mirror of
https://github.com/etcd-io/etcd.git
synced 2024-09-27 06:25:44 +00:00
test: add test case to cover the CommonName based authentication
Refer to https://github.com/etcd-io/etcd/issues/14764 Signed-off-by: Benjamin Wang <wachao@vmware.com>
This commit is contained in:
parent
585054e448
commit
0c1901466f
@ -17,6 +17,7 @@ package e2e
|
|||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"path/filepath"
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
@ -97,6 +98,28 @@ func TestAuthCluster(t *testing.T) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func applyTLSWithRootCommonName() func() {
|
||||||
|
var (
|
||||||
|
oldCertPath = e2e.CertPath
|
||||||
|
oldPrivateKeyPath = e2e.PrivateKeyPath
|
||||||
|
oldCaPath = e2e.CaPath
|
||||||
|
|
||||||
|
newCertPath = filepath.Join(e2e.FixturesDir, "CommonName-root.crt")
|
||||||
|
newPrivateKeyPath = filepath.Join(e2e.FixturesDir, "CommonName-root.key")
|
||||||
|
newCaPath = filepath.Join(e2e.FixturesDir, "CommonName-root.crt")
|
||||||
|
)
|
||||||
|
|
||||||
|
e2e.CertPath = newCertPath
|
||||||
|
e2e.PrivateKeyPath = newPrivateKeyPath
|
||||||
|
e2e.CaPath = newCaPath
|
||||||
|
|
||||||
|
return func() {
|
||||||
|
e2e.CertPath = oldCertPath
|
||||||
|
e2e.PrivateKeyPath = oldPrivateKeyPath
|
||||||
|
e2e.CaPath = oldCaPath
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
func createUsers(ctx context.Context, t *testing.T, client *e2e.EtcdctlV3) {
|
func createUsers(ctx context.Context, t *testing.T, client *e2e.EtcdctlV3) {
|
||||||
if _, err := client.UserAdd(ctx, "root", "rootPassword", config.UserAddOptions{}); err != nil {
|
if _, err := client.UserAdd(ctx, "root", "rootPassword", config.UserAddOptions{}); err != nil {
|
||||||
t.Fatalf("could not add root user (%v)", err)
|
t.Fatalf("could not add root user (%v)", err)
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
// See the License for the specific language governing permissions and
|
// See the License for the specific language governing permissions and
|
||||||
// limitations under the License.
|
// limitations under the License.
|
||||||
|
|
||||||
// These tests depends on certificate-based authentication that is NOT supported
|
// These tests depend on certificate-based authentication that is NOT supported
|
||||||
// by gRPC proxy.
|
// by gRPC proxy.
|
||||||
//go:build !cluster_proxy
|
//go:build !cluster_proxy
|
||||||
// +build !cluster_proxy
|
// +build !cluster_proxy
|
||||||
@ -20,8 +20,13 @@
|
|||||||
package e2e
|
package e2e
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
|
"fmt"
|
||||||
|
"sync"
|
||||||
"testing"
|
"testing"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
"go.etcd.io/etcd/tests/v3/framework/config"
|
||||||
"go.etcd.io/etcd/tests/v3/framework/e2e"
|
"go.etcd.io/etcd/tests/v3/framework/e2e"
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -34,3 +39,105 @@ func TestCtlV3AuthCertCNAndUsername(t *testing.T) {
|
|||||||
func TestCtlV3AuthCertCNAndUsernameNoPassword(t *testing.T) {
|
func TestCtlV3AuthCertCNAndUsernameNoPassword(t *testing.T) {
|
||||||
testCtl(t, authTestCertCNAndUsernameNoPassword, withCfg(*e2e.NewConfigClientTLSCertAuth()))
|
testCtl(t, authTestCertCNAndUsernameNoPassword, withCfg(*e2e.NewConfigClientTLSCertAuth()))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestCtlV3AuthCertCNWithWithConcurrentOperation(t *testing.T) {
|
||||||
|
e2e.BeforeTest(t)
|
||||||
|
ctx, cancel := context.WithCancel(context.Background())
|
||||||
|
defer cancel()
|
||||||
|
|
||||||
|
// apply the certificate which has `root` CommonName,
|
||||||
|
// and reset the setting when the test case finishes.
|
||||||
|
// TODO(ahrtr): enhance the e2e test framework to support
|
||||||
|
// certificates with CommonName.
