integration: test lease revoke routine with JWT token

https://github.com/coreos/etcd/pull/9698 wasn't really testing the panic code path when leases are expiry. Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
2024-09-27 06:25:44 +00:00 · 2018-05-24 11:07:37 -07:00 · 2018-05-24 11:07:37 -07:00 · a52f16d4a6
commit a52f16d4a6
parent 20cf7f4d5b
2 changed files with 24 additions and 2 deletions
--- a/integration/cluster.go
+++ b/integration/cluster.go
@ -107,6 +107,8 @@ var (
 		ClientCertAuth: true,
 	}

+	defaultTokenJWT = "jwt,pub-key=./fixtures/server.crt,priv-key=./fixtures/server.key.insecure,sign-method=RS256,ttl=1s"
+
 	lg = zap.NewNop()
 )

@ -123,6 +125,8 @@ type ClusterConfig struct {

 	DiscoveryURL string

+	AuthToken string
+
 	UseGRPC bool

 	QuotaBackendBytes int64
@ -272,6 +276,7 @@ func (c *cluster) mustNewMember(t *testing.T) *member {
 	m := mustNewMember(t,
 		memberConfig{
 			name:                     c.name(rand.Int()),
+			authToken:                c.cfg.AuthToken,
 			peerTLS:                  c.cfg.PeerTLS,
 			clientTLS:                c.cfg.ClientTLS,
 			quotaBackendBytes:        c.cfg.QuotaBackendBytes,
@ -557,6 +562,7 @@ type memberConfig struct {
 	name                     string
 	peerTLS                  *transport.TLSInfo
 	clientTLS                *transport.TLSInfo
+	authToken                string
 	quotaBackendBytes        int64
 	maxTxnOps                uint
 	maxRequestBytes          uint
@ -632,7 +638,13 @@ func mustNewMember(t *testing.T, mcfg memberConfig) *member {
 	if mcfg.snapshotCatchUpEntries != 0 {
 		m.SnapshotCatchUpEntries = mcfg.snapshotCatchUpEntries
 	}
-	m.AuthToken = "simple"              // for the purpose of integration testing, simple token is enough
+
+	// for the purpose of integration testing, simple token is enough
+	m.AuthToken = "simple"
+	if mcfg.authToken != "" {
+		m.AuthToken = mcfg.authToken
+	}
+
 	m.BcryptCost = uint(bcrypt.MinCost) // use min bcrypt cost to speedy up integration testing

 	m.grpcServerOpts = []grpc.ServerOption{}
--- a/integration/v3_auth_test.go
+++ b/integration/v3_auth_test.go
@ -109,9 +109,19 @@ func TestV3AuthRevision(t *testing.T) {
 // TestV3AuthWithLeaseRevokeWithRoot ensures that granted leases
 // with root user be revoked after TTL.
 func TestV3AuthWithLeaseRevokeWithRoot(t *testing.T) {
+	testV3AuthWithLeaseRevokeWithRoot(t, ClusterConfig{Size: 1})
+}
+
+// TestV3AuthWithLeaseRevokeWithRootJWT creates a lease with a JWT-token enabled cluster.
+// And tests if server is able to revoke expiry lease item.
+func TestV3AuthWithLeaseRevokeWithRootJWT(t *testing.T) {
+	testV3AuthWithLeaseRevokeWithRoot(t, ClusterConfig{Size: 1, AuthToken: defaultTokenJWT})
+}
+
+func testV3AuthWithLeaseRevokeWithRoot(t *testing.T, ccfg ClusterConfig) {
 	defer testutil.AfterTest(t)

-	clus := NewClusterV3(t, &ClusterConfig{Size: 1})
+	clus := NewClusterV3(t, &ccfg)
 	defer clus.Terminate(t)

 	api := toGRPC(clus.Client(0))