Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

e2e: add a test case of JWT token expiration

Browse Source
This commit is contained in:
Hitoshi Mitake 2017-10-11 11:50:10 +09:00
parent 8fd01f56d6
commit 2a54e32819
2 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
e2e/cluster_test.go
View File

@ -78,6 +78,11 @@ var (
initialToken: "new", initialToken: "new",
clientCertAuthEnabled: true, clientCertAuthEnabled: true,
} }
configJWT = etcdProcessClusterConfig{
clusterSize: 1,
initialToken: "new",
authTokenOpts: "jwt,pub-key=../integration/fixtures/server.crt,priv-key=../integration/fixtures/server.key.insecure,sign-method=RS256,ttl=1s",
}
) )
func configStandalone(cfg etcdProcessClusterConfig) *etcdProcessClusterConfig { func configStandalone(cfg etcdProcessClusterConfig) *etcdProcessClusterConfig {
@ -117,6 +122,7 @@ type etcdProcessClusterConfig struct {
quotaBackendBytes int64 quotaBackendBytes int64
noStrictReconfig bool noStrictReconfig bool
initialCorruptCheck bool initialCorruptCheck bool
authTokenOpts string
} }
// newEtcdProcessCluster launches a new cluster from etcd processes, returning // newEtcdProcessCluster launches a new cluster from etcd processes, returning
@ -238,6 +244,11 @@ func (cfg *etcdProcessClusterConfig) etcdServerProcessConfigs() []*etcdServerPro
} }
args = append(args, cfg.tlsArgs()...) args = append(args, cfg.tlsArgs()...)
if cfg.authTokenOpts != "" {
args = append(args, "--auth-token", cfg.authTokenOpts)
}
etcdCfgs[i] = &etcdServerProcessConfig{ etcdCfgs[i] = &etcdServerProcessConfig{
execPath: cfg.execPath, execPath: cfg.execPath,
args: args, args: args,

23
e2e/ctl_v3_auth_test.go
View File

@ -18,6 +18,7 @@ import (
"fmt" "fmt"
"os" "os"
"testing" "testing"
"time"
"github.com/coreos/etcd/clientv3" "github.com/coreos/etcd/clientv3"
) )
@ -58,6 +59,7 @@ func TestCtlV3AuthSnapshot(t *testing.T) { testCtl(t, authTestSnapshot) }
func TestCtlV3AuthCertCNAndUsername(t *testing.T) { func TestCtlV3AuthCertCNAndUsername(t *testing.T) {
testCtl(t, authTestCertCNAndUsername, withCfg(configClientTLSCertAuth)) testCtl(t, authTestCertCNAndUsername, withCfg(configClientTLSCertAuth))
} }
func TestCtlV3AuthJWTExpire(t *testing.T) { testCtl(t, authTestJWTExpire, withCfg(configJWT)) }
func authEnableTest(cx ctlCtx) { func authEnableTest(cx ctlCtx) {
if err := authEnable(cx); err != nil { if err := authEnable(cx); err != nil {
@ -1073,3 +1075,24 @@ func authTestCertCNAndUsername(cx ctlCtx) {
cx.t.Error(err) cx.t.Error(err)
} }
} }
func authTestJWTExpire(cx ctlCtx) {
if err := authEnable(cx); err != nil {
cx.t.Fatal(err)
}
cx.user, cx.pass = "root", "root"
authSetupTestUser(cx)
// try a granted key
if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
cx.t.Error(err)
}
// wait an expiration of my JWT token
<-time.After(3 * time.Second)
if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
cx.t.Error(err)
}
}