diff --git a/e2e/ctl_v3_auth_test.go b/e2e/ctl_v3_auth_test.go index dee88c14b..a8a51b9c7 100644 --- a/e2e/ctl_v3_auth_test.go +++ b/e2e/ctl_v3_auth_test.go @@ -33,8 +33,9 @@ func TestCtlV3AuthMemberAdd(t *testing.T) { testCtl(t, authTestMemberA func TestCtlV3AuthMemberRemove(t *testing.T) { testCtl(t, authTestMemberRemove, withQuorum(), withNoStrictReconfig()) } -func TestCtlV3AuthMemberUpdate(t *testing.T) { testCtl(t, authTestMemberUpdate) } -func TestCtlV3AuthCertCN(t *testing.T) { testCtl(t, authTestCertCN, withCfg(configClientTLSCertAuth)) } +func TestCtlV3AuthMemberUpdate(t *testing.T) { testCtl(t, authTestMemberUpdate) } +func TestCtlV3AuthCertCN(t *testing.T) { testCtl(t, authTestCertCN, withCfg(configClientTLSCertAuth)) } +func TestCtlV3AuthRevokeWithDelete(t *testing.T) { testCtl(t, authTestRevokeWithDelete) } func authEnableTest(cx ctlCtx) { if err := authEnable(cx); err != nil { @@ -562,3 +563,38 @@ func authTestCertCN(cx ctlCtx) { cx.t.Fatal(err) } } + +func authTestRevokeWithDelete(cx ctlCtx) { + if err := authEnable(cx); err != nil { + cx.t.Fatal(err) + } + + cx.user, cx.pass = "root", "root" + authSetupTestUser(cx) + + // create a new role + cx.user, cx.pass = "root", "root" + if err := ctlV3Role(cx, []string{"add", "test-role2"}, "Role test-role2 created"); err != nil { + cx.t.Fatal(err) + } + + // grant the new role to the user + if err := ctlV3User(cx, []string{"grant-role", "test-user", "test-role2"}, "Role test-role2 is granted to user test-user", nil); err != nil { + cx.t.Fatal(err) + } + + // check the result + if err := ctlV3User(cx, []string{"get", "test-user"}, "Roles: test-role test-role2", nil); err != nil { + cx.t.Fatal(err) + } + + // delete the role, test-role2 must be revoked from test-user + if err := ctlV3Role(cx, []string{"delete", "test-role2"}, "Role test-role2 deleted"); err != nil { + cx.t.Fatal(err) + } + + // check the result + if err := ctlV3User(cx, []string{"get", "test-user"}, "Roles: test-role", nil); err != nil { + cx.t.Fatal(err) + } +}