go.etcd.io/etcd/tests/v3/framework/config"
 	"go.etcd.io/etcd/tests/v3/framework/e2e"
 )

@ -34,3 +39,105 @@ func TestCtlV3AuthCertCNAndUsername(t *testing.T) {
 func TestCtlV3AuthCertCNAndUsernameNoPassword(t *testing.T) {
 	testCtl(t, authTestCertCNAndUsernameNoPassword, withCfg(*e2e.NewConfigClientTLSCertAuth()))
 }
+
+func TestCtlV3AuthCertCNWithWithConcurrentOperation(t *testing.T) {
+	e2e.BeforeTest(t)
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+
+	// apply the certificate which has `root` CommonName,
+	// and reset the setting when the test case finishes.
+	// TODO(ahrtr): enhance the e2e test framework to support
+	// certificates with CommonName.
+	t.Log("Apply certificate with root CommonName")
+	resetCert := applyTLSWithRootCommonName()
+	defer resetCert()
+
+	t.Log("Create etcd cluster")
+	epc, err := e2e.NewEtcdProcessCluster(ctx, t,
+		e2e.WithClusterSize(1),
+		e2e.WithClientTLS(e2e.ClientTLS),
+		e2e.WithClientCertAuthEnabled(true),
+	)
+	if err != nil {
+		t.Fatalf("could not start etcd process cluster (%v)", err)
+	}
+	defer func() {
+		if err := epc.Close(); err != nil {
+			t.Fatalf("could not close test cluster (%v)", err)
+		}
+	}()
+
+	epcClient := epc.Client()
+	t.Log("Create users")
+	createUsers(ctx, t, epcClient)
+
+	t.Log("Enable auth")
+	if err := epcClient.AuthEnable(ctx); err != nil {
+		t.Fatalf("could not enable Auth: (%v)", err)
+	}
+
+	// Create two goroutines, one goroutine keeps creating & deleting users,
+	// and the other goroutine keeps writing & deleting K/V entries.
+	var wg sync.WaitGroup
+	wg.Add(2)
+	errs := make(chan error, 2)
+	donec := make(chan struct{})
+
+	// Create the first goroutine to create & delete users
+	t.Log("Create the first goroutine to create & delete users")
+	go func() {
+		defer wg.Done()
+		for i := 0; i < 100; i++ {
+			user := fmt.Sprintf("testuser-%d", i)
+			pass := fmt.Sprintf("testpass-%d", i)
+			if _, err := epcClient.UserAdd(ctx, user, pass, config.UserAddOptions{}); err != nil {
+				errs <- fmt.Errorf("failed to create user %q: %w", user, err)
+				break
+			}
+
+			if _, err := epcClient.UserDelete(ctx, user); err != nil {
+				errs <- fmt.Errorf("failed to delete user %q: %w", user, err)
+				break
+			}
+		}
+		t.Log("The first goroutine finished")
+	}()
+
+	// Create the second goroutine to write & delete K/V entries
+	t.Log("Create the second goroutine to write & delete K/V entries")
+	go func() {
+		defer wg.Done()
+		for i := 0; i < 100; i++ {
+			key := fmt.Sprintf("key-%d", i)
+			value := fmt.Sprintf("value-%d", i)
+
+			if err := epcClient.Put(ctx, key, value, config.PutOptions{}); err != nil {
+				errs <- fmt.Errorf("failed to put key %q: %w", key, err)
+				break
+			}
+
+			if _, err := epcClient.Delete(ctx, key, config.DeleteOptions{}); err != nil {
+				errs <- fmt.Errorf("failed to delete key %q: %w", key, err)
+				break
+			}
+		}
+		t.Log("The second goroutine finished")
+	}()
+
+	t.Log("Waiting for the two goroutines to complete")
+	go func() {
+		wg.Wait()
+		close(donec)
+	}()
+
+	t.Log("Waiting for test result")
+	select {
+	case err := <-errs:
+		t.Fatalf("Unexpected error: %v", err)
+	case <-donec:
+		t.Log("All done!")
+	case <-time.After(30 * time.Second):
+		t.Fatal("Test case timeout after 20 seconds")
+	}
+}