From 6fe2249bcdd94bfd560b37ecb680937ec1f20ae1 Mon Sep 17 00:00:00 2001
From: Hitoshi Mitake <mitake.hitoshi@gmail.com>
Date: Wed, 21 Jun 2017 17:38:03 +0900
Subject: [PATCH] integration: add a test case for non authorized RPCs

This commit add a new test case which ensures that non authorized RPCs
failed with ErrUserEmpty. The case can happen in a schedule like
below:
1. create a cluster
2. create clients
3. enable authentication of the cluster
4. the clients issue RPCs

Fix https://github.com/coreos/etcd/issues/7770
---
 integration/v3_auth_test.go | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/integration/v3_auth_test.go b/integration/v3_auth_test.go
index 7ee8c0698..d0965a789 100644
--- a/integration/v3_auth_test.go
+++ b/integration/v3_auth_test.go
@@ -270,3 +270,25 @@ func authSetupRoot(t *testing.T, auth pb.AuthClient) {
 		t.Fatal(err)
 	}
 }
+
+func TestV3AuthNonAuthorizedRPCs(t *testing.T) {
+	defer testutil.AfterTest(t)
+	clus := NewClusterV3(t, &ClusterConfig{Size: 1})
+	defer clus.Terminate(t)
+
+	nonAuthedKV := clus.Client(0).KV
+
+	key := "foo"
+	val := "bar"
+	_, err := nonAuthedKV.Put(context.TODO(), key, val)
+	if err != nil {
+		t.Fatalf("couldn't put key (%v)", err)
+	}
+
+	authSetupRoot(t, toGRPC(clus.Client(0)).Auth)
+
+	respput, err := nonAuthedKV.Put(context.TODO(), key, val)
+	if !eqErrGRPC(err, rpctypes.ErrGRPCUserEmpty) {
+		t.Fatalf("could put key (%v), it should cause an error of permission denied", respput)
+	}
+}