Merge pull request #14648 from mitake/test-authrecover-3.5

[3.5] server: refresh auth info when etcd recovers from a snapshot
2024-09-27 06:25:44 +00:00 · 2022-10-29 13:43:42 +08:00 · 2022-10-29 13:43:42 +08:00 · 17cb291f15
commit 17cb291f15
parent 7cd9e5a338 1e96e0be38
2 changed files with 25 additions and 0 deletions
--- a/server/auth/store.go
+++ b/server/auth/store.go
@ -370,6 +370,7 @@ func (as *authStore) Recover(be backend.Backend) {
 	}

 	as.setRevision(getRevision(tx))
+	as.refreshRangePermCache(tx)

 	tx.Unlock()

--- a/server/auth/store_test.go
+++ b/server/auth/store_test.go
@ -189,6 +189,30 @@ func TestRecover(t *testing.T) {
 	}
 }

+func TestRecoverWithEmptyRangePermCache(t *testing.T) {
+	as, tearDown := setupAuthStore(t)
+	defer as.Close()
+	defer tearDown(t)
+
+	as.enabled = false
+	as.rangePermCache = map[string]*unifiedRangePermissions{}
+	as.Recover(as.be)
+
+	if !as.IsAuthEnabled() {
+		t.Fatalf("expected auth enabled got disabled")
+	}
+
+	if len(as.rangePermCache) != 2 {
+		t.Fatalf("rangePermCache should have permission information for 2 users (\"root\" and \"foo\"), but has %d information", len(as.rangePermCache))
+	}
+	if _, ok := as.rangePermCache["root"]; !ok {
+		t.Fatal("user \"root\" should be created by setupAuthStore() but doesn't exist in rangePermCache")
+	}
+	if _, ok := as.rangePermCache["foo"]; !ok {
+		t.Fatal("user \"foo\" should be created by setupAuthStore() but doesn't exist in rangePermCache")
+	}
+}
+
 func TestCheckPassword(t *testing.T) {
 	as, tearDown := setupAuthStore(t)
 	defer tearDown(t)