mirror of
https://github.com/etcd-io/etcd.git
synced 2024-09-27 06:25:44 +00:00
e2e: add a test case for the --open-ended option
This commit is contained in:
Hitoshi Mitake
parent
0a7fc7cd34
commit
a204b14503
@ -37,6 +37,7 @@ func TestCtlV3AuthMemberUpdate(t *testing.T) { testCtl(t, authTestMemberUpda
|
||||
func TestCtlV3AuthCertCN(t *testing.T) { testCtl(t, authTestCertCN, withCfg(configClientTLSCertAuth)) }
|
||||
func TestCtlV3AuthRevokeWithDelete(t *testing.T) { testCtl(t, authTestRevokeWithDelete) }
|
||||
func TestCtlV3AuthInvalidMgmt(t *testing.T) { testCtl(t, authTestInvalidMgmt) }
|
||||
func TestCtlV3AuthFromKeyPerm(t *testing.T) { testCtl(t, authTestFromKeyPerm) }
|
||||
|
||||
func authEnableTest(cx ctlCtx) {
|
||||
if err := authEnable(cx); err != nil {
|
||||
@ -199,7 +200,7 @@ func authRoleUpdateTest(cx ctlCtx) {
|
||||
|
||||
// revoke the newly granted key
|
||||
cx.user, cx.pass = "root", "root"
|
||||
if err := ctlV3RoleRevokePermission(cx, "test-role", "hoo", ""); err != nil {
|
||||
if err := ctlV3RoleRevokePermission(cx, "test-role", "hoo", "", false); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
|
||||
@ -613,3 +614,54 @@ func authTestInvalidMgmt(cx ctlCtx) {
|
||||
cx.t.Fatal("revoking the role root from the user root must not be allowed")
|
||||
}
|
||||
}
|
||||
|
||||
func authTestFromKeyPerm(cx ctlCtx) {
|
||||
if err := authEnable(cx); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
|
||||
cx.user, cx.pass = "root", "root"
|
||||
authSetupTestUser(cx)
|
||||
|
||||
// grant keys after z to test-user
|
||||
cx.user, cx.pass = "root", "root"
|
||||
if err := ctlV3RoleGrantPermission(cx, "test-role", grantingPerm{true, true, "z", "\x00", false}); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
|
||||
// try the granted open ended permission
|
||||
cx.user, cx.pass = "test-user", "pass"
|
||||
for i := 0; i < 10; i++ {
|
||||
key := fmt.Sprintf("z%d", i)
|
||||
if err := ctlV3Put(cx, key, "val", ""); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
}
|
||||
largeKey := ""
|
||||
for i := 0; i < 10; i++ {
|
||||
largeKey += "\xff"
|
||||
if err := ctlV3Put(cx, largeKey, "val", ""); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
}
|
||||
|
||||
// try a non granted key
|
||||
if err := ctlV3PutFailPerm(cx, "x", "baz"); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
|
||||
// revoke the open ended permission
|
||||
cx.user, cx.pass = "root", "root"
|
||||
if err := ctlV3RoleRevokePermission(cx, "test-role", "z", "", true); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
|
||||
// try the revoked open ended permission
|
||||
cx.user, cx.pass = "test-user", "pass"
|
||||
for i := 0; i < 10; i++ {
|
||||
key := fmt.Sprintf("z%d", i)
|
||||
if err := ctlV3PutFailPerm(cx, key, "val"); err != nil {
|
||||
cx.t.Fatal(err)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -103,7 +103,10 @@ func ctlV3RoleGrantPermission(cx ctlCtx, rolename string, perm grantingPerm) err
|
||||
cmdArgs := append(cx.PrefixArgs(), "role", "grant-permission")
|
||||
if perm.prefix {
|
||||
cmdArgs = append(cmdArgs, "--prefix")
|
||||
} else if len(perm.rangeEnd) == 1 && perm.rangeEnd[0] == '\x00' {
|
||||
cmdArgs = append(cmdArgs, "--from-key")
|
||||
}
|
||||
|
||||
cmdArgs = append(cmdArgs, rolename)
|
||||
cmdArgs = append(cmdArgs, grantingPermToArgs(perm)...)
|
||||
|
||||
@ -117,12 +120,19 @@ func ctlV3RoleGrantPermission(cx ctlCtx, rolename string, perm grantingPerm) err
|
||||
return err
|
||||
}
|
||||
|
||||
func ctlV3RoleRevokePermission(cx ctlCtx, rolename string, key, rangeEnd string) error {
|
||||
func ctlV3RoleRevokePermission(cx ctlCtx, rolename string, key, rangeEnd string, fromKey bool) error {
|
||||
cmdArgs := append(cx.PrefixArgs(), "role", "revoke-permission")
|
||||
cmdArgs = append(cmdArgs, rolename)
|
||||
cmdArgs = append(cmdArgs, key)
|
||||
expStr := ""
|
||||
if len(rangeEnd) != 0 {
|
||||
cmdArgs = append(cmdArgs, rangeEnd)
|
||||
expStr = fmt.Sprintf("Permission of range [%s, %s) is revoked from role %s", key, rangeEnd, rolename)
|
||||
} else if fromKey {
|
||||
cmdArgs = append(cmdArgs, "--from-key")
|
||||
expStr = fmt.Sprintf("Permission of range [%s, <open ended> is revoked from role %s", key, rolename)
|
||||
} else {
|
||||
expStr = fmt.Sprintf("Permission of key %s is revoked from role %s", key, rolename)
|
||||
}
|
||||
|
||||
proc, err := spawnCmd(cmdArgs)
|
||||
@ -130,7 +140,6 @@ func ctlV3RoleRevokePermission(cx ctlCtx, rolename string, key, rangeEnd string)
|
||||
return err
|
||||
}
|
||||
|
||||
expStr := fmt.Sprintf("Permission of key %s is revoked from role %s", key, rolename)
|
||||
_, err = proc.Expect(expStr)
|
||||
return err
|
||||
}
|
||||
@ -161,5 +170,10 @@ func grantingPermToArgs(perm grantingPerm) []string {
|
||||
if len(perm.rangeEnd) == 0 {
|
||||
return []string{permstr, perm.key}
|
||||
}
|
||||
|
||||
if len(perm.rangeEnd) == 1 && perm.rangeEnd[0] == '\x00' {
|
||||
return []string{permstr, perm.key}
|
||||
}
|
||||
|
||||
return []string{permstr, perm.key, perm.rangeEnd}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user