Merge pull request #5748 from mitake/auth-disable

disabling auth in v3 API
2024-09-27 06:25:44 +00:00 · 2016-06-28 22:32:44 -07:00 · 2016-06-28 22:32:44 -07:00 · 8e9097d0c0
commit 8e9097d0c0
parent a4667cb863 745e1e2cf9
2 changed files with 43 additions and 0 deletions
--- a/auth/store.go
+++ b/auth/store.go
@ -184,6 +184,10 @@ func (as *authStore) AuthDisable() {
 	as.enabled = false
 	as.enabledMu.Unlock()

+	as.simpleTokensMu.Lock()
+	as.simpleTokens = make(map[string]string) // invalidate all tokens
+	as.simpleTokensMu.Unlock()
+
 	plog.Noticef("Authentication disabled")
 }

--- a/e2e/ctl_v3_auth_test.go
+++ b/e2e/ctl_v3_auth_test.go
@ -52,9 +52,44 @@ func ctlV3AuthEnable(cx ctlCtx) error {
 }

 func authDisableTest(cx ctlCtx) {
+	// a key that isn't granted to test-user
+	if err := ctlV3Put(cx, "hoo", "a", ""); err != nil {
+		cx.t.Fatal(err)
+	}
+
+	if err := authEnable(cx); err != nil {
+		cx.t.Fatal(err)
+	}
+
+	cx.user, cx.pass = "root", "root"
+	authSetupTestUser(cx)
+
+	// test-user doesn't have the permission, it must fail
+	cx.user, cx.pass = "test-user", "pass"
+	if err := ctlV3PutFailPerm(cx, "hoo", "bar"); err != nil {
+		cx.t.Fatal(err)
+	}
+
+	cx.user, cx.pass = "root", "root"
 	if err := ctlV3AuthDisable(cx); err != nil {
 		cx.t.Fatalf("authDisableTest ctlV3AuthDisable error (%v)", err)
 	}
+
+	// now auth fails unconditionally, note that failed RPC is Authenticate(), not Put()
+	cx.user, cx.pass = "test-user", "pass"
+	if err := ctlV3PutFailAuthDisabled(cx, "hoo", "bar"); err != nil {
+		cx.t.Fatal(err)
+	}
+
+	// now the key can be accessed
+	cx.user, cx.pass = "", ""
+	if err := ctlV3Put(cx, "hoo", "bar", ""); err != nil {
+		cx.t.Fatal(err)
+	}
+	// confirm put succeeded
+	if err := ctlV3Get(cx, []string{"hoo"}, []kv{{"hoo", "bar"}}...); err != nil {
+		cx.t.Fatal(err)
+	}
 }

 func ctlV3AuthDisable(cx ctlCtx) error {
@ -282,6 +317,10 @@ func ctlV3PutFailPerm(cx ctlCtx, key, val string) error {
 	return spawnWithExpect(append(cx.PrefixArgs(), "put", key, val), "permission denied")
 }

+func ctlV3PutFailAuthDisabled(cx ctlCtx, key, val string) error {
+	return spawnWithExpect(append(cx.PrefixArgs(), "put", key, val), "authentication is not enabled")
+}
+
 func ctlV3GetFailPerm(cx ctlCtx, key string) error {
 	return spawnWithExpect(append(cx.PrefixArgs(), "get", key), "permission denied")
 }