|
||||||
|
t.Log("Apply certificate with root CommonName")
|
||||||
|
resetCert := applyTLSWithRootCommonName()
|
||||||
|
defer resetCert()
|
||||||
|
|
||||||
|
t.Log("Create etcd cluster")
|
||||||
|
epc, err := e2e.NewEtcdProcessCluster(ctx, t,
|
||||||
|
e2e.WithClusterSize(1),
|
||||||
|
e2e.WithClientTLS(e2e.ClientTLS),
|
||||||
|
e2e.WithClientCertAuthEnabled(true),
|
||||||
|
)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("could not start etcd process cluster (%v)", err)
|
||||||
|
}
|
||||||
|
defer func() {
|
||||||
|
if err := epc.Close(); err != nil {
|
||||||
|
t.Fatalf("could not close test cluster (%v)", err)
|
||||||
|
}
|
||||||
|
}()
|
||||||
|
|
||||||
|
epcClient := epc.Client()
|
||||||
|
t.Log("Create users")
|
||||||
|
createUsers(ctx, t, epcClient)
|
||||||
|
|
||||||
|
t.Log("Enable auth")
|
||||||
|
if err := epcClient.AuthEnable(ctx); err != nil {
|
||||||
|
t.Fatalf("could not enable Auth: (%v)", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create two goroutines, one goroutine keeps creating & deleting users,
|
||||||
|
// and the other goroutine keeps writing & deleting K/V entries.
|
||||||
|
var wg sync.WaitGroup
|
||||||
|
wg.Add(2)
|
||||||
|
errs := make(chan error, 2)
|
||||||
|
donec := make(chan struct{})
|
||||||
|
|
||||||
|
// Create the first goroutine to create & delete users
|
||||||
|
t.Log("Create the first goroutine to create & delete users")
|
||||||
|
go func() {
|
||||||
|
defer wg.Done()
|
||||||
|
for i := 0; i < 100; i++ {
|
||||||
|
user := fmt.Sprintf("testuser-%d", i)
|
||||||
|
pass := fmt.Sprintf("testpass-%d", i)
|
||||||
|
if _, err := epcClient.UserAdd(ctx, user, pass, config.UserAddOptions{}); err != nil {
|
||||||
|
errs <- fmt.Errorf("failed to create user %q: %w", user, err)
|
||||||
|
break
|
||||||
|
}
|
||||||
|
|
||||||
|
if _, err := epcClient.UserDelete(ctx, user); err != nil {
|
||||||
|
errs <- fmt.Errorf("failed to delete user %q: %w", user, err)
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
t.Log("The first goroutine finished")
|
||||||
|
}()
|
||||||
|
|
||||||
|
// Create the second goroutine to write & delete K/V entries
|
||||||
|
t.Log("Create the second goroutine to write & delete K/V entries")
|
||||||
|
go func() {
|
||||||
|
defer wg.Done()
|
||||||
|
for i := 0; i < 100; i++ {
|
||||||
|
key := fmt.Sprintf("key-%d", i)
|
||||||
|
value := fmt.Sprintf("value-%d", i)
|
||||||
|
|
||||||
|
if err := epcClient.Put(ctx, key, value, config.PutOptions{}); err != nil {
|
||||||
|
errs <- fmt.Errorf("failed to put key %q: %w", key, err)
|
||||||
|
break
|
||||||
|
}
|
||||||
|
|
||||||
|
if _, err := epcClient.Delete(ctx, key, config.DeleteOptions{}); err != nil {
|
||||||
|
errs <- fmt.Errorf("failed to delete key %q: %w", key, err)
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
t.Log("The second goroutine finished")
|
||||||
|
}()
|
||||||
|
|
||||||
|
t.Log("Waiting for the two goroutines to complete")
|
||||||
|
go func() {
|
||||||
|
wg.Wait()
|
||||||
|
close(donec)
|
||||||
|
}()
|
||||||
|
|
||||||
|
t.Log("Waiting for test result")
|
||||||
|
select {
|
||||||
|
case err := <-errs:
|
||||||
|
t.Fatalf("Unexpected error: %v", err)
|
||||||
|
case <-donec:
|
||||||
|
t.Log("All done!")
|
||||||
|
case <-time.After(30 * time.Second):
|
||||||
|
t.Fatal("Test case timeout after 20 seconds")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